| |
| |||||||
Log-Analyse und Auswertung: dauernd 100% CPU-Auslastung durch svchost.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.09.2013, 19:08
| #1 |
 |  dauernd 100% CPU-Auslastung durch svchost.exe Hallo, ich hab ein Problem mit einem svchost.exe. Eine von diesen lastet mir permanent die CPU zu 100% aus. Wenn ich den betreffenden Prozess im Taskmanager schließe passiert erstmal nichts, außer daß die CPU-Auslastung drastisch zurückgeht. Sobald ich allerdings irgendwas tu, läuft dieser Prozeß wieder. Ich habe diverse Scans über mein System laufen lassen. Hier die logfiles: gmer: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-23 19:47:54
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200AAJS-08L7A0 rev.03.03E03 298,09GB
Running: gmer.exe; Driver: C:\Users\Kini\AppData\Local\Temp\pfxcauoc.sys
---- System - GMER 2.1 ----
SSDT 97A53D66 ZwCreateSection
SSDT 97A53D3E ZwCreateSymbolicLinkObject
SSDT 97A53D43 ZwLoadDriver
SSDT 97A53D39 ZwOpenSection
SSDT 97A53D70 ZwRequestWaitReplyPort
SSDT 97A53D6B ZwSetContextThread
SSDT 97A53D75 ZwSetSecurityObject
SSDT 97A53D48 ZwSetSystemInformation
SSDT 97A53D7A ZwSystemDebugControl
SSDT 97A53D07 ZwTerminateProcess
SSDT 97A53D02 ZwWriteVirtualMemory
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateKey [0x82C13FEC]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [82C13FEC] ZwCreateKey [0x82C13FEC]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenKey [0x82C13FF1]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [82C13FF1] ZwOpenKey [0x82C13FF1]
INT 0x03 \SystemRoot\system32\ntkrnlpa.exe[unknown section] 82C13FF6
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82C50A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C8A212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11BF 82C91554 3 Bytes [EC, 3F, C1]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82C9158C 4 Bytes [66, 3D, A5, 97] {CMP AX, 0x97a5}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11FF 82C91594 4 Bytes [3E, 3D, A5, 97]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1313 82C916A8 4 Bytes [43, 3D, A5, 97]
.text ntkrnlpa.exe!KeRemoveQueueEx + 137F 82C91714 3 Bytes [F1, 3F, C1]
.text ...
.text C:\Windows\system32\drivers\aksfridge.sys section is writeable [0x93579000, 0x4ADDD, 0xE0000020]
.init C:\Windows\system32\drivers\aksfridge.sys entry point in ".init" section [0x935D1224]
.init C:\Windows\system32\drivers\aksfridge.sys unknown last code section [0x935D1000, 0x4000, 0xE20000E0]
.text C:\Windows\system32\drivers\hardlock.sys section is writeable [0xAD43C400, 0x6F928, 0xE8000020]
.init C:\Windows\system32\drivers\hardlock.sys entry point in ".init" section [0xAD4BFA24]
.init C:\Windows\system32\drivers\hardlock.sys unknown last code section [0xAD4BF800, 0xEA00, 0xE20000E0]
---- User code sections - GMER 2.1 ----
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1568] msvcrt.dll!free 75939894 5 Bytes JMP 0A90D2D0 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1568] msvcrt.dll!malloc 75939CEE 5 Bytes JMP 0A90D230 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1568] msvcrt.dll!??3@YAXPAX@Z 7593B0B9 5 Bytes JMP 0A90D2D0 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1568] msvcrt.dll!??2@YAPAXI@Z 7593B0C9 5 Bytes JMP 0A90D480 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1568] msvcrt.dll!realloc 7593B10D 5 Bytes JMP 0A90D2B0 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1568] msvcrt.dll!calloc 7593C456 5 Bytes JMP 0A90D270 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1568] msvcrt.dll!_msize 7593F43B 5 Bytes JMP 0A90D2E0 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1568] msvcrt.dll!_aligned_free 75955942 5 Bytes JMP 0A90D2D0 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1568] msvcrt.dll!_aligned_malloc 7596028D 5 Bytes JMP 0A90D3C0 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1568] msvcrt.dll!_aligned_offset_malloc 759602A9 5 Bytes JMP 0A90D3E0 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1568] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 7598BFD1 5 Bytes JMP 0A90D500 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1568] msvcrt.dll!_aligned_offset_realloc 7598BFE1 5 Bytes JMP 0A90D420 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1568] msvcrt.dll!_aligned_realloc 7598C16B 5 Bytes JMP 0A90D400 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1568] msvcrt.dll!_expand 7598C18A 5 Bytes JMP 0A90D3A0 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1568] msvcrt.dll!_heapadd 7598DD03 5 Bytes JMP 0A90D550 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1568] msvcrt.dll!_heapchk 7598DD17 5 Bytes JMP 0A90D560 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1568] msvcrt.dll!_heapset + 1 7598DE16 4 Bytes JMP 0A90D581 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1568] msvcrt.dll!_heapmin 7598DE1F 5 Bytes JMP 0A90D650 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1568] msvcrt.dll!_heapused 7598DF05 5 Bytes JMP 0A90D620 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1568] msvcrt.dll!_heapwalk 7598DF18 5 Bytes JMP 0A90D590 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
---- Devices - GMER 2.1 ----
Device \Driver\partmgr \Device\PartmgrControl aksfridge.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{66AFC441-AD89-11E2-961D-806E6F6E6963} 1327168608
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{E1C5D70C-AD89-11E2-9B9E-4487FCD157D6} 30618248
---- EOF - GMER 2.1 ----
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-09-2013 01
