| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Computer manchmal extrem langsam, "Server ist ausgelastet"-MeldungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.07.2013, 20:38
| #1 |
| |  Computer manchmal extrem langsam, "Server ist ausgelastet"-Meldung Halllo zusammen, seit einige Zeit verhält sich meinem Rechner merkwürdig. Beim starten ist er manchmal (aber nicht immer) extrem langsam und ein Fehlermeldung "Server ist ausgelastet" kommt sehr häufig vor. In Betrieb kann man den Rechner dann sehr schwer bedienen da Applikationen (z.B. IE, Thunderbird) sich dauern hängt. Task Manager zeigt keine Prozesse die besonders viel Prozessorkraft beansprucht. Beim lesen andere ähnliche Threads fürchte ich dass es sich um einen Trojaner handelt. Ich habe defogger ausgeführt da Daemon Tools Lite installiert ist OTL ist durchgeführt, allerdings wird nur der OTL.txt generiert. Hier das Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.07.2013 20:45:02 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,32% Memory free 7,98 Gb Paging File | 6,69 Gb Available in Paging File | 83,89% Paging File free Paging file location(s): c:\pagefile.sys 5200 8200 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 222,72 Gb Total Space | 1,34 Gb Free Space | 0,60% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 208,31 Gb Free Space | 89,45% Space Free | Partition Type: NTFS Drive E: | 10,00 Gb Total Space | 4,58 Gb Free Space | 45,83% Space Free | Partition Type: NTFS Computer Name: PUNGOPANGO | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.12 19:59:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2013.07.10 03:56:22 | 000,559,016 | ---- | M] (Valve Corporation) -- C:\Programme\Common Files\Steam\SteamService.exe PRC - [2013.07.10 03:56:20 | 001,672,616 | ---- | M] (Valve Corporation) -- C:\Programme\Steam\Steam.exe PRC - [2013.06.13 22:16:35 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe PRC - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.08.08 22:52:24 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.11.10 05:11:50 | 000,417,792 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2011.11.10 05:11:20 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.10.20 16:24:46 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Programme\Dell\MediaDirect\PCMService.exe PRC - [2008.09.23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe PRC - [2008.08.25 13:26:04 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe PRC - [2008.08.25 13:25:54 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe PRC - [2008.08.25 13:25:54 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe PRC - [2008.08.25 13:25:52 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe PRC - [2008.08.25 12:31:40 | 000,442,460 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2008.08.25 12:31:34 | 000,225,362 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\stacsv.exe PRC - [2008.08.25 12:31:22 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\AEstSrv.exe PRC - [2008.06.03 16:54:56 | 000,446,635 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Dell Webcam\Dell Webcam Central\WebcamDell.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe ========== Modules (No Company Name) ========== MOD - [2013.07.10 03:56:22 | 001,121,704 | ---- | M] () -- C:\Programme\Steam\bin\chromehtml.dll MOD - [2013.07.09 23:45:48 | 020,625,832 | ---- | M] () -- C:\Programme\Steam\bin\libcef.dll MOD - [2013.07.01 18:20:48 | 000,652,800 | ---- | M] () -- C:\Programme\Steam\SDL2.dll MOD - [2013.06.15 01:49:12 | 001,100,800 | ---- | M] () -- C:\Programme\Steam\bin\avcodec-53.dll MOD - [2013.06.15 01:49:12 | 000,192,000 | ---- | M] () -- C:\Programme\Steam\bin\avformat-53.dll MOD - [2013.06.15 01:49:12 | 000,124,416 | ---- | M] () -- C:\Programme\Steam\bin\avutil-51.dll MOD - [2013.06.06 07:47:03 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll MOD - [2013.03.02 15:22:24 | 011,820,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll MOD - [2013.01.10 09:15:39 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9b2eef59d0cfc5aff182d0951de5f040\Accessibility.ni.dll MOD - [2013.01.10 09:15:37 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 00:00:41 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll MOD - [2013.01.09 23:59:54 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll MOD - [2013.01.09 23:58:01 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013.01.09 23:57:37 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2011.11.10 04:11:06 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009.08.23 19:58:06 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.02.03 17:31:39 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3106.38494__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2009.02.03 17:31:25 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3091.17968__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2009.02.03 17:31:25 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3091.17961__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2009.02.03 17:31:25 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3091.17980__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2009.02.03 17:31:23 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3091.17957__90ba9c70f846762e\CLI.Foundation.dll MOD - [2009.02.03 17:31:23 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3091.17970__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2009.02.03 17:31:23 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2009.02.03 17:31:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3091.17954__90ba9c70f846762e\LOG.Foundation.dll MOD - [2009.02.03 17:31:23 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3091.17956__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2009.02.03 17:31:23 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3091.18035__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2009.02.03 17:31:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3091.17981__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2009.02.03 17:31:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3091.17970__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2009.02.03 17:31:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3091.17968__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2009.02.03 17:31:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3091.17961__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2009.02.03 17:31:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3091.17977__90ba9c70f846762e\MOM.Foundation.dll MOD - [2009.02.03 17:31:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3091.17980__90ba9c70f846762e\DEM.OS.dll MOD - [2009.02.03 17:31:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3091.17981__90ba9c70f846762e\DEM.Graphics.dll MOD - [2009.02.03 17:31:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2009.02.03 17:31:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3091.17967__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2009.02.03 17:31:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3091.18004__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2009.02.03 17:31:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3091.18004__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2009.02.03 17:31:22 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2009.02.03 17:31:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3091.17968__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2009.02.03 17:31:19 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3106.38822__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2009.02.03 17:31:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3091.17963__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2009.02.03 17:31:19 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2009.02.03 17:31:19 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2009.02.03 17:31:19 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3106.38837__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll MOD - [2009.02.03 17:31:19 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory.resources\2.0.3106.38488_de_90ba9c70f846762e\CLI.Component.SkinFactory.resources.dll MOD - [2009.02.03 17:31:18 | 000,995,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3106.38503__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2009.02.03 17:31:18 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3106.38526__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2009.02.03 17:31:18 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3106.38785__90ba9c70f846762e\MOM.Implementation.dll MOD - [2009.02.03 17:31:18 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3106.38486__90ba9c70f846762e\ATIDEMOS.dll MOD - [2009.02.03 17:31:18 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3106.38782__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2009.02.03 17:31:18 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3106.38488__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2009.02.03 17:31:18 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3106.38485__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2009.02.03 17:31:18 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3091.17979__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2009.02.03 17:31:18 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3091.17961__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2009.02.03 17:31:18 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3091.17970__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2009.02.03 17:31:18 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3091.17965__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2009.02.03 17:31:18 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2009.02.03 17:31:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3106.38784__90ba9c70f846762e\CCC.Implementation.dll MOD - [2009.02.03 17:31:18 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3091.17978__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2009.02.03 17:31:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3091.17977__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2009.02.03 17:31:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3091.17977__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2009.02.03 17:31:17 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3106.38484__90ba9c70f846762e\AEM.Server.dll ========== Services (SafeList) ========== SRV - [2013.07.10 03:56:22 | 000,559,016 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.06.30 18:28:31 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.06.13 22:16:36 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.11.10 05:11:20 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.02.03 17:44:06 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2008.11.11 10:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.09.23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2008.08.25 12:31:34 | 000,225,362 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\stacsv.exe -- (STacSV) SRV - [2008.08.25 12:31:22 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\AEstSrv.exe -- (AESTFilters) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\***\AppData\Local\Temp\uxlcipod.sys -- (uxlcipod) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.11.10 05:44:12 | 008,913,920 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2011.11.10 05:44:12 | 008,913,920 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2011.11.10 05:44:12 | 008,913,920 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2011.11.10 04:12:20 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.08 18:06:00 | 000,280,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid) DRV - [2009.03.06 08:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd) DRV - [2008.10.20 16:24:46 | 000,087,536 | ---- | M] (CyberLink Corp.) [2013/02/23 16:20:26] [Kernel | Auto | Running] -- C:\Programme\Dell\MediaDirect\000.fcl -- ({2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7}) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.08.25 13:25:52 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008.08.25 12:37:44 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) DRV - [2008.08.25 12:35:24 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir) DRV - [2008.08.25 12:31:44 | 000,382,976 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2008.07.16 13:46:52 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2008.07.16 13:46:50 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2008.07.16 13:46:48 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2008.07.04 07:35:48 | 003,663,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.01.21 04:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2) DRV - [2008.01.21 04:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - C:\Programme\entrusted\prxtbentr.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=1090203 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - C:\Programme\entrusted\prxtbentr.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7DADE_deDE313&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files\Personal\bin\np_prsnl.dll (Technology Nexus AB) FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.06.30 18:28:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.06.30 18:28:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.11.20 00:04:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.11.20 00:04:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Skype Click to Call = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (entrusted Toolbar) - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - C:\Programme\entrusted\prxtbentr.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (entrusted Toolbar) - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - C:\Programme\entrusted\prxtbentr.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe File not found O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BrowserPlugInHelper] C:\Program Files\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe File not found O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter File not found O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk = C:\Programme\WISO\Steuersoftware 2013\mshaktuell.exe () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre7\bin\jp2iexp.dll () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40A2C32D-57BF-4D26-95BB-6FC2E6A0F9B8}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{69ad46fd-5fa0-11e0-966c-002219dd5abf}\Shell - "" = AutoRun O33 - MountPoints2\{69ad46fd-5fa0-11e0-966c-002219dd5abf}\Shell\AutoRun\command - "" = H:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.07.07 17:49:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.07.07 17:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.07.07 17:49:02 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.07.07 17:49:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.07.07 17:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.07.07 17:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.07.07 17:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.06.30 23:23:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Chromium [2013.06.30 23:21:41 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2013.06.30 23:21:40 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Catan [2013.06.30 23:20:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Catan [2013.06.30 23:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USM [2013.06.30 23:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\USM [2013.06.30 23:13:36 | 000,000,000 | ---D | C] -- C:\Program Files\GtkSharp [2013.06.30 22:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2013.06.30 22:33:16 | 000,000,000 | ---D | C] -- C:\Program Files\entrusted [2013.06.30 22:33:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Conduit [2013.06.30 22:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2013.06.30 18:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2009.07.27 20:47:14 | 008,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\***\AppData\Roaming\DataSafeDotNet.exe ========== Files - Modified Within 30 Days ========== [2013.07.12 20:48:03 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.12 20:21:09 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.12 20:21:00 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.12 20:20:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.12 20:20:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.12 20:20:46 | 3215,867,904 | -HS- | M] () -- C:\hiberfil.sys [2013.07.12 20:19:38 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.07.12 20:15:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.12 20:02:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job [2013.07.12 19:49:05 | 000,000,176 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.07.07 17:49:03 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.07 17:22:56 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.07.07 12:38:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2013.07.04 22:30:47 | 000,671,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.07.04 22:30:47 | 000,631,856 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.07.04 22:30:47 | 000,144,302 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.07.04 22:30:47 | 000,118,482 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.07.02 01:29:56 | 000,001,016 | ---- | M] () -- C:\Users\***\Desktop\Catan.lnk [2013.06.30 22:33:29 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2013.06.30 22:32:38 | 000,000,009 | ---- | M] () -- C:\END ========== Files Created - No Company Name ========== [2013.07.12 19:48:47 | 000,000,176 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.07.07 17:49:03 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.07 17:22:56 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.07.02 01:29:56 | 000,001,016 | ---- | C] () -- C:\Users\***\Desktop\Catan.lnk [2013.06.30 22:33:29 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2013.06.30 22:32:38 | 000,000,009 | ---- | C] () -- C:\END [2013.04.01 21:39:01 | 000,017,803 | ---- | C] () -- C:\Users\***\gk-haftpflicht-Versicherung.odt [2013.03.16 21:46:05 | 000,153,088 | ---- | C] () -- C:\Windows\System32\AiCM32.dll [2013.03.16 11:44:32 | 000,011,375 | ---- | C] () -- C:\Users\***\Schema.ods [2013.03.10 21:31:11 | 000,004,085 | ---- | C] () -- C:\Users\***\***_backup.bpr [2012.08.20 21:43:55 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2011.11.09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll [2011.11.09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2011.10.21 21:30:14 | 000,243,168 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2010.10.24 21:59:39 | 000,019,911 | ---- | C] () -- C:\Users\***\andy_sekg2009.elfo [2010.10.24 17:44:49 | 000,114,293 | ---- | C] () -- C:\Users\***\jola_sekg2009.elfo [2010.10.24 16:32:16 | 000,182,652 | ---- | C] () -- C:\Users\***\sekg2009.elfo [2009.02.15 15:36:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2009.02.06 00:20:10 | 000,000,026 | ---- | C] () -- C:\Users\***\JBBLaunch.conf [2009.02.05 23:31:29 | 000,073,216 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.02.05 21:33:47 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.07.30 23:27:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\2K Games [2013.03.16 21:47:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Aimersoft Video Converter Ultimate [2011.10.08 11:03:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service [2009.02.20 21:57:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools [2013.07.07 17:26:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2009.02.20 21:57:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro [2013.07.02 22:24:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2011.10.26 19:39:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular [2011.06.12 21:49:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2011.08.06 21:17:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo [2013.05.26 17:13:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn [2013.07.07 17:26:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda [2009.02.21 13:13:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia [2013.06.30 22:31:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy [2009.02.07 22:47:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2009.02.15 10:48:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2009.04.19 20:07:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Personal [2011.04.03 02:03:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PKWARE [2013.06.09 09:24:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PlayCatanClient [2012.01.16 22:40:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2011.04.10 15:45:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sports Interactive [2010.11.20 00:04:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2010.04.04 18:18:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent [2013.03.16 21:47:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} ========== Purity Check ========== < End of report > gmer.exe (als Administrator durchgeführt) stoppt mit einer Fehlermeldung, einmal sogar mit Blue Screen. Für jede Hilfe bin ich dankbar |
|
12.07.2013, 20:41
| #2 |
| /// the machine /// TB-Ausbilder    | Computer manchmal extrem langsam, "Server ist ausgelastet"-Meldung hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
12.07.2013, 22:36
| #3 |
| | Computer manchmal extrem langsam, "Server ist ausgelastet"-Meldung Danke für die schnelle Antwort!
__________________Anbei der log von FRST FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2013 02
Ran by *** (administrator) on 12-07-2013 21:46:38
Running from C:\Users\***\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [200704 2008-08-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [StartCCC] - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Google Desktop Search] - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2010-08-11] (Google)
HKLM\...\Run: [Dell Webcam Central] - "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2 [446635 2008-06-03] (Creative Technology Ltd.)
HKLM\...\Run: [PCMService] - "C:\Program Files\Dell\MediaDirect\PCMService.exe" [132392 2008-10-20] (CyberLink Corp.)
HKLM\...\Run: [dellsupportcenter] - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [x]
HKLM\...\Run: [SysTrayApp] - %ProgramFiles%\IDT\WDM\sttray.exe [442460 2008-08-25] (IDT, Inc.)
HKLM\...\Run: [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Aimersoft Helper Compact.exe] - C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [x]
HKLM\...\Run: [BrowserPlugInHelper] - C:\Program Files\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe [x]
HKLM\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [X]
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-02-03] (Google Inc.)
HKCU\...\Run: [Steam] - "C:\Program Files\Steam\steam.exe" -silent [1672616 2013-07-10] (Valve Corporation)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
MountPoints2: {69ad46fd-5fa0-11e0-966c-002219dd5abf} - H:\autorun.exe
HKU\Jola\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Jola\...\Run: [Skype] - "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized [ 2013-04-19] (Skype Technologies S.A.)
HKU\Jola\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-21] (Microsoft Corporation)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2013\mshaktuell.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Jola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=1090203
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
URLSearchHook: entrusted Toolbar - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - C:\Program Files\entrusted\prxtbentr.dll (Conduit Ltd.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: entrusted Toolbar - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - C:\Program Files\entrusted\prxtbentr.dll (Conduit Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - entrusted Toolbar - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - C:\Program Files\entrusted\prxtbentr.dll (Conduit Ltd.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\25.0.1364.172\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll (Skype Technologies S.A.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U33) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.330.5) - C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Nexus Personal) - C:\Program Files\Personal\bin\np_prsnl.dll (Technology Nexus AB)