Ran by Kini (administrator) on KINISEINGROSSER on 23-09-2013 18:29:56
Running from E:\Dokumente\Computer
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Ellora Assets Corp.) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
(SafeNet Inc.) C:\Windows\system32\hasplms.exe
() c:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Musicmatch, Inc.) C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Adobe Sytems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(RapidSolution Software AG) C:\Program Files\RapidSolution\Tunebite\Tunebite.exe
(Simplygen) C:\Program Files\HomeTab\ProtectedSearch.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\swriter.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-03] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [MMTray] - C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [131072 2004-08-29] (Musicmatch, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2508104 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [IJNetworkScanUtility] - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM\...\Run: [LexwareInfoService] - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [Adobe Version Cue CS2] - c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1603024 2013-08-29] (APN)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKCU\...\Run: [AnyDVD] - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [7032920 2013-04-10] (SlySoft, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19876456 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Tunebite] - C:\Program Files\RapidSolution\Tunebite\Tunebite.exe [4678960 2009-09-10] (RapidSolution Software AG)
MountPoints2: {66afc444-ad89-11e2-961d-806e6f6e6963} - M:\setup.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3DF75E140442CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119816&tt=gc_&babsrc=SP_ss&mntrId=2CBF4487FCD157D6
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119816&tt=gc_&babsrc=SP_ss&mntrId=2CBF4487FCD157D6
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: HomeTab - {a25e7121-3dd8-41b3-855b-756c5bc45449} - C:\Users\Kini\AppData\Roaming\HomeTab\HomeTab.dll (Simply Tech Ltd.)
BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll (RapidSolution Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKLM - HomeTab - {a25e7121-3dd8-41b3-855b-756c5bc45449} - C:\Users\Kini\AppData\Roaming\HomeTab\HomeTab.dll (Simply Tech Ltd.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 27 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Kini\AppData\Roaming\Mozilla\Firefox\Profiles\nbs63um4.default-1378379978201
FF Homepage: hxxp://www.counterstatistik.de/login.php
FF NetworkProxy: "autoconfig_url", "file:///C:/Users/Kini/Music/Temp/Tunebite/.downloading/profile/rrproxy_ffox_52406b4e.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Kini\AppData\Roaming\Mozilla\Firefox\Profiles\nbs63um4.default-1378379978201\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Kini\AppData\Roaming\Mozilla\Firefox\Profiles\nbs63um4.default-1378379978201\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF HKLM\...\Firefox\Extensions: [tunebite-firefox-surf-and-catch-extension@audials.com] - C:\Program Files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\
FF Extension: Tunebite Firefox Surf and Catch Plugin - C:\Program Files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\
Chrome:
=======
CHR HomePage: about:newtab?source=home
CHR RestoreOnStartup: "about:newtab?source=home"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Extension: (Ask Toolbar) - C:\Users\Kini\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaailpifkkekipiachodfkfmgmiapmp\21.51087_0
CHR Extension: (Google Docs) - C:\Users\Kini\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Kini\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (HomeTab) - C:\Users\Kini\AppData\Local\Google\Chrome\User Data\Default\Extensions\bddpogknpjlgfpbboediomaiiaecfajn\4.4_0
CHR Extension: (YouTube) - C:\Users\Kini\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Kini\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Freemake Video Converter) - C:\Users\Kini\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Kini\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Kini\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [aaaailpifkkekipiachodfkfmgmiapmp] - C:\ProgramData\AskPartnerNetwork\Toolbar\SGT-V7\CRX\ToolbarCR.crx
CHR HKLM\...\Chrome\Extension: [bddpogknpjlgfpbboediomaiiaecfajn] - C:\Program Files\HomeTab\chrome\HomeTab.crx
CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx
========================== Services (Whitelisted) =================
R2 Adobe Version Cue CS2; c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated)
R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [622648 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [164816 2013-08-29] (APN LLC.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-07-31] (Freemake)
R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-07-31] (Ellora Assets Corp.)
R2 hasplms; C:\Windows\system32\hasplms.exe [4412872 2012-08-23] (SafeNet Inc.)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
==================== Drivers (Whitelisted) ====================
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [365056 2012-08-07] (SafeNet Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [124504 2013-03-18] (SlySoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-26] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [605128 2012-09-27] (SafeNet Inc.)