CHR Plugin: (D'Fusion @Home Web Plug-In (3.00.13687)) - C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Skype Click to Call) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0
========================== Services (Whitelisted) =================
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe [73728 2008-08-25] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-02] (Avira Operations GmbH & Co. KG)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-11] (Google)
S2 gupdate1c9fc10500a88bf; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-07-03] (Google Inc.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe [225362 2008-08-25] (IDT, Inc.)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-04-25] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-04-27] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2012-04-16] (Avira GmbH)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2008-08-25] (ITE Tech. Inc. )
R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [280096 2009-03-08] (Creative Technology Ltd.)
S3 R300; C:\Windows\System32\DRIVERS\atikmdag.sys [8913920 2011-11-10] (Advanced Micro Devices, Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-06-30] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] ()
R2 {2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7}; C:\Program Files\Dell\MediaDirect\000.fcl [87536 2008-10-20] (CyberLink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-12 21:45 - 2013-07-12 21:45 - 00000000 ____D C:\FRST
2013-07-12 21:44 - 2013-07-12 21:44 - 01218364 _____ (Farbar) C:\Users\***\Downloads\FRST.exe
2013-07-12 21:03 - 2013-07-12 21:03 - 344841756 _____ C:\Windows\MEMORY.DMP
2013-07-12 21:03 - 2013-07-12 21:03 - 00139400 _____ C:\Windows\Minidump\Mini071213-01.dmp
2013-07-12 20:44 - 2013-07-12 20:44 - 00000528 _____ C:\Users\***\Downloads\defogger_disable.log
2013-07-12 20:19 - 2013-07-12 20:19 - 00377856 _____ C:\Users\***\Downloads\gmer_2.1.19163.exe
2013-07-12 20:13 - 2013-07-12 20:53 - 00088958 _____ C:\Users\***\Desktop\OTL.Txt
2013-07-12 20:13 - 2013-07-12 20:17 - 00067132 _____ C:\Users\***\Desktop\Extras.Txt
2013-07-12 20:12 - 2013-07-12 20:12 - 00067228 _____ C:\Users\***\Downloads\Extras.Txt
2013-07-12 20:11 - 2013-07-12 21:21 - 00087742 _____ C:\Users\***\Downloads\OTL.Txt
2013-07-12 19:59 - 2013-07-12 19:59 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL.exe
2013-07-12 19:59 - 2013-07-12 19:59 - 00050477 _____ C:\Users\***\Downloads\Defogger.exe
2013-07-12 19:48 - 2013-07-12 19:49 - 00000656 _____ C:\Users\***\Desktop\defogger_disable.log
2013-07-12 19:48 - 2013-07-12 19:49 - 00000176 _____ C:\Users\***\defogger_reenable
2013-07-07 17:49 - 2013-07-07 17:49 - 00000908 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-07 17:49 - 2013-07-07 17:49 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-07-07 17:49 - 2013-07-07 17:49 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-07-07 17:49 - 2013-07-07 17:49 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-07 17:49 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-07 17:48 - 2013-07-07 17:48 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-07 17:22 - 2013-07-07 17:22 - 04396440 _____ (Piriform Ltd) C:\Users\***\Downloads\ccsetup403.exe
2013-07-07 17:22 - 2013-07-07 17:22 - 00000806 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-07 17:22 - 2013-07-07 17:22 - 00000000 ____D C:\Program Files\CCleaner
2013-07-02 01:29 - 2013-07-02 01:29 - 00001016 _____ C:\Users\***\Desktop\Catan.lnk
2013-06-30 23:23 - 2013-06-30 23:23 - 00000000 ____D C:\Users\***\AppData\Local\Chromium
2013-06-30 23:21 - 2013-06-30 23:23 - 00000000 ____D C:\Users\***\Documents\Catan
2013-06-30 23:21 - 2013-06-30 23:21 - 00000000 ____D C:\Users\All Users\boost_interprocess
2013-06-30 23:20 - 2013-07-01 22:38 - 00000000 ____D C:\Users\***\AppData\Local\Catan
2013-06-30 23:18 - 2013-06-30 23:18 - 00000000 ____D C:\Program Files\USM
2013-06-30 23:13 - 2013-06-30 23:13 - 00000000 ____D C:\Program Files\GtkSharp
2013-06-30 22:50 - 2013-06-30 22:50 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-06-30 22:33 - 2013-06-30 22:33 - 00001737 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-06-30 22:33 - 2013-06-30 22:33 - 00000000 ____D C:\Users\***\AppData\Local\Conduit
2013-06-30 22:33 - 2013-06-30 22:33 - 00000000 ____D C:\Program Files\entrusted
2013-06-30 22:32 - 2013-06-30 22:32 - 00000009 _____ C:\END
2013-06-30 22:29 - 2013-06-30 22:30 - 13901152 _____ (Disc Soft Ltd) C:\Users\***\Downloads\DTLite4471-0333.exe
2013-06-30 18:28 - 2013-07-01 12:42 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-06-29 20:26 - 2013-05-17 01:08 - 12329984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-06-29 20:26 - 2013-05-17 00:49 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-06-29 20:26 - 2013-05-17 00:39 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-06-29 20:26 - 2013-05-17 00:28 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-06-29 20:26 - 2013-05-17 00:28 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-06-29 20:26 - 2013-05-17 00:27 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-06-29 20:26 - 2013-05-17 00:26 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-06-29 20:26 - 2013-05-17 00:23 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-06-29 20:26 - 2013-05-17 00:21 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-06-29 20:26 - 2013-05-17 00:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-06-29 20:26 - 2013-05-17 00:20 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-06-29 20:26 - 2013-05-17 00:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-06-29 20:26 - 2013-05-17 00:17 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-06-29 20:26 - 2013-05-17 00:17 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-06-29 20:26 - 2013-05-17 00:16 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-06-29 20:26 - 2013-05-17 00:12 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-06-29 20:19 - 2013-04-24 06:00 - 00985600 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-06-29 20:19 - 2013-04-24 06:00 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-06-29 20:19 - 2013-04-24 06:00 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-06-29 20:19 - 2013-04-24 06:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-06-29 20:19 - 2013-04-24 03:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-06-29 20:18 - 2013-05-08 06:37 - 00905576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-06-29 20:18 - 2013-05-02 06:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-06-29 20:18 - 2013-05-02 06:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll
2013-06-29 20:17 - 2013-05-03 00:03 - 03603832 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-06-29 20:17 - 2013-05-03 00:03 - 03551096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-06-29 19:39 - 2013-06-29 19:38 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-29 19:39 - 2013-06-29 19:38 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-06-29 19:39 - 2013-06-29 19:38 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-06-29 19:39 - 2013-06-29 19:38 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
==================== One Month Modified Files and Folders =======
2013-07-12 21:45 - 2013-07-12 21:45 - 00000000 ____D C:\FRST
2013-07-12 21:44 - 2013-07-12 21:44 - 01218364 _____ (Farbar) C:\Users\***\Downloads\FRST.exe
2013-07-12 21:44 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-12 21:44 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-12 21:33 - 2009-02-03 18:07 - 01890335 _____ C:\Windows\WindowsUpdate.log
2013-07-12 21:21 - 2013-07-12 20:11 - 00087742 _____ C:\Users\***\Downloads\OTL.Txt
2013-07-12 21:15 - 2012-04-06 18:58 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-12 21:07 - 2012-01-21 11:36 - 00000000 ____D C:\Program Files\Steam
2013-07-12 21:05 - 2009-02-05 21:32 - 00000000 ____D C:\Users\***\AppData\Roaming\Skype
2013-07-12 21:03 - 2013-07-12 21:03 - 344841756 _____ C:\Windows\MEMORY.DMP
2013-07-12 21:03 - 2013-07-12 21:03 - 00139400 _____ C:\Windows\Minidump\Mini071213-01.dmp
2013-07-12 21:03 - 2009-07-03 21:11 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-12 21:03 - 2009-05-26 18:36 - 00000000 ____D C:\Windows\Minidump
2013-07-12 21:03 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-12 21:01 - 2013-05-27 07:28 - 00000336 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2013-07-12 20:54 - 2009-02-03 17:27 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-07-12 20:54 - 2006-11-02 15:01 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-12 20:53 - 2013-07-12 20:13 - 00088958 _____ C:\Users\***\Desktop\OTL.Txt
2013-07-12 20:48 - 2009-07-03 21:11 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-12 20:44 - 2013-07-12 20:44 - 00000528 _____ C:\Users\***\Downloads\defogger_disable.log
2013-07-12 20:19 - 2013-07-12 20:19 - 00377856 _____ C:\Users\***\Downloads\gmer_2.1.19163.exe
2013-07-12 20:17 - 2013-07-12 20:13 - 00067132 _____ C:\Users\***\Desktop\Extras.Txt
2013-07-12 20:12 - 2013-07-12 20:12 - 00067228 _____ C:\Users\***\Downloads\Extras.Txt
2013-07-12 19:59 - 2013-07-12 19:59 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL.exe
2013-07-12 19:59 - 2013-07-12 19:59 - 00050477 _____ C:\Users\***\Downloads\Defogger.exe
2013-07-12 19:49 - 2013-07-12 19:48 - 00000656 _____ C:\Users\***\Desktop\defogger_disable.log
2013-07-12 19:49 - 2013-07-12 19:48 - 00000176 _____ C:\Users\***\defogger_reenable
2013-07-12 19:48 - 2009-02-05 18:39 - 00000000 ____D C:\Users\***
2013-07-12 18:44 - 2012-01-21 11:36 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-07-07 17:49 - 2013-07-07 17:49 - 00000908 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-07 17:49 - 2013-07-07 17:49 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-07-07 17:49 - 2013-07-07 17:49 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-07-07 17:49 - 2013-07-07 17:49 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-07 17:48 - 2013-07-07 17:48 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-07 17:26 - 2009-02-20 21:47 - 00000000 ____D C:\Users\***\AppData\Roaming\DAEMON Tools Lite
2013-07-07 17:26 - 2009-02-05 23:42 - 00000000 ____D C:\Users\***\AppData\Roaming\Miranda
2013-07-07 17:26 - 2009-02-05 23:12 - 00000000 ____D C:\Users\***\Tracing
2013-07-07 17:26 - 2008-02-06 08:46 - 00000000 ____D C:\Windows\Panther
2013-07-07 17:22 - 2013-07-07 17:22 - 04396440 _____ (Piriform Ltd) C:\Users\***\Downloads\ccsetup403.exe
2013-07-07 17:22 - 2013-07-07 17:22 - 00000806 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-07 17:22 - 2013-07-07 17:22 - 00000000 ____D C:\Program Files\CCleaner
2013-07-07 12:38 - 2010-06-21 07:52 - 00000868 _____ C:\Windows\Tasks\Google Software Updater.job
2013-07-05 19:32 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-05 18:45 - 2009-02-06 00:30 - 00000000 ____D C:\Users\Jola\AppData\Local\Google
2013-07-04 22:30 - 2008-01-21 09:16 - 01538074 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-02 22:24 - 2010-08-05 20:13 - 00000000 ____D C:\Users\***\AppData\Roaming\Dropbox
2013-07-02 11:34 - 2010-08-05 20:21 - 00000000 ___RD C:\Users\***\Documents\My Dropbox
2013-07-02 01:29 - 2013-07-02 01:29 - 00001016 _____ C:\Users\***\Desktop\Catan.lnk
2013-07-01 22:38 - 2013-06-30 23:20 - 00000000 ____D C:\Users\***\AppData\Local\Catan
2013-07-01 22:24 - 2012-11-21 09:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-01 12:42 - 2013-06-30 18:28 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-06-30 23:23 - 2013-06-30 23:23 - 00000000 ____D C:\Users\***\AppData\Local\Chromium
2013-06-30 23:23 - 2013-06-30 23:21 - 00000000 ____D C:\Users\***\Documents\Catan
2013-06-30 23:21 - 2013-06-30 23:21 - 00000000 ____D C:\Users\All Users\boost_interprocess
2013-06-30 23:18 - 2013-06-30 23:18 - 00000000 ____D C:\Program Files\USM
2013-06-30 23:13 - 2013-06-30 23:13 - 00000000 ____D C:\Program Files\GtkSharp
2013-06-30 22:50 - 2013-06-30 22:50 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-06-30 22:33 - 2013-06-30 22:33 - 00001737 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-06-30 22:33 - 2013-06-30 22:33 - 00000000 ____D C:\Users\***\AppData\Local\Conduit