R3 MxlW2k; C:\Windows\System32\Drivers\MxlW2k.sys [28352 2013-04-28] (MusicMatch, Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [428088 2013-04-26] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-26] (Avira GmbH)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [38816 2009-01-23] (RapidSolution Software AG)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-21 17:44 - 2013-09-21 17:44 - 00000000 ____D C:\Users\Kini\AppData\Local\stellarium
2013-09-21 11:41 - 2013-09-21 11:41 - 00000000 ____D C:\FRST
2013-09-21 08:39 - 2013-09-21 08:39 - 00000823 _____ C:\Users\Kini\Desktop\Asterix and Obelix XXL2.lnk
2013-09-21 08:39 - 2013-09-21 08:39 - 00000000 ____D C:\Users\Kini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Atari
2013-09-21 00:14 - 2013-09-21 00:14 - 00000000 ____D C:\Program Files\VIA
2013-09-20 23:26 - 2013-09-20 23:26 - 00000000 ____D C:\Program Files\Intel
2013-09-20 23:26 - 2013-09-20 23:26 - 00000000 ____D C:\Intel
2013-09-20 20:40 - 2013-09-20 20:40 - 98487876 _____ C:\Windows\system32\⠋᭄a
2013-09-19 18:18 - 2013-09-19 20:18 - 98395704 _____ C:\Windows\system32\槡늝᭄w
2013-09-19 05:01 - 2013-09-19 05:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-17 16:03 - 2013-09-17 20:02 - 98008335 _____ C:\Windows\system32\쉎筋᭄]
2013-09-14 07:32 - 2013-09-14 07:32 - 97519942 _____ C:\Windows\system32\탮믗᭄b
2013-09-12 21:22 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 21:22 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 21:22 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 21:22 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 21:22 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 21:22 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 18:35 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 18:35 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 18:35 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 18:35 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 18:35 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 18:35 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 18:35 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 18:35 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 20:36 - 2013-09-23 18:00 - 00007606 _____ C:\Users\Kini\AppData\Local\Resmon.ResmonCfg
2013-09-10 16:20 - 2013-09-10 20:20 - 96985259 _____ C:\Windows\system32\捜쳶᭄`
2013-09-09 19:58 - 2013-09-09 19:58 - 00000000 ____D C:\Users\Kini\AppData\Roaming\Games
2013-09-09 19:56 - 2013-09-09 19:57 - 00000000 ____D C:\ProgramData\Solidshield
2013-09-09 19:56 - 2013-09-09 19:56 - 00000000 ____D C:\ProgramData\InstallShield
2013-09-09 19:51 - 2013-09-09 19:51 - 00001306 _____ C:\Windows\DIFx.log
2013-09-09 19:51 - 2013-09-09 19:51 - 00000000 ____D C:\Windows\system32\AGEIA
2013-09-09 19:51 - 2013-09-09 19:51 - 00000000 ____D C:\Program Files\AGEIA Technologies
2013-09-09 19:50 - 2013-09-09 19:50 - 00000619 _____ C:\Users\Public\Desktop\Sherlock Holmes - Die Spur der Erwachten Remastered spielen.lnk
2013-09-09 19:48 - 2004-08-09 05:04 - 00073728 _____ (InstallShield Software Corporation) C:\Windows\system32\ISUSPM.cpl
2013-09-08 10:07 - 2013-09-08 10:07 - 96533415 _____ C:\Windows\system32\Ᏼ啌᭄q
2013-09-06 08:22 - 2013-09-06 22:23 - 96470395 _____ C:\Windows\system32\ᨛ抜᭄_
2013-09-05 12:40 - 2013-09-05 20:41 - 96185213 _____ C:\Windows\system32\殖脂᭄Z
2013-09-05 12:32 - 2013-09-05 12:47 - 00000000 ____D C:\Users\Kini\AppData\Local\Anvil Studio
2013-09-05 12:26 - 2013-09-05 12:26 - 00002585 _____ C:\Users\Public\Desktop\Anvil Studio.lnk
2013-09-05 12:26 - 2013-09-05 12:26 - 00000000 ____D C:\Program Files\Anvil Studio 2013
2013-09-05 12:25 - 2013-09-05 12:25 - 00000000 ____D C:\Users\Kini\AppData\Roaming\SimplyTech
2013-09-05 12:25 - 2013-09-05 12:25 - 00000000 ____D C:\Users\Kini\AppData\Roaming\HomeTab
2013-09-05 12:25 - 2013-09-05 12:25 - 00000000 ____D C:\Program Files\HomeTab
2013-09-05 12:25 - 2013-08-13 08:38 - 00032328 _____ C:\Windows\Launcher.exe
2013-09-05 12:23 - 2013-09-05 12:24 - 00000000 ____D C:\Users\Kini\AppData\Local\DownloadGuide
2013-09-05 10:40 - 2013-09-05 10:40 - 96029535 _____ C:\Windows\system32\챈蛕᭄h
2013-09-04 17:30 - 2013-09-04 21:30 - 95956132 _____ C:\Windows\system32\팞膱᭄v
2013-09-01 16:47 - 2013-09-01 16:47 - 00987960 _____ C:\Windows\Minidump\090113-18002-01.dmp