2013-06-30 22:33 - 2013-06-30 22:33 - 00000000 ____D C:\Program Files\entrusted
2013-06-30 22:32 - 2013-06-30 22:32 - 00000009 _____ C:\END
2013-06-30 22:32 - 2009-02-20 21:47 - 00466008 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2013-06-30 22:31 - 2012-01-14 12:05 - 00000000 ____D C:\Users\***\AppData\Roaming\OpenCandy
2013-06-30 22:31 - 2009-02-20 21:56 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2013-06-30 22:30 - 2013-06-30 22:29 - 13901152 _____ (Disc Soft Ltd) C:\Users\***\Downloads\DTLite4471-0333.exe
2013-06-30 13:53 - 2009-02-07 18:29 - 00143872 _____ C:\Users\***\Documents\ekonomi.xls
2013-06-30 12:11 - 2013-03-16 21:14 - 00000000 ____D C:\Users\***\Documents\Job
2013-06-29 20:51 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-29 20:32 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-06-29 20:22 - 2006-11-02 12:24 - 73381792 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-06-29 20:15 - 2009-02-15 11:13 - 00000000 ____D C:\Users\Jola\AppData\Roaming\Skype
2013-06-29 19:38 - 2013-06-29 19:39 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-29 19:38 - 2013-06-29 19:39 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-06-29 19:38 - 2013-06-29 19:39 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-06-29 19:38 - 2013-06-29 19:39 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-06-29 19:38 - 2012-07-28 17:19 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll
2013-06-29 19:38 - 2011-05-23 19:35 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-06-29 19:34 - 2009-02-05 18:56 - 00000000 ____D C:\Users\***\AppData\Local\Google
2013-06-16 22:01 - 2009-02-09 20:12 - 00000000 ____D C:\Users\All Users\Roxio
2013-06-13 22:16 - 2012-04-06 18:58 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-06-13 22:16 - 2011-05-18 22:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-12 21:10
==================== End Of Log ============================
Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-07-2013 02 Ran by *** at 2013-07-12 23:30:21 Running from C:\Users\***\Downloads Boot Mode: Normal ========================================================== 7-Zip 4.65 Adobe Flash Player 11 ActiveX (Version: 11.7.700.224) Adobe Reader 9.5.5 - Deutsch (Version: 9.5.5) Advanced Audio FX Engine AMD APP SDK Runtime (Version: 10.0.831.4) AMD Catalyst Install Manager (Version: 3.0.855.0) Apple Application Support (Version: 2.3.4) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (Version: 2.1.3.127) ATI Catalyst Control Center (Version: 2.008.0703.2235) Avira Free Antivirus (Version: 12.1.9.2400) Bonjour (Version: 3.0.0.10) Browser Address Error Redirector (Version: 1.00.0000) Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center Core Implementation (Version: 2008.0703.2236.38526) Catalyst Control Center Graphics Full Existing (Version: 2008.0703.2236.38526) Catalyst Control Center Graphics Full New (Version: 2008.0703.2236.38526) Catalyst Control Center Graphics Light (Version: 2008.0703.2236.38526) Catalyst Control Center Graphics Previews Common (Version: 2008.0703.2236.38526) Catalyst Control Center Graphics Previews Common (Version: 2011.0126.1749.31909) Catalyst Control Center Graphics Previews Common (Version: 2011.1109.2212.39826) Catalyst Control Center Graphics Previews Vista (Version: 2008.0703.2236.38526) Catalyst Control Center InstallProxy (Version: 2008.0703.2236.38526) Catalyst Control Center InstallProxy (Version: 2011.1109.2212.39826) Catalyst Control Center Localization All (Version: 2011.0126.1749.31909) Catalyst Control Center Localization All (Version: 2011.1109.2212.39826) Catalyst Control Center Localization Chinese Standard (Version: 2008.0703.2236.38526) Catalyst Control Center Localization Chinese Traditional (Version: 2008.0703.2236.38526) Catalyst Control Center Localization Danish (Version: 2008.0703.2236.38526) Catalyst Control Center Localization Dutch (Version: 2008.0703.2236.38526) Catalyst Control Center Localization Finnish (Version: 2008.0703.2236.38526) Catalyst Control Center Localization French (Version: 2008.0703.2236.38526) Catalyst Control Center Localization German (Version: 2008.0703.2236.38526) Catalyst Control Center Localization Italian (Version: 2008.0703.2236.38526) Catalyst Control Center Localization Japanese (Version: 2008.0703.2236.38526) Catalyst Control Center Localization Korean (Version: 2008.0703.2236.38526) Catalyst Control Center Localization Norwegian (Version: 2008.0703.2236.38526) Catalyst Control Center Localization Portuguese (Version: 2008.0703.2236.38526) Catalyst Control Center Localization Russian (Version: 2008.0703.2236.38526) Catalyst Control Center Localization Spanish (Version: 2008.0703.2236.38526) Catalyst Control Center Localization Swedish (Version: 2008.0703.2236.38526) Catan 1.0 (Version: 1.0) CCC Help Chinese Standard (Version: 2008.0703.2235.38526) CCC Help Chinese Traditional (Version: 2008.0703.2235.38526) CCC Help Danish (Version: 2008.0703.2235.38526) CCC Help Dutch (Version: 2008.0703.2235.38526) CCC Help English (Version: 2008.0703.2235.38526) CCC Help English (Version: 2011.0126.1748.31909) CCC Help English (Version: 2011.1109.2211.39826) CCC Help Finnish (Version: 2008.0703.2235.38526) CCC Help French (Version: 2008.0703.2235.38526) CCC Help German (Version: 2008.0703.2235.38526) CCC Help Italian (Version: 2008.0703.2235.38526) CCC Help Japanese (Version: 2008.0703.2235.38526) CCC Help Korean (Version: 2008.0703.2235.38526) CCC Help Norwegian (Version: 2008.0703.2235.38526) CCC Help Portuguese (Version: 2008.0703.2235.38526) CCC Help Russian (Version: 2008.0703.2235.38526) CCC Help Spanish (Version: 2008.0703.2235.38526) CCC Help Swedish (Version: 2008.0703.2235.38526) ccc-core-static (Version: 2008.0703.2236.38526) ccc-utility (Version: 2008.0703.2236.38526) ccc-utility (Version: 2011.0126.1749.31909) ccc-utility (Version: 2011.1109.2212.39826) CCleaner (Version: 4.03) Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000) DAEMON Tools Lite (Version: 4.47.1.0333) Dell Dock (Version: 1.0.0) Dell Getting Started Guide (Version: 1.00.0000) Dell Touchpad (Version: 7.2.101.211) Dell Webcam Central Dropbox (HKCU Version: 2.0.22) EDocs ElsterFormular (Version: 12.4.0.7094p) eMule entrusted Toolbar (Version: 6.13.3.505) Europa Universalis III Google Chrome (Version: 28.0.1500.71) Google Desktop (Version: 5.9.1005.12335) Google Earth (Version: 7.0.3.8542) Google Toolbar for Internet Explorer (Version: 1.0.0) Google Toolbar for Internet Explorer (Version: 7.5.4209.2358) Google Update Helper (Version: 1.3.21.149) Google Updater (Version: 2.4.2432.1652) GoToAssist 8.0.0.514 Gtk# for .Net 2.12.10 (Version: 2.12.10) Heir to the Throne version 4.1 (Version: 4.1) Heroes of Might and Magic III Complete HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät (Version: 22.50.231.0) HP Deskjet 1000 J110 series Hilfe (Version: 140.0.65.65) HP Photo Creations (Version: 1.0.0.11502) HP Update (Version: 5.002.006.003) ImgBurn (Version: 2.4.2.0) Integrated Webcam Driver (1.06.03.0309) (Version: 1.06.03.0309) iPhone-Konfigurationsprogramm (Version: 2.1.0.163) iPod for Windows 2006-03-23 (Version: 4.7.0) ITECIR (Version: 1.9) iTunes (Version: 11.0.4.4) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) Java(TM) 6 Update 7 (Version: 1.6.0.70) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) MediaDirect (Version: 4.0) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Choice Guard (Version: 2.0.48.0) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Works (Version: 9.7.0621) Miranda IM 0.8.1 Mozilla Maintenance Service (Version: 17.0.7) Mozilla Thunderbird 17.0.7 (x86 de) (Version: 17.0.7) MSVC80_x86 (Version: 1.0.1.0) MSVCRT (Version: 14.0.1468.721) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0) OpenOffice.org 3.3 (Version: 3.3.9567) PC Connectivity Solution (Version: 8.47.6.0) Personal 4.10.4 PlayCatan Access Software (Version: 3.1022) QuickSet (Version: 9.2.8) QuickTime (Version: 7.74.80.86) Roxio Creator Audio (Version: 3.7.0) Roxio Creator Copy (Version: 3.7.0) Roxio Creator Data (Version: 3.7.0) Roxio Creator DE (Version: 10.1) Roxio Creator DE (Version: 3.7.0) Roxio Creator Tools (Version: 3.7.0) Roxio Express Labeler 3 (Version: 3.2.1) Roxio Update Manager (Version: 6.0.0) Sid Meier's Civilization V SDK Skins (Version: 2008.0703.2236.38526) Skype Click to Call (Version: 6.3.11079) Skype™ 6.3 (Version: 6.3.107) Steam (Version: 1.0.0.0) TIPKINST TOM Live Player (Version: 1.0.0) Total Immersion D'Fusion @Home Web Plug-In Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2478063) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2478063) (Version: 1) VLC media player 0.9.8a (Version: 0.9.8a) WIDCOMM Bluetooth Software 6.1.0.4402 (Version: 6.1.0.4402) WinAce Archiver (Version: 2.69) Windows Live Anmelde-Assistent (Version: 5.000.818.5) Windows Live Call (Version: 14.0.8117.0416) Windows Live Communications Platform (Version: 14.0.8117.416) Windows Live Essentials (Version: 14.0.8117.0416) Windows Live Essentials (Version: 14.0.8117.416) Windows Live Messenger (Version: 14.0.8117.0416) Windows Live-Uploadtool (Version: 14.0.8014.1029) Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0) WISO Steuer-Sparbuch 2012 (Version: 19.00.7303) WISO Steuer-Sparbuch 2013 (HKCU Version: 20.00.8137) Yahoo! Detect ==================== Restore Points ========================= ==================== Hosts content: ========================== 2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {164F1AB4-B466-440B-98C1-536335F265EA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {1A33ED44-4303-4BC8-AACE-6D3B3C21DDDD} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-14] (Google) Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {1D3D4F43-D5A2-4217-9866-4B2E169CDEC1} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1864229418-4291632707-874347587-1002 => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation) Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {61B8BC67-A66C-4119-B7F9-93DC96609628} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-21] (Microsoft Corp.) Task: {64C90F07-DAFA-4203-A382-A984BA2CA40E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-03] (Google Inc.) Task: {949B2D80-2224-43B1-A169-99A5CCA8C9F0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-13] (Adobe Systems Incorporated) Task: {9DFC8343-86C3-46E2-A23A-521624FB22C9} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation) Task: {9F54724B-3B18-4F2F-9647-DC16E669B40A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-03] (Google Inc.) Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation) Task: {ACDE11A7-CCDD-4EDA-A468-17522EE12F96} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation) Task: {D18DD09A-6CFE-408E-A5D2-4A79461E5EFD} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-03-22] () Task: {D633092E-EA0A-47D7-9F89-C8CDF5B06D52} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/12/2013 09:04:48 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/12/2013 08:57:26 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/12/2013 08:44:09 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung gmer_2.1.19163.exe, Version 2.1.19163.0, Zeitstempel 0x515d31f0, fehlerhaftes Modul gmer_2.1.19163.exe, Version 2.1.19163.0, Zeitstempel 0x515d31f0, Ausnahmecode 0xc0000005, Fehleroffset 0x00012288, Prozess-ID 0x668, Anwendungsstartzeit gmer_2.1.19163.exe0. Error: (07/12/2013 08:41:46 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung gmer_2.1.19163.exe, Version 2.1.19163.0, Zeitstempel 0x515d31f0, fehlerhaftes Modul gmer_2.1.19163.exe, Version 2.1.19163.0, Zeitstempel 0x515d31f0, Ausnahmecode 0xc0000005, Fehleroffset 0x00012288, Prozess-ID 0xdc8, Anwendungsstartzeit gmer_2.1.19163.exe0. Error: (07/12/2013 08:22:17 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/12/2013 07:55:37 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/12/2013 07:20:13 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/12/2013 07:14:47 PM) (Source: Application Hang) (User: ) Description: Programm iexplore.exe, Version 9.0.8112.16490 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 884 Anfangszeit: 01ce7f1fd85d47b6 Zeitpunkt der Beendigung: 12 Error: (07/12/2013 06:41:23 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/11/2013 09:27:56 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung WebcamDell.exe, Version 1.1.3.0, Zeitstempel 0x4844f8d0, fehlerhaftes Modul WebcamDell.exe, Version 1.1.3.0, Zeitstempel 0x4844f8d0, Ausnahmecode 0xc0000005, Fehleroffset 0x0000879e, Prozess-ID 0xd00, Anwendungsstartzeit WebcamDell.exe0. System errors: ============= Error: (07/12/2013 09:03:20 PM) (Source: volsnap) (User: ) Description: Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird, auswählen. Error: (07/12/2013 09:03:29 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 12.07.2013 um 21:01:47 unerwartet heruntergefahren. Error: (07/12/2013 07:49:25 PM) (Source: cdrom) (User: ) Description: Fehlerhafter Block bei Gerät \Device\CdRom1. Error: (07/12/2013 07:49:25 PM) (Source: cdrom) (User: ) Description: Fehlerhafter Block bei Gerät \Device\CdRom1. Error: (07/12/2013 07:49:24 PM) (Source: cdrom) (User: ) Description: Fehlerhafter Block bei Gerät \Device\CdRom1. Error: (07/12/2013 07:49:24 PM) (Source: cdrom) (User: ) Description: Fehlerhafter Block bei Gerät \Device\CdRom1. Error: (07/12/2013 07:49:23 PM) (Source: cdrom) (User: ) Description: Fehlerhafter Block bei Gerät \Device\CdRom1. Error: (07/12/2013 07:49:23 PM) (Source: cdrom) (User: ) Description: Fehlerhafter Block bei Gerät \Device\CdRom1. Error: (07/12/2013 07:49:23 PM) (Source: cdrom) (User: ) Description: Fehlerhafter Block bei Gerät \Device\CdRom1. Error: (07/12/2013 07:49:22 PM) (Source: cdrom) (User: ) Description: Fehlerhafter Block bei Gerät \Device\CdRom1. Microsoft Office Sessions: ========================= Error: (07/12/2013 09:04:48 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/12/2013 08:57:26 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/12/2013 08:44:09 PM) (Source: Application Error)(User: ) Description: gmer_2.1.19163.exe2.1.19163.0515d31f0gmer_2.1.19163.exe2.1.19163.0515d31f0c00000050001228866801ce7f2f9d14d116 Error: (07/12/2013 08:41:46 PM) (Source: Application Error)(User: ) Description: gmer_2.1.19163.exe2.1.19163.0515d31f0gmer_2.1.19163.exe2.1.19163.0515d31f0c000000500012288dc801ce7f2eeb205426 Error: (07/12/2013 08:22:17 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/12/2013 07:55:37 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/12/2013 07:20:13 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/12/2013 07:14:47 PM) (Source: Application Hang)(User: ) Description: iexplore.exe9.0.8112.1649088401ce7f1fd85d47b612 Error: (07/12/2013 06:41:23 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/11/2013 09:27:56 PM) (Source: Application Error)(User: ) Description: WebcamDell.exe1.1.3.04844f8d0WebcamDell.exe1.1.3.04844f8d0c00000050000879ed0001ce7e6c6fcbf5d6 CodeIntegrity Errors: =================================== Date: 2013-07-07 21:48:39.218 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-07 21:48:38.993 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-07 21:48:38.757 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-07 21:48:38.528 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-07 21:48:38.313 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-07 21:48:37.911 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-07 21:48:29.598 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-07 21:48:29.398 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-07 21:48:29.194 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-07 21:48:28.989 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 52% Total physical RAM: 3065.98 MB Available physical RAM: 1452.58 MB Total Pagefile: 8169 MB Available Pagefile: 6470.31 MB Total Virtual: 2047.88 MB Available Virtual: 1875.39 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:222.72 GB) (Free:29.79 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATAPART1) (Fixed) (Total:232.88 GB) (Free:208.31 GB) NTFS Drive e: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.58 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 6751621C) Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 08000000) Partition 1: (Not Active) - (Size=173 MB) - (Type=DE) Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS) Partition 3: (Active) - (Size=223 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
|
13.07.2013, 10:15
| #4 |
| /// the machine /// TB-Ausbilder | Computer manchmal extrem langsam, "Server ist ausgelastet"-Meldung Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.07.2013, 21:14
| #5 |
| | Computer manchmal extrem langsam, "Server ist ausgelastet"-Meldung Hallo noch mal, hier sind die Log's Code:
ATTFilter # AdwCleaner v2.305 - Datei am 13/07/2013 um 11:18:03 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : *** - PUNGOPANGO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Ordner Gelöscht : C:\Program Files\entrusted
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\***\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\entrusted
Ordner Gelöscht : C:\Users\***\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\entrusted
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\entrusted Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E44A1809-4D10-4AB8-B343-3326B64C7CDD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E44A1809-4D10-4AB8-B343-3326B64C7CDD}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{01335480-2AED-4070-AFF3-B4C8BC22FF35}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E44A1809-4D10-4AB8-B343-3326B64C7CDD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3281675
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\entrusted
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26A09B75-BA91-461F-9ED4-362AFB3A8790}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31F1A8CA-1A8C-4A37-9831-28DA6CA917A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E44A1809-4D10-4AB8-B343-3326B64C7CDD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{01335480-2AED-4070-AFF3-B4C8BC22FF35}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\entrusted Toolbar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E44A1809-4D10-4AB8-B343-3326B64C7CDD}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{E44A1809-4D10-4AB8-B343-3326B64C7CDD}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{E44A1809-4D10-4AB8-B343-3326B64C7CDD}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16490
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v28.0.1500.72
Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [4235 octets] - [13/07/2013 11:18:03]
########## EOF - C:\AdwCleaner[S1].txt - [4295 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.9 (07.12.2013:2)
OS: Windows Vista (TM) Home Premium x86
Ran by Andreas on 13.07.2013 at 11:26:01,90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.07.2013 at 11:27:42,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-07-2013
Ran by *** (administrator) on 13-07-2013 11:30:37
Running from C:\Users\***\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [200704 2008-08-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [StartCCC] - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Google Desktop Search] - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2010-08-11] (Google)
HKLM\...\Run: [Dell Webcam Central] - "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2 [446635 2008-06-03] (Creative Technology Ltd.)
HKLM\...\Run: [PCMService] - "C:\Program Files\Dell\MediaDirect\PCMService.exe" [132392 2008-10-20] (CyberLink Corp.)
HKLM\...\Run: [dellsupportcenter] - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [x]
HKLM\...\Run: [SysTrayApp] - %ProgramFiles%\IDT\WDM\sttray.exe [442460 2008-08-25] (IDT, Inc.)
HKLM\...\Run: [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Aimersoft Helper Compact.exe] - C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [x]
HKLM\...\Run: [BrowserPlugInHelper] - C:\Program Files\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe [x]
HKLM\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [X]
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-02-03] (Google Inc.)
HKCU\...\Run: [Steam] - "C:\Program Files\Steam\steam.exe" -silent [1672616 2013-07-10] (Valve Corporation)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
MountPoints2: {69ad46fd-5fa0-11e0-966c-002219dd5abf} - H:\autorun.exe
HKU\***\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\***\...\Run: [Skype] - "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized [ 2013-04-19] (Skype Technologies S.A.)
HKU\***\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-21] (Microsoft Corporation)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2013\mshaktuell.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=1090203
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\25.0.1364.172\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll (Skype Technologies S.A.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U33) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.330.5) - C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Nexus Personal) - C:\Program Files\Personal\bin\np_prsnl.dll (Technology Nexus AB)
CHR Plugin: (D'Fusion @Home Web Plug-In (3.00.13687)) - C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Skype Click to Call) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0
========================== Services (Whitelisted) =================
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe [73728 2008-08-25] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-02] (Avira Operations GmbH & Co. KG)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-11] (Google)
S2 gupdate1c9fc10500a88bf; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-07-03] (Google Inc.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe [225362 2008-08-25] (IDT, Inc.)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-04-25] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-04-27] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2012-04-16] (Avira GmbH)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2008-08-25] (ITE Tech. Inc. )
R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [280096 2009-03-08] (Creative Technology Ltd.)
S3 R300; C:\Windows\System32\DRIVERS\atikmdag.sys [8913920 2011-11-10] (Advanced Micro Devices, Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-06-30] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] ()
R2 {2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7}; C:\Program Files\Dell\MediaDirect\000.fcl [87536 2008-10-20] (CyberLink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-13 11:30 - 2013-07-13 11:30 - 01218386 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2013-07-13 11:27 - 2013-07-13 11:27 - 00000636 _____ C:\Users\***\Desktop\JRT.txt
2013-07-13 11:25 - 2013-07-13 11:25 - 00000000 ____D C:\Windows\ERUNT
2013-07-13 11:24 - 2013-07-13 11:24 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-07-13 11:23 - 2013-07-13 11:24 - 00004339 _____ C:\Users\***\Desktop\AdwCleaner[S1].txt
2013-07-13 11:19 - 2013-07-13 11:19 - 00000458 _____ C:\Windows\PFRO.log
2013-07-13 11:18 - 2013-07-13 11:18 - 00004364 _____ C:\AdwCleaner[S1].txt
2013-07-13 11:16 - 2013-07-13 11:16 - 00662345 _____ C:\Users\***\Desktop\adwcleaner.exe
2013-07-12 23:31 - 2013-07-12 23:31 - 00024190 _____ C:\Users\***\Desktop\Addition.txt
2013-07-12 23:30 - 2013-07-12 23:30 - 00031663 _____ C:\Users\***\Downloads\FRST.txt
2013-07-12 23:30 - 2013-07-12 23:30 - 00024198 _____ C:\Users\***\Downloads\Addition.txt
2013-07-12 21:45 - 2013-07-12 21:45 - 00000000 ____D C:\FRST
2013-07-12 21:44 - 2013-07-12 21:44 - 01218364 _____ (Farbar) C:\Users\***\Downloads\FRST.exe
2013-07-12 21:03 - 2013-07-12 21:03 - 344841756 _____ C:\Windows\MEMORY.DMP
2013-07-12 21:03 - 2013-07-12 21:03 - 00139400 _____ C:\Windows\Minidump\Mini071213-01.dmp
2013-07-12 20:44 - 2013-07-12 20:44 - 00000528 _____ C:\Users\***\Downloads\defogger_disable.log
2013-07-12 20:19 - 2013-07-12 20:19 - 00377856 _____ C:\Users\***\Downloads\gmer_2.1.19163.exe
2013-07-12 20:13 - 2013-07-12 20:53 - 00088958 _____ C:\Users\***\Desktop\OTL.Txt
2013-07-12 20:13 - 2013-07-12 20:17 - 00067132 _____ C:\Users\***\Desktop\Extras.Txt
2013-07-12 20:12 - 2013-07-12 20:12 - 00067228 _____ C:\Users\***\Downloads\Extras.Txt
2013-07-12 20:11 - 2013-07-12 21:21 - 00087742 _____ C:\Users\***\Downloads\OTL.Txt
2013-07-12 19:59 - 2013-07-12 19:59 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL.exe