2013-08-28 22:19 - 2013-08-28 22:19 - 00000000 ____D C:\Windows\system32\RTCOM
2013-08-28 22:19 - 2013-08-28 22:19 - 00000000 ____D C:\Program Files\Realtek
2013-08-28 22:19 - 2013-03-29 21:42 - 02646088 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2013-08-28 22:19 - 2013-03-29 18:04 - 21170176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes.dat
2013-08-28 22:19 - 2013-03-29 17:51 - 00860208 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2013-08-28 22:19 - 2013-03-29 17:10 - 00449481 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-08-28 22:19 - 2013-03-27 16:57 - 00112200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2013-08-28 22:19 - 2013-03-26 17:06 - 02536008 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2013-08-28 22:19 - 2013-03-26 17:04 - 02386464 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2013-08-28 22:19 - 2013-03-26 15:40 - 03237448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2013-08-28 22:19 - 2013-03-26 14:38 - 01596488 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2013-08-28 22:19 - 2013-03-25 17:32 - 03180264 _____ C:\Windows\system32\Drivers\rtvienna.dat
2013-08-28 22:19 - 2013-03-23 03:43 - 00181960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2013-08-28 22:19 - 2013-03-21 00:26 - 13769496 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2013-08-28 22:19 - 2013-03-21 00:26 - 01931032 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2013-08-28 22:19 - 2013-03-20 13:17 - 08872216 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA.dll
2013-08-28 22:19 - 2013-03-20 13:17 - 01822488 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2013-08-28 22:19 - 2013-03-20 13:17 - 01656600 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek2.dll
2013-08-28 22:19 - 2013-03-20 13:17 - 00776984 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2013-08-28 22:19 - 2013-03-15 19:33 - 04335384 _____ (A-volute) C:\Windows\system32\RTKSMlfx.dll
2013-08-28 22:19 - 2013-03-15 19:32 - 00852824 _____ (A-Volute) C:\Windows\system32\RTKSMSettingsIPC.dll
2013-08-28 22:19 - 2013-03-08 12:51 - 00849968 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2013-08-28 22:19 - 2013-02-27 05:37 - 00699680 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt32.dll
2013-08-28 22:19 - 2013-02-27 05:37 - 00547104 _____ (SRS Labs, Inc.) C:\Windows\system32\sltech32.dll
2013-08-28 22:19 - 2013-02-27 05:37 - 00336672 _____ (SRS Labs, Inc.) C:\Windows\system32\sl3apo32.dll
2013-08-28 22:19 - 2013-02-27 05:37 - 00184608 _____ (TODO: <Company name>) C:\Windows\system32\slprp32.dll
2013-08-28 22:19 - 2013-02-19 18:52 - 00765000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2013-08-28 22:19 - 2013-01-17 19:32 - 00639256 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO50.dll
2013-08-28 22:19 - 2013-01-16 16:02 - 02079816 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2013-08-28 22:19 - 2012-12-12 11:17 - 00350664 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2013-08-28 22:19 - 2012-10-02 14:39 - 00426952 _____ (DTS) C:\Windows\system32\DTSU2PLFX32.dll
2013-08-28 22:19 - 2012-10-02 14:39 - 00402888 _____ (DTS) C:\Windows\system32\DTSU2PGFX32.dll
2013-08-28 22:19 - 2012-10-02 14:39 - 00346056 _____ (DTS) C:\Windows\system32\DTSU2PREC32.dll
2013-08-28 22:19 - 2012-09-10 20:06 - 00549240 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO40.dll
2013-08-28 22:19 - 2012-08-31 19:17 - 07162128 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP32A.dll
2013-08-28 22:19 - 2012-08-31 19:17 - 00352016 _____ (Dolby Laboratories) C:\Windows\system32\R4EED32A.dll
2013-08-28 22:19 - 2012-08-31 19:17 - 00106768 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL32A.dll
2013-08-28 22:19 - 2012-08-31 19:17 - 00091920 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA32A.dll
2013-08-28 22:19 - 2012-08-31 19:17 - 00062224 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG32A.dll
2013-08-28 22:19 - 2012-07-15 21:13 - 00349048 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2013-08-28 22:19 - 2012-06-20 17:26 - 00090624 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-08-28 22:19 - 2012-03-08 11:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2013-08-28 22:19 - 2012-01-30 11:42 - 00819648 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo2.dll
2013-08-28 22:19 - 2012-01-10 10:20 - 00058264 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\TepeqAPO.dll
2013-08-28 22:19 - 2011-11-22 16:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2013-08-28 22:19 - 2011-09-02 14:21 - 00214368 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK.dll
2013-08-28 22:19 - 2011-09-02 14:21 - 00074080 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM.dll
2013-08-28 22:19 - 2011-09-02 14:21 - 00068960 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO.dll
2013-08-28 22:19 - 2011-08-23 17:00 - 00357712 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 01509480 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 01292904 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 01220200 _____ (DTS) C:\Windows\system32\DTSBoostDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00654952 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00631400 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00601704 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00458344 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00389736 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00375400 _____ (DTS) C:\Windows\system32\DTSLimiterDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00218728 _____ (DTS) C:\Windows\system32\DTSGFXAPONS.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00218728 _____ (DTS) C:\Windows\system32\DTSGFXAPO.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00218216 _____ (DTS) C:\Windows\system32\DTSLFXAPO.dll
2013-08-28 22:19 - 2011-03-17 12:16 - 01379760 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2013-08-28 22:19 - 2011-03-07 17:03 - 00134584 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2013-08-28 22:19 - 2010-11-08 07:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2013-08-28 22:19 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2013-08-28 22:19 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2013-08-28 22:19 - 2010-11-08 07:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2013-08-28 22:19 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2013-08-28 22:19 - 2010-11-08 07:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2013-08-28 22:19 - 2010-09-27 09:34 - 00232792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2013-08-28 22:19 - 2009-12-04 15:43 - 00132368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2013-08-28 22:19 - 2009-11-24 09:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2013-08-28 22:19 - 2009-11-24 09:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2013-08-28 22:19 - 2009-11-24 09:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2013-08-28 22:19 - 2009-11-24 09:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2013-08-28 22:19 - 2009-11-18 18:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
==================== One Month Modified Files and Folders =======
2013-09-23 18:30 - 2009-07-14 06:39 - 05236462 _____ C:\Windows\setupact.log
2013-09-23 18:27 - 2013-04-25 11:23 - 01260354 _____ C:\Windows\WindowsUpdate.log
2013-09-23 18:24 - 2013-05-09 13:14 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-23 18:23 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-23 18:00 - 2013-09-11 20:36 - 00007606 _____ C:\Users\Kini\AppData\Local\Resmon.ResmonCfg
2013-09-23 18:00 - 2013-05-09 13:14 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-23 18:00 - 2013-04-27 11:31 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-23 17:24 - 2009-07-14 06:34 - 00022544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-23 17:24 - 2009-07-14 06:34 - 00022544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-23 17:17 - 2013-04-28 14:53 - 00000000 ____D C:\Users\Kini\AppData\Roaming\Skype
2013-09-22 08:04 - 2010-11-20 23:48 - 00072592 _____ C:\Windows\PFRO.log
2013-09-21 17:44 - 2013-09-21 17:44 - 00000000 ____D C:\Users\Kini\AppData\Local\stellarium
2013-09-21 17:00 - 2013-04-27 11:31 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-21 17:00 - 2013-04-27 11:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-21 11:41 - 2013-09-21 11:41 - 00000000 ____D C:\FRST
2013-09-21 09:13 - 2013-05-09 13:15 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-21 08:39 - 2013-09-21 08:39 - 00000823 _____ C:\Users\Kini\Desktop\Asterix and Obelix XXL2.lnk