2013-07-12 19:59 - 2013-07-12 19:59 - 00050477 _____ C:\Users\***\Downloads\Defogger.exe
2013-07-12 19:48 - 2013-07-12 19:49 - 00000656 _____ C:\Users\***\Desktop\defogger_disable.log
2013-07-12 19:48 - 2013-07-12 19:49 - 00000176 _____ C:\Users\***\defogger_reenable
2013-07-07 17:49 - 2013-07-07 17:49 - 00000908 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-07 17:49 - 2013-07-07 17:49 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-07-07 17:49 - 2013-07-07 17:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-07 17:49 - 2013-07-07 17:49 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-07 17:49 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-07 17:48 - 2013-07-07 17:48 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-07 17:22 - 2013-07-07 17:22 - 04396440 _____ (Piriform Ltd) C:\Users\***\Downloads\ccsetup403.exe
2013-07-07 17:22 - 2013-07-07 17:22 - 00000806 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-07 17:22 - 2013-07-07 17:22 - 00000000 ____D C:\Program Files\CCleaner
2013-07-02 01:29 - 2013-07-02 01:29 - 00001016 _____ C:\Users\***\Desktop\Catan.lnk
2013-06-30 23:23 - 2013-06-30 23:23 - 00000000 ____D C:\Users\***\AppData\Local\Chromium
2013-06-30 23:21 - 2013-06-30 23:23 - 00000000 ____D C:\Users\***\Documents\Catan
2013-06-30 23:20 - 2013-07-01 22:38 - 00000000 ____D C:\Users\***\AppData\Local\Catan
2013-06-30 23:18 - 2013-06-30 23:18 - 00000000 ____D C:\Program Files\USM
2013-06-30 23:13 - 2013-06-30 23:13 - 00000000 ____D C:\Program Files\GtkSharp
2013-06-30 22:50 - 2013-06-30 22:50 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-06-30 22:33 - 2013-06-30 22:33 - 00001737 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-06-30 22:29 - 2013-06-30 22:30 - 13901152 _____ (Disc Soft Ltd) C:\Users\***\Downloads\DTLite4471-0333.exe
2013-06-30 18:28 - 2013-07-01 12:42 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-06-29 20:26 - 2013-05-17 01:08 - 12329984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-06-29 20:26 - 2013-05-17 00:49 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-06-29 20:26 - 2013-05-17 00:39 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-06-29 20:26 - 2013-05-17 00:28 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-06-29 20:26 - 2013-05-17 00:28 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-06-29 20:26 - 2013-05-17 00:27 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-06-29 20:26 - 2013-05-17 00:26 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-06-29 20:26 - 2013-05-17 00:23 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-06-29 20:26 - 2013-05-17 00:21 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-06-29 20:26 - 2013-05-17 00:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-06-29 20:26 - 2013-05-17 00:20 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-06-29 20:26 - 2013-05-17 00:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-06-29 20:26 - 2013-05-17 00:17 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-06-29 20:26 - 2013-05-17 00:17 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-06-29 20:26 - 2013-05-17 00:16 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-06-29 20:26 - 2013-05-17 00:12 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-06-29 20:19 - 2013-04-24 06:00 - 00985600 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-06-29 20:19 - 2013-04-24 06:00 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-06-29 20:19 - 2013-04-24 06:00 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-06-29 20:19 - 2013-04-24 06:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-06-29 20:19 - 2013-04-24 03:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-06-29 20:18 - 2013-05-08 06:37 - 00905576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-06-29 20:18 - 2013-05-02 06:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-06-29 20:18 - 2013-05-02 06:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll
2013-06-29 20:17 - 2013-05-03 00:03 - 03603832 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-06-29 20:17 - 2013-05-03 00:03 - 03551096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-06-29 19:39 - 2013-06-29 19:38 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-29 19:39 - 2013-06-29 19:38 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-06-29 19:39 - 2013-06-29 19:38 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-06-29 19:39 - 2013-06-29 19:38 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
==================== One Month Modified Files and Folders =======
2013-07-13 11:30 - 2013-07-13 11:30 - 01218386 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2013-07-13 11:30 - 2009-02-05 18:39 - 00000000 ___RD C:\Users\***\Desktop
2013-07-13 11:27 - 2013-07-13 11:27 - 00000636 _____ C:\Users\***\Desktop\JRT.txt
2013-07-13 11:25 - 2013-07-13 11:25 - 00000000 ____D C:\Windows\ERUNT
2013-07-13 11:25 - 2009-02-03 18:07 - 01910364 _____ C:\Windows\WindowsUpdate.log
2013-07-13 11:24 - 2013-07-13 11:24 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-07-13 11:24 - 2013-07-13 11:23 - 00004339 _____ C:\Users\***\Desktop\AdwCleaner[S1].txt
2013-07-13 11:24 - 2012-01-21 11:36 - 00000000 ____D C:\Program Files\Steam
2013-07-13 11:22 - 2009-02-05 21:32 - 00000000 ____D C:\Users\***\AppData\Roaming\Skype
2013-07-13 11:20 - 2009-07-03 21:11 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-13 11:20 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-13 11:20 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-13 11:20 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-13 11:19 - 2013-07-13 11:19 - 00000458 _____ C:\Windows\PFRO.log
2013-07-13 11:18 - 2013-07-13 11:18 - 00004364 _____ C:\AdwCleaner[S1].txt
2013-07-13 11:18 - 2009-02-03 17:27 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-07-13 11:18 - 2006-11-02 15:01 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-13 11:16 - 2013-07-13 11:16 - 00662345 _____ C:\Users\***\Desktop\adwcleaner.exe
2013-07-13 11:15 - 2012-04-06 18:58 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-13 11:01 - 2013-05-27 07:28 - 00000336 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2013-07-13 10:53 - 2009-07-03 21:11 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-12 23:31 - 2013-07-12 23:31 - 00024190 _____ C:\Users\***\Desktop\Addition.txt
2013-07-12 23:30 - 2013-07-12 23:30 - 00031663 _____ C:\Users\***\Downloads\FRST.txt
2013-07-12 23:30 - 2013-07-12 23:30 - 00024198 _____ C:\Users\***\Downloads\Addition.txt
2013-07-12 21:45 - 2013-07-12 21:45 - 00000000 ____D C:\FRST
2013-07-12 21:44 - 2013-07-12 21:44 - 01218364 _____ (Farbar) C:\Users\***\Downloads\FRST.exe
2013-07-12 21:21 - 2013-07-12 20:11 - 00087742 _____ C:\Users\***\Downloads\OTL.Txt
2013-07-12 21:03 - 2013-07-12 21:03 - 344841756 _____ C:\Windows\MEMORY.DMP
2013-07-12 21:03 - 2013-07-12 21:03 - 00139400 _____ C:\Windows\Minidump\Mini071213-01.dmp
2013-07-12 21:03 - 2009-05-26 18:36 - 00000000 ____D C:\Windows\Minidump
2013-07-12 20:53 - 2013-07-12 20:13 - 00088958 _____ C:\Users\***\Desktop\OTL.Txt
2013-07-12 20:44 - 2013-07-12 20:44 - 00000528 _____ C:\Users\***\Downloads\defogger_disable.log
2013-07-12 20:19 - 2013-07-12 20:19 - 00377856 _____ C:\Users\***\Downloads\gmer_2.1.19163.exe
2013-07-12 20:17 - 2013-07-12 20:13 - 00067132 _____ C:\Users\***\Desktop\Extras.Txt
2013-07-12 20:12 - 2013-07-12 20:12 - 00067228 _____ C:\Users\***\Downloads\Extras.Txt
2013-07-12 19:59 - 2013-07-12 19:59 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL.exe
2013-07-12 19:59 - 2013-07-12 19:59 - 00050477 _____ C:\Users\***\Downloads\Defogger.exe
2013-07-12 19:49 - 2013-07-12 19:48 - 00000656 _____ C:\Users\***\Desktop\defogger_disable.log
2013-07-12 19:49 - 2013-07-12 19:48 - 00000176 _____ C:\Users\***\defogger_reenable
2013-07-12 19:48 - 2009-02-05 18:39 - 00000000 ____D C:\Users\***
2013-07-12 18:44 - 2012-01-21 11:36 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-07-07 17:49 - 2013-07-07 17:49 - 00000908 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-07 17:49 - 2013-07-07 17:49 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-07-07 17:49 - 2013-07-07 17:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-07 17:49 - 2013-07-07 17:49 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-07 17:49 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-07 17:48 - 2013-07-07 17:48 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-07 17:26 - 2009-02-20 21:47 - 00000000 ____D C:\Users\***\AppData\Roaming\DAEMON Tools Lite
2013-07-07 17:26 - 2009-02-05 23:42 - 00000000 ____D C:\Users\***\AppData\Roaming\Miranda
2013-07-07 17:26 - 2009-02-05 23:12 - 00000000 ____D C:\Users\***\Tracing
2013-07-07 17:26 - 2008-02-06 08:46 - 00000000 ____D C:\Windows\Panther
2013-07-07 17:22 - 2013-07-07 17:22 - 04396440 _____ (Piriform Ltd) C:\Users\***\Downloads\ccsetup403.exe
2013-07-07 17:22 - 2013-07-07 17:22 - 00000806 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-07 17:22 - 2013-07-07 17:22 - 00000000 ____D C:\Program Files\CCleaner
2013-07-07 12:38 - 2010-06-21 07:52 - 00000868 _____ C:\Windows\Tasks\Google Software Updater.job
2013-07-05 19:32 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-05 18:45 - 2009-02-06 00:30 - 00000000 ____D C:\Users\***\AppData\Local\Google
2013-07-04 22:30 - 2008-01-21 09:16 - 01538074 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-02 22:24 - 2010-08-05 20:13 - 00000000 ____D C:\Users\***\AppData\Roaming\Dropbox
2013-07-02 11:34 - 2010-08-05 20:21 - 00000000 ___RD C:\Users\***\Documents\My Dropbox
2013-07-02 01:29 - 2013-07-02 01:29 - 00001016 _____ C:\Users\***\Desktop\Catan.lnk
2013-07-01 22:38 - 2013-06-30 23:20 - 00000000 ____D C:\Users\***\AppData\Local\Catan
2013-07-01 22:24 - 2012-11-21 09:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-01 12:42 - 2013-06-30 18:28 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-06-30 23:23 - 2013-06-30 23:23 - 00000000 ____D C:\Users\***\AppData\Local\Chromium
2013-06-30 23:23 - 2013-06-30 23:21 - 00000000 ____D C:\Users\***\Documents\Catan
2013-06-30 23:18 - 2013-06-30 23:18 - 00000000 ____D C:\Program Files\USM
2013-06-30 23:13 - 2013-06-30 23:13 - 00000000 ____D C:\Program Files\GtkSharp
2013-06-30 22:50 - 2013-06-30 22:50 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-06-30 22:33 - 2013-06-30 22:33 - 00001737 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-06-30 22:32 - 2009-02-20 21:47 - 00466008 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2013-06-30 22:31 - 2009-02-20 21:56 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2013-06-30 22:30 - 2013-06-30 22:29 - 13901152 _____ (Disc Soft Ltd) C:\Users\***\Downloads\DTLite4471-0333.exe
2013-06-30 13:53 - 2009-02-07 18:29 - 00143872 _____ C:\Users\***\Documents\ekonomi.xls
2013-06-30 12:11 - 2013-03-16 21:14 - 00000000 ____D C:\Users\***\Documents\Job
2013-06-29 20:51 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-29 20:32 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-06-29 20:22 - 2006-11-02 12:24 - 73381792 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-06-29 20:15 - 2009-02-15 11:13 - 00000000 ____D C:\Users\***\AppData\Roaming\Skype
2013-06-29 19:38 - 2013-06-29 19:39 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-29 19:38 - 2013-06-29 19:39 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-06-29 19:38 - 2013-06-29 19:39 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-06-29 19:38 - 2013-06-29 19:39 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-06-29 19:38 - 2012-07-28 17:19 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll
2013-06-29 19:38 - 2011-05-23 19:35 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-06-29 19:34 - 2009-02-05 18:56 - 00000000 ____D C:\Users\***\AppData\Local\Google
2013-06-16 22:01 - 2009-02-09 20:12 - 00000000 ____D C:\ProgramData\Roxio
2013-06-13 22:16 - 2012-04-06 18:58 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-06-13 22:16 - 2011-05-18 22:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-13 11:27
==================== End Of Log ============================
|
|
13.07.2013, 21:17
| #6 |
| /// the machine /// TB-Ausbilder | Computer manchmal extrem langsam, "Server ist ausgelastet"-Meldung Noch Probleme? ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte.