2013-09-21 08:39 - 2013-09-21 08:39 - 00000000 ____D C:\Users\Kini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Atari
2013-09-21 08:39 - 2013-04-26 01:30 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-09-21 00:14 - 2013-09-21 00:14 - 00000000 ____D C:\Program Files\VIA
2013-09-20 23:26 - 2013-09-20 23:26 - 00000000 ____D C:\Program Files\Intel
2013-09-20 23:26 - 2013-09-20 23:26 - 00000000 ____D C:\Intel
2013-09-20 20:40 - 2013-09-20 20:40 - 98487876 _____ C:\Windows\system32\⠋᭄a
2013-09-20 19:08 - 2010-11-20 23:01 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-19 20:18 - 2013-09-19 18:18 - 98395704 _____ C:\Windows\system32\槡늝᭄w
2013-09-19 18:16 - 2013-04-26 00:32 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-19 05:17 - 2013-04-26 00:32 - 00000000 ____D C:\Users\Kini\AppData\Local\Mozilla
2013-09-19 05:01 - 2013-09-19 05:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-17 20:02 - 2013-09-17 16:03 - 98008335 _____ C:\Windows\system32\쉎筋᭄]
2013-09-17 19:59 - 2013-04-26 01:33 - 00000000 ____D C:\Users\Kini\MEDION NAS TOOL
2013-09-14 09:25 - 2013-06-22 12:22 - 00000000 ____D C:\Windows\rescache
2013-09-14 07:32 - 2013-09-14 07:32 - 97519942 _____ C:\Windows\system32\탮믗᭄b
2013-09-13 16:39 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-13 16:32 - 2009-07-14 06:33 - 00610632 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 16:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-12 21:21 - 2013-08-14 22:38 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 21:20 - 2013-05-21 08:19 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-10 20:20 - 2013-09-10 16:20 - 96985259 _____ C:\Windows\system32\捜쳶᭄`
2013-09-09 19:58 - 2013-09-09 19:58 - 00000000 ____D C:\Users\Kini\AppData\Roaming\Games
2013-09-09 19:57 - 2013-09-09 19:56 - 00000000 ____D C:\ProgramData\Solidshield
2013-09-09 19:56 - 2013-09-09 19:56 - 00000000 ____D C:\ProgramData\InstallShield
2013-09-09 19:51 - 2013-09-09 19:51 - 00001306 _____ C:\Windows\DIFx.log
2013-09-09 19:51 - 2013-09-09 19:51 - 00000000 ____D C:\Windows\system32\AGEIA
2013-09-09 19:51 - 2013-09-09 19:51 - 00000000 ____D C:\Program Files\AGEIA Technologies
2013-09-09 19:50 - 2013-09-09 19:50 - 00000619 _____ C:\Users\Public\Desktop\Sherlock Holmes - Die Spur der Erwachten Remastered spielen.lnk
2013-09-09 19:48 - 2013-04-26 01:30 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-09-08 21:47 - 2013-04-28 10:46 - 00000000 ____D C:\Users\Kini\AppData\Roaming\FileZilla
2013-09-08 21:42 - 2013-04-27 10:08 - 00000000 ____D C:\Users\Kini\AppData\Roaming\Audacity
2013-09-08 10:07 - 2013-09-08 10:07 - 96533415 _____ C:\Windows\system32\Ᏼ啌᭄q
2013-09-06 22:23 - 2013-09-06 08:22 - 96470395 _____ C:\Windows\system32\ᨛ抜᭄_
2013-09-05 20:41 - 2013-09-05 12:40 - 96185213 _____ C:\Windows\system32\殖脂᭄Z
2013-09-05 12:47 - 2013-09-05 12:32 - 00000000 ____D C:\Users\Kini\AppData\Local\Anvil Studio
2013-09-05 12:26 - 2013-09-05 12:26 - 00002585 _____ C:\Users\Public\Desktop\Anvil Studio.lnk
2013-09-05 12:26 - 2013-09-05 12:26 - 00000000 ____D C:\Program Files\Anvil Studio 2013
2013-09-05 12:25 - 2013-09-05 12:25 - 00000000 ____D C:\Users\Kini\AppData\Roaming\SimplyTech
2013-09-05 12:25 - 2013-09-05 12:25 - 00000000 ____D C:\Users\Kini\AppData\Roaming\HomeTab
2013-09-05 12:25 - 2013-09-05 12:25 - 00000000 ____D C:\Program Files\HomeTab
2013-09-05 12:24 - 2013-09-05 12:23 - 00000000 ____D C:\Users\Kini\AppData\Local\DownloadGuide
2013-09-05 10:40 - 2013-09-05 10:40 - 96029535 _____ C:\Windows\system32\챈蛕᭄h
2013-09-04 21:30 - 2013-09-04 17:30 - 95956132 _____ C:\Windows\system32\팞膱᭄v
2013-09-03 16:28 - 2013-05-06 10:48 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-03 16:28 - 2013-04-26 01:24 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-03 16:28 - 2013-04-26 01:24 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-01 16:47 - 2013-09-01 16:47 - 00987960 _____ C:\Windows\Minidump\090113-18002-01.dmp
2013-09-01 16:47 - 2013-07-21 08:45 - 341388226 _____ C:\Windows\MEMORY.DMP
2013-09-01 16:47 - 2013-07-21 08:45 - 00000000 ____D C:\Windows\Minidump
2013-08-28 22:19 - 2013-08-28 22:19 - 00000000 ____D C:\Windows\system32\RTCOM
2013-08-28 22:19 - 2013-08-28 22:19 - 00000000 ____D C:\Program Files\Realtek
2013-08-24 21:03 - 2013-04-26 10:32 - 00000000 ____D C:\Users\Kini\AppData\Local\Adobe
Some content of TEMP:
====================
C:\Users\Kini\AppData\Local\Temp\FreemakeVideoDownloader_3.5.3.3.exe
C:\Users\Kini\AppData\Local\Temp\_isD9BB.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-12 19:56
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-09-2013 01
Ran by Kini at 2013-09-23 18:30:37
Running from E:\Dokumente\Computer
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Adobe AIR (Version: 3.7.0.1530)
Adobe Bridge 1.0 (Version: 001.000.001)
Adobe Common File Installer (Version: 1.00.001)
Adobe Creative Suite 2
Adobe Download Assistant (Version: 1.2.5)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Help Center 1.0 (Version: 1.0.1)
Adobe Illustrator CS2 (Version: 12.000.000)
Adobe InDesign CS2 (Version: 004.000.000)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Photoshop Elements 2.0 (Version: 2.0)
Adobe Reader XI (11.0.04) - Deutsch (Version: 11.0.04)
Adobe Stock Photos 1.0 (Version: 1.0.1)
Adobe SVG Viewer 3.0 (Version: 3.0)
Adobe Version Cue CS2 (Version: 2.0)
Anvil Studio (Version: 13.08.01)
AnyDVD (Version: 7.1.8.0)
AquaSoft DiaShow 7 Ultimate (Version: 7.7.11)
AquaSoftware Eyedestructor 1.501 (Version: 1.501)
Ask Shopping Toolbar (Version: 12.4.0.1029)
Ask Toolbar (Version: 12.2.2.676)
Asterix and Obelix XXL2 (Version: 1.00.0000)
aTube Catcher (Version: 2.9.1501)
Audacity 2.0.3 (Version: 2.0.3)
Avidemux 2.6 (32-bit) (Version: 2.6.3.8518)
Avira Antivirus Premium (Version: 13.0.0.4052)
BlockCAD 3.19 (Version: 3.19)
Bundled software uninstaller
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 3.1
Canon MX340 series Benutzerregistrierung
Canon MX340 series MP Drivers
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
DVDStyler v2.4.3
easyHDR BASIC 2 (Version: 2.13.3)
FileZilla Client 3.7.3 (Version: 3.7.3)
Free Screen Video Recorder version 2.5.30.725 (Version: 2.5.30.725)
Freemake Video Converter Version 4.0.1 (Version: 4.0.1)
Freemake Video Downloader (Version: 3.5.3)
GIMP 2.8.4 (Version: 2.8.4)
Google Chrome (Version: 29.0.1547.76)
Google Earth (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.153)
HomeTab 4.4 (Version: 4.4)
jAlbum (Version: 11.2.1)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
LAME v3.99.3 (for Windows)
LEGO Digital Designer
Lexware Info Service (Version: 2.90.00.0009)
Luminance HDR 2.3.1
MEDION NAS TOOL
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
Mozilla Thunderbird 17.0.8 (x86 de) (Version: 17.0.8)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Musicmatch® Jukebox (Version: 9.00.0156)
NVIDIA GAME System Software 2.8.1 (Version: 2.8.1)
OpenOffice.org 3.4 (Version: 3.4.9590)
Paragon Partition Manager™ 12 Free (Version: 90.00.0003)
PDF Architect (Version: 1.1.83.9982)
PDF Split And Merge Basic (Version: 2.2.2)
PDFCreator (Version: 1.7.0)
Picturenaut 3.2 (Version: 3.2.0.1690)
PixiePack Codec Pack (Version: 1.0.100.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6873)
Sherlock Holmes - Die Spur der Erwachten Remastered (Version: 1.00.0777)
SILKYPIX Developer Studio 2.1 SE (Version: 2.1.0.2)
Skype™ 6.6 (Version: 6.6.106)
Spotify (HKCU Version: 0.9.0.129.g6978da9c)
Suite Specific (Version: 2.0.0)
TAXMAN 2013 (Version: 19.06.00.0003)
Tunebite (Version: 6.0.31728.2500)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Video Downloader (Version: 1.14)
Video Downloader version 2.0 (Version: 2.0)
WinPcap 4.1.2 (Version: 4.1.0.2001)
XAMPP 1.8.1-0 (Version: 1.8.1-0)
YTD Video Downloader 4.4 (Version: 4.4)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {1E7FF0A5-0465-4189-9BDA-E86162E81C40} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {33C872BC-E8E1-4BEC-8D4D-0DEFAE203599} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-20] (Microsoft Corporation)
Task: {4648E1F1-F0B1-4C04-A33A-AE270D2D829B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-09] (Google Inc.)
Task: {508CE812-F0C9-4A25-9BB4-538FB7D18297} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files\HomeTab\ProtectedSearch.exe [2013-08-13] (Simplygen)
Task: {86291118-796D-4674-BCAB-D72F084F3F2F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-21] (Adobe Systems Incorporated)
Task: {AFAF1CBD-0716-4405-B61E-D2C48D6A6CF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-09] (Google Inc.)