__________________ --> Computer manchmal extrem langsam, "Server ist ausgelastet"-Meldung |
|
14.07.2013, 14:04
| #7 |
| | Computer manchmal extrem langsam, "Server ist ausgelastet"-Meldung Hallo, mein Problem habe ich nur gelegentlich und seit gestern habe ich es nicht erlebt. Kannst du in den Logs was erkennen, das ein Problem gelöst ist? Wenn du nicht was besonders erkennen kann in folgende Logs wurde ich mich erst wieder melden falls ich das Problem noch mal erlebe. Vielen Dank für deine Unterstützung! Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c1b5590655bf8043a80bc8da9986f18a
# engine=14385
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-14 10:40:30
# local_time=2013-07-14 12:40:30 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 99 54575 239221720 47345 0
# compatibility_mode=5892 16776574 100 100 34475281 211331158 0 0
# scanned=482258
# found=0
# cleaned=0
# scan_time=10610
Code:
ATTFilter Results of screen317's Security Check version 0.99.68 Windows Vista Service Pack 2 x86 Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 CCleaner Java 7 Update 25 Java(TM) 6 Update 7 Adobe Reader 9 Adobe Reader out of Date! Mozilla Thunderbird (17.0.7) Google Chrome 28.0.1500.71 Google Chrome 28.0.1500.72 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-07-2013
Ran by *** (administrator) on 14-07-2013 12:54:51
Running from C:\Users\***\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [200704 2008-08-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [StartCCC] - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Google Desktop Search] - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2010-08-11] (Google)
HKLM\...\Run: [Dell Webcam Central] - "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2 [446635 2008-06-03] (Creative Technology Ltd.)
HKLM\...\Run: [PCMService] - "C:\Program Files\Dell\MediaDirect\PCMService.exe" [132392 2008-10-20] (CyberLink Corp.)
HKLM\...\Run: [dellsupportcenter] - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [x]
HKLM\...\Run: [SysTrayApp] - %ProgramFiles%\IDT\WDM\sttray.exe [442460 2008-08-25] (IDT, Inc.)
HKLM\...\Run: [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Aimersoft Helper Compact.exe] - C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [x]
HKLM\...\Run: [BrowserPlugInHelper] - C:\Program Files\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe [x]
HKLM\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [X]
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-02-03] (Google Inc.)
HKCU\...\Run: [Steam] - "C:\Program Files\Steam\steam.exe" -silent [1672616 2013-07-10] (Valve Corporation)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
MountPoints2: {69ad46fd-5fa0-11e0-966c-002219dd5abf} - H:\autorun.exe
HKU\***\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\***\...\Run: [Skype] - "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized [ 2013-04-19] (Skype Technologies S.A.)
HKU\***\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-21] (Microsoft Corporation)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2013\mshaktuell.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=1090203
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\25.0.1364.172\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll (Skype Technologies S.A.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U33) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.330.5) - C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Nexus Personal) - C:\Program Files\Personal\bin\np_prsnl.dll (Technology Nexus AB)
CHR Plugin: (D'Fusion @Home Web Plug-In (3.00.13687)) - C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Skype Click to Call) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0
========================== Services (Whitelisted) =================
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe [73728 2008-08-25] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-02] (Avira Operations GmbH & Co. KG)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-11] (Google)
S2 gupdate1c9fc10500a88bf; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-07-03] (Google Inc.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe [225362 2008-08-25] (IDT, Inc.)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-04-25] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-04-27] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2012-04-16] (Avira GmbH)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2008-08-25] (ITE Tech. Inc. )
R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [280096 2009-03-08] (Creative Technology Ltd.)
S3 R300; C:\Windows\System32\DRIVERS\atikmdag.sys [8913920 2011-11-10] (Advanced Micro Devices, Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-06-30] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] ()
R2 {2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7}; C:\Program Files\Dell\MediaDirect\000.fcl [87536 2008-10-20] (CyberLink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-14 12:54 - 2013-07-14 12:54 - 01218214 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2013-07-14 12:52 - 2013-07-14 12:52 - 00000910 _____ C:\Users\***\Desktop\checkup.txt
2013-07-14 12:45 - 2013-07-14 12:45 - 00890988 _____ C:\Users\***\Desktop\SecurityCheck.exe
2013-07-14 09:38 - 2013-07-14 09:40 - 02347384 _____ (ESET) C:\Users\***\Desktop\esetsmartinstaller_enu.exe
2013-07-13 11:39 - 2013-07-13 11:39 - 00000000 ___RD C:\Users\***\Documents\HP Photo Creations
2013-07-13 11:39 - 2013-07-13 11:39 - 00000000 ____D C:\Users\***\AppData\Roaming\Visan
2013-07-13 11:27 - 2013-07-13 11:27 - 00000636 _____ C:\Users\***\Desktop\JRT.txt
2013-07-13 11:25 - 2013-07-13 11:25 - 00000000 ____D C:\Windows\ERUNT
2013-07-13 11:24 - 2013-07-13 11:24 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-07-13 11:23 - 2013-07-13 11:24 - 00004339 _____ C:\Users\***\Desktop\AdwCleaner[S1].txt
2013-07-13 11:19 - 2013-07-13 11:19 - 00000458 _____ C:\Windows\PFRO.log
2013-07-13 11:18 - 2013-07-13 11:18 - 00004364 _____ C:\AdwCleaner[S1].txt
2013-07-13 11:16 - 2013-07-13 11:16 - 00662345 _____ C:\Users\***\Desktop\adwcleaner.exe
2013-07-12 23:31 - 2013-07-12 23:31 - 00024190 _____ C:\Users\***\Desktop\Addition.txt
2013-07-12 23:30 - 2013-07-12 23:30 - 00031663 _____ C:\Users\***\Downloads\FRST.txt
2013-07-12 23:30 - 2013-07-12 23:30 - 00024198 _____ C:\Users\***\Downloads\Addition.txt
2013-07-12 21:45 - 2013-07-12 21:45 - 00000000 ____D C:\FRST
2013-07-12 21:44 - 2013-07-12 21:44 - 01218364 _____ (Farbar) C:\Users\***\Downloads\FRST.exe
2013-07-12 21:03 - 2013-07-12 21:03 - 344841756 _____ C:\Windows\MEMORY.DMP
2013-07-12 21:03 - 2013-07-12 21:03 - 00139400 _____ C:\Windows\Minidump\Mini071213-01.dmp
2013-07-12 20:44 - 2013-07-12 20:44 - 00000528 _____ C:\Users\***\Downloads\defogger_disable.log
2013-07-12 20:19 - 2013-07-12 20:19 - 00377856 _____ C:\Users\***\Downloads\gmer_2.1.19163.exe
2013-07-12 20:13 - 2013-07-12 20:53 - 00088958 _____ C:\Users\***\Desktop\OTL.Txt
2013-07-12 20:13 - 2013-07-12 20:17 - 00067132 _____ C:\Users\***\Desktop\Extras.Txt
2013-07-12 20:12 - 2013-07-12 20:12 - 00067228 _____ C:\Users\***\Downloads\Extras.Txt
2013-07-12 20:11 - 2013-07-12 21:21 - 00087742 _____ C:\Users\***\Downloads\OTL.Txt
2013-07-12 19:59 - 2013-07-12 19:59 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL.exe
2013-07-12 19:59 - 2013-07-12 19:59 - 00050477 _____ C:\Users\***\Downloads\Defogger.exe
2013-07-12 19:48 - 2013-07-12 19:49 - 00000656 _____ C:\Users\***\Desktop\defogger_disable.log
2013-07-12 19:48 - 2013-07-12 19:49 - 00000176 _____ C:\Users\***\defogger_reenable
2013-07-07 17:49 - 2013-07-07 17:49 - 00000908 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-07 17:49 - 2013-07-07 17:49 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-07-07 17:49 - 2013-07-07 17:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-07 17:49 - 2013-07-07 17:49 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-07 17:49 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-07 17:48 - 2013-07-07 17:48 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-07 17:22 - 2013-07-07 17:22 - 04396440 _____ (Piriform Ltd) C:\Users\***\Downloads\ccsetup403.exe
2013-07-07 17:22 - 2013-07-07 17:22 - 00000806 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-07 17:22 - 2013-07-07 17:22 - 00000000 ____D C:\Program Files\CCleaner
2013-07-02 01:29 - 2013-07-02 01:29 - 00001016 _____ C:\Users\***\Desktop\Catan.lnk
2013-06-30 23:23 - 2013-06-30 23:23 - 00000000 ____D C:\Users\***\AppData\Local\Chromium
2013-06-30 23:21 - 2013-06-30 23:23 - 00000000 ____D C:\Users\***\Documents\Catan
2013-06-30 23:20 - 2013-07-01 22:38 - 00000000 ____D C:\Users\***\AppData\Local\Catan
2013-06-30 23:18 - 2013-06-30 23:18 - 00000000 ____D C:\Program Files\USM
2013-06-30 23:13 - 2013-06-30 23:13 - 00000000 ____D C:\Program Files\GtkSharp
2013-06-30 22:50 - 2013-06-30 22:50 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-06-30 22:33 - 2013-06-30 22:33 - 00001737 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-06-30 22:29 - 2013-06-30 22:30 - 13901152 _____ (Disc Soft Ltd) C:\Users\***\Downloads\DTLite4471-0333.exe
2013-06-30 18:28 - 2013-07-01 12:42 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-06-29 20:26 - 2013-05-17 01:08 - 12329984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-06-29 20:26 - 2013-05-17 00:49 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-06-29 20:26 - 2013-05-17 00:39 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-06-29 20:26 - 2013-05-17 00:28 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-06-29 20:26 - 2013-05-17 00:28 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-06-29 20:26 - 2013-05-17 00:27 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-06-29 20:26 - 2013-05-17 00:26 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-06-29 20:26 - 2013-05-17 00:23 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-06-29 20:26 - 2013-05-17 00:21 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-06-29 20:26 - 2013-05-17 00:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-06-29 20:26 - 2013-05-17 00:20 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-06-29 20:26 - 2013-05-17 00:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-06-29 20:26 - 2013-05-17 00:17 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-06-29 20:26 - 2013-05-17 00:17 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-06-29 20:26 - 2013-05-17 00:16 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-06-29 20:26 - 2013-05-17 00:12 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-06-29 20:19 - 2013-04-24 06:00 - 00985600 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-06-29 20:19 - 2013-04-24 06:00 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-06-29 20:19 - 2013-04-24 06:00 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-06-29 20:19 - 2013-04-24 06:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-06-29 20:19 - 2013-04-24 03:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-06-29 20:18 - 2013-05-08 06:37 - 00905576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-06-29 20:18 - 2013-05-02 06:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-06-29 20:18 - 2013-05-02 06:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll
2013-06-29 20:17 - 2013-05-03 00:03 - 03603832 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-06-29 20:17 - 2013-05-03 00:03 - 03551096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-06-29 19:39 - 2013-06-29 19:38 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-29 19:39 - 2013-06-29 19:38 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-06-29 19:39 - 2013-06-29 19:38 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-06-29 19:39 - 2013-06-29 19:38 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
==================== One Month Modified Files and Folders =======
2013-07-14 12:54 - 2013-07-14 12:54 - 01218214 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2013-07-14 12:54 - 2009-02-05 18:39 - 00000000 ___RD C:\Users\***\Desktop
2013-07-14 12:53 - 2009-07-03 21:11 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-14 12:52 - 2013-07-14 12:52 - 00000910 _____ C:\Users\***\Desktop\checkup.txt
2013-07-14 12:45 - 2013-07-14 12:45 - 00890988 _____ C:\Users\***\Desktop\SecurityCheck.exe
2013-07-14 12:38 - 2010-06-21 07:52 - 00000868 _____ C:\Windows\Tasks\Google Software Updater.job
2013-07-14 12:37 - 2013-05-27 07:28 - 00000342 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2013-07-14 12:15 - 2012-04-06 18:58 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-14 11:21 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-14 11:21 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-14 09:41 - 2008-01-21 09:16 - 01558860 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-14 09:40 - 2013-07-14 09:38 - 02347384 _____ (ESET) C:\Users\***\Desktop\esetsmartinstaller_enu.exe
2013-07-14 09:36 - 2012-01-21 11:36 - 00000000 ____D C:\Program Files\Steam
2013-07-14 09:36 - 2009-02-05 21:32 - 00000000 ____D C:\Users\***\AppData\Roaming\Skype
2013-07-14 09:28 - 2009-02-03 18:07 - 01938959 _____ C:\Windows\WindowsUpdate.log
2013-07-14 09:22 - 2009-07-03 21:11 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-14 09:21 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-13 23:39 - 2009-02-03 17:27 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-07-13 23:39 - 2006-11-02 15:01 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-13 11:39 - 2013-07-13 11:39 - 00000000 ___RD C:\Users\***\Documents\HP Photo Creations
2013-07-13 11:39 - 2013-07-13 11:39 - 00000000 ____D C:\Users\***\AppData\Roaming\Visan
2013-07-13 11:39 - 2013-05-27 07:28 - 00001790 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2013-07-13 11:39 - 2013-05-27 07:27 - 00000000 ____D C:\ProgramData\HP Photo Creations
2013-07-13 11:39 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-13 11:27 - 2013-07-13 11:27 - 00000636 _____ C:\Users\***\Desktop\JRT.txt
2013-07-13 11:25 - 2013-07-13 11:25 - 00000000 ____D C:\Windows\ERUNT
2013-07-13 11:24 - 2013-07-13 11:24 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-07-13 11:24 - 2013-07-13 11:23 - 00004339 _____ C:\Users\***\Desktop\AdwCleaner[S1].txt
2013-07-13 11:19 - 2013-07-13 11:19 - 00000458 _____ C:\Windows\PFRO.log
2013-07-13 11:18 - 2013-07-13 11:18 - 00004364 _____ C:\AdwCleaner[S1].txt
2013-07-13 11:16 - 2013-07-13 11:16 - 00662345 _____ C:\Users\***\Desktop\adwcleaner.exe
2013-07-12 23:31 - 2013-07-12 23:31 - 00024190 _____ C:\Users\***\Desktop\Addition.txt
2013-07-12 23:30 - 2013-07-12 23:30 - 00031663 _____ C:\Users\***\Downloads\FRST.txt
2013-07-12 23:30 - 2013-07-12 23:30 - 00024198 _____ C:\Users\***\Downloads\Addition.txt
2013-07-12 21:45 - 2013-07-12 21:45 - 00000000 ____D C:\FRST
2013-07-12 21:44 - 2013-07-12 21:44 - 01218364 _____ (Farbar) C:\Users\***\Downloads\FRST.exe
2013-07-12 21:21 - 2013-07-12 20:11 - 00087742 _____ C:\Users\***\Downloads\OTL.Txt
2013-07-12 21:03 - 2013-07-12 21:03 - 344841756 _____ C:\Windows\MEMORY.DMP
2013-07-12 21:03 - 2013-07-12 21:03 - 00139400 _____ C:\Windows\Minidump\Mini071213-01.dmp
2013-07-12 21:03 - 2009-05-26 18:36 - 00000000 ____D C:\Windows\Minidump
2013-07-12 20:53 - 2013-07-12 20:13 - 00088958 _____ C:\Users\***\Desktop\OTL.Txt
2013-07-12 20:44 - 2013-07-12 20:44 - 00000528 _____ C:\Users\***\Downloads\defogger_disable.log
2013-07-12 20:19 - 2013-07-12 20:19 - 00377856 _____ C:\Users\***\Downloads\gmer_2.1.19163.exe
2013-07-12 20:17 - 2013-07-12 20:13 - 00067132 _____ C:\Users\***\Desktop\Extras.Txt
2013-07-12 20:12 - 2013-07-12 20:12 - 00067228 _____ C:\Users\***\Downloads\Extras.Txt
2013-07-12 19:59 - 2013-07-12 19:59 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL.exe
2013-07-12 19:59 - 2013-07-12 19:59 - 00050477 _____ C:\Users\***\Downloads\Defogger.exe
2013-07-12 19:49 - 2013-07-12 19:48 - 00000656 _____ C:\Users\***\Desktop\defogger_disable.log
2013-07-12 19:49 - 2013-07-12 19:48 - 00000176 _____ C:\Users\***\defogger_reenable
2013-07-12 19:48 - 2009-02-05 18:39 - 00000000 ____D C:\Users\***
2013-07-12 18:44 - 2012-01-21 11:36 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-07-07 17:49 - 2013-07-07 17:49 - 00000908 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-07 17:49 - 2013-07-07 17:49 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-07-07 17:49 - 2013-07-07 17:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-07 17:49 - 2013-07-07 17:49 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-07 17:48 - 2013-07-07 17:48 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-07 17:26 - 2009-02-20 21:47 - 00000000 ____D C:\Users\***\AppData\Roaming\DAEMON Tools Lite
2013-07-07 17:26 - 2009-02-05 23:42 - 00000000 ____D C:\Users\***\AppData\Roaming\Miranda
2013-07-07 17:26 - 2009-02-05 23:12 - 00000000 ____D C:\Users\***\Tracing
2013-07-07 17:26 - 2008-02-06 08:46 - 00000000 ____D C:\Windows\Panther
2013-07-07 17:22 - 2013-07-07 17:22 - 04396440 _____ (Piriform Ltd) C:\Users\***\Downloads\ccsetup403.exe
2013-07-07 17:22 - 2013-07-07 17:22 - 00000806 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-07 17:22 - 2013-07-07 17:22 - 00000000 ____D C:\Program Files\CCleaner
2013-07-05 19:32 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-05 18:45 - 2009-02-06 00:30 - 00000000 ____D C:\Users\***\AppData\Local\Google
2013-07-02 22:24 - 2010-08-05 20:13 - 00000000 ____D C:\Users\***\AppData\Roaming\Dropbox
2013-07-02 11:34 - 2010-08-05 20:21 - 00000000 ___RD C:\Users\***\Documents\My Dropbox
2013-07-02 01:29 - 2013-07-02 01:29 - 00001016 _____ C:\Users\***\Desktop\Catan.lnk
2013-07-01 22:38 - 2013-06-30 23:20 - 00000000 ____D C:\Users\***\AppData\Local\Catan
2013-07-01 22:24 - 2012-11-21 09:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-01 12:42 - 2013-06-30 18:28 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-06-30 23:23 - 2013-06-30 23:23 - 00000000 ____D C:\Users\***\AppData\Local\Chromium
2013-06-30 23:23 - 2013-06-30 23:21 - 00000000 ____D C:\Users\***\Documents\Catan
2013-06-30 23:18 - 2013-06-30 23:18 - 00000000 ____D C:\Program Files\USM
2013-06-30 23:13 - 2013-06-30 23:13 - 00000000 ____D C:\Program Files\GtkSharp
2013-06-30 22:50 - 2013-06-30 22:50 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-06-30 22:33 - 2013-06-30 22:33 - 00001737 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-06-30 22:32 - 2009-02-20 21:47 - 00466008 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2013-06-30 22:31 - 2009-02-20 21:56 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2013-06-30 22:30 - 2013-06-30 22:29 - 13901152 _____ (Disc Soft Ltd) C:\Users\***\Downloads\DTLite4471-0333.exe
2013-06-30 13:53 - 2009-02-07 18:29 - 00143872 _____ C:\Users\***\Documents\ekonomi.xls
2013-06-30 12:11 - 2013-03-16 21:14 - 00000000 ____D C:\Users\***\Documents\Job
2013-06-29 20:51 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-29 20:32 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-06-29 20:22 - 2006-11-02 12:24 - 73381792 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-06-29 20:15 - 2009-02-15 11:13 - 00000000 ____D C:\Users\***\AppData\Roaming\Skype
2013-06-29 19:38 - 2013-06-29 19:39 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-29 19:38 - 2013-06-29 19:39 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-06-29 19:38 - 2013-06-29 19:39 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-06-29 19:38 - 2013-06-29 19:39 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-06-29 19:38 - 2012-07-28 17:19 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll
2013-06-29 19:38 - 2011-05-23 19:35 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-06-29 19:34 - 2009-02-05 18:56 - 00000000 ____D C:\Users\***\AppData\Local\Google
2013-06-16 22:01 - 2009-02-09 20:12 - 00000000 ____D C:\ProgramData\Roxio
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-14 09:31
==================== End Of Log ============================
|
|
14.07.2013, 18:40
| #8 |
| /// the machine /// TB-Ausbilder | Computer manchmal extrem langsam, "Server ist ausgelastet"-Meldung Logs sehen jetzt gut aus. Teste mal und melde dich wieder 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Computer manchmal extrem langsam, "Server ist ausgelastet"-Meldung |
| antivir, ausgelastet, avira, bho, bonjour, browser, computer, converter, desktop, firefox, flash player, helper, home, homepage, intranet, langsam, logfile, mozilla, plug-in, registry, scan, server, server ausgelastet computer langsam trojaner, software, starten, trojaner, vista, wiso |
Linear-Darstellung