Task: {F774CFC2-F716-4239-89CA-B991A8723045} - System32\Tasks\Browser Updater\Browser Updater => C:\Program Files\HomeTab\TBUpdater.dll [2013-07-08] (Simply Tech Ltd.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-04-27 11:00 - 2013-03-15 18:38 - 00131160 _____ (SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll
2013-08-07 21:25 - 2013-08-07 21:25 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2013-04-28 10:50 - 2004-08-29 12:52 - 00434176 _____ () C:\Program Files\Musicmatch\Musicmatch Jukebox\CoreDll.dll
2013-04-28 10:50 - 2004-08-29 12:53 - 00495616 _____ (Sample Corporation) C:\Program Files\Musicmatch\Musicmatch Jukebox\MMVCP70.dll
2013-04-28 10:50 - 2004-08-29 12:53 - 00339968 _____ (Sample Corporation) C:\Program Files\Musicmatch\Musicmatch Jukebox\MMVCR70.dll
2013-04-28 10:50 - 2004-08-29 12:52 - 00122880 _____ () C:\Program Files\Musicmatch\Musicmatch Jukebox\TrackUtils.dll
2013-04-28 10:50 - 2004-08-29 12:52 - 00475264 _____ (Musicmatch, Inc.) C:\Program Files\Musicmatch\Musicmatch Jukebox\Enforce.dll
2013-04-28 10:50 - 2004-08-29 12:52 - 00385024 _____ (Musicmatch, Inc.) C:\Program Files\Musicmatch\Musicmatch Jukebox\SkinnedCtrls.dll
2013-04-28 10:50 - 2004-08-29 12:52 - 00106496 _____ (Musicmatch, Inc.) C:\Program Files\Musicmatch\Musicmatch Jukebox\MMReg.dll
2013-04-28 10:50 - 2004-08-29 12:52 - 00069632 _____ (Musicmatch, Inc.) C:\Program Files\Musicmatch\Musicmatch Jukebox\FileAssoc.dll
2013-04-29 16:53 - 2009-11-01 19:30 - 00077824 _____ (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMyRes.dll
2013-04-29 16:56 - 2009-09-28 17:52 - 00019968 _____ (CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNSU_DEU.DLL
2013-04-26 09:54 - 2009-10-09 15:01 - 00354816 _____ (CANON INC.) C:\Windows\system32\CNMNPPM.DLL
2011-07-28 16:30 - 2011-07-28 16:30 - 00184688 _____ (Haufe-Lexware GmbH & Co. KG) C:\Program Files\Common Files\Lexware\Update Manager\lxiuum20.dll
2011-02-11 18:44 - 2011-02-11 18:44 - 00086016 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc
2013-03-09 14:48 - 2013-03-09 14:48 - 00097176 _____ (Elaborate Bytes AG) C:\Windows\system32\ElbyCDIO.dll
2013-03-16 13:02 - 2013-03-16 13:02 - 01162840 _____ (SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\AnyDialog.dll
2013-06-21 10:57 - 2013-06-21 10:57 - 00088680 ____R (Skype Technologies) C:\Program Files\Skype\Updater\Updater.dll
2009-09-10 18:57 - 2009-09-10 18:57 - 00427312 _____ (hxxp://www.id3lib.org/) C:\Program Files\RapidSolution\Tunebite\id3libU.dll
2009-09-10 18:57 - 2009-09-10 18:57 - 03151152 _____ () C:\Program Files\RapidSolution\Tunebite\dllMiniplayU.dll
2009-09-10 18:53 - 2009-09-10 18:53 - 00540672 _____ () C:\Program Files\RapidSolution\Tunebite\SQLite3.dll
2009-09-10 18:53 - 2009-09-10 18:53 - 01413120 _____ (RapidSolution Software AG) C:\Program Files\RapidSolution\Tunebite\RSTagLib.dll
2009-09-10 18:53 - 2009-09-10 18:53 - 00372736 _____ () C:\Program Files\RapidSolution\Tunebite\libfaad2.dll
2009-09-10 18:53 - 2009-09-10 18:53 - 00266240 _____ () C:\Program Files\RapidSolution\Tunebite\libFLAC_dynamic.dll
2009-09-10 18:53 - 2009-09-10 18:53 - 00122880 _____ () C:\Program Files\RapidSolution\Tunebite\libFLAC++_dynamic.dll
2009-09-10 18:58 - 2009-09-10 18:58 - 01455408 _____ () C:\Program Files\RapidSolution\Tunebite\StreamingClient.dll
2009-07-28 18:16 - 2009-07-28 18:16 - 00061440 _____ () C:\Program Files\RapidSolution\Tunebite\boost_thread-vc80-mt-1_39.dll
2009-07-28 18:16 - 2009-07-28 18:16 - 00057344 _____ () C:\Program Files\RapidSolution\Tunebite\boost_date_time-vc80-mt-1_39.dll
2009-07-28 18:16 - 2009-07-28 18:16 - 00012288 _____ () C:\Program Files\RapidSolution\Tunebite\boost_system-vc80-mt-1_39.dll
2009-09-10 18:58 - 2009-09-10 18:58 - 01365296 _____ (RapidSolution Software AG) C:\Program Files\RapidSolution\Tunebite\update.dll
2009-09-10 18:57 - 2009-09-10 18:57 - 02086192 _____ (RapidSolution Software AG) C:\Program Files\RapidSolution\Tunebite\EncodingBackend.dll
2009-09-10 18:53 - 2009-09-10 18:53 - 00212992 _____ (RapidSolution Software AG) C:\Program Files\RapidSolution\Tunebite\MediaFinalizer.dll
2009-09-10 18:56 - 2009-09-10 18:56 - 00503808 _____ (RapidSolution Software AG) C:\Program Files\RapidSolution\Tunebite\lang\de.dll
2009-09-10 18:53 - 2009-09-10 18:53 - 00028672 _____ (RapidSolution Software AG) C:\Program Files\RapidSolution\Tunebite\lang\EncodingBackend\de.dll
2009-07-14 02:03 - 2009-07-14 03:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\imaadp32.acm
2009-07-14 02:03 - 2009-07-14 03:14 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\msg711.acm
2009-07-14 02:03 - 2009-07-14 03:14 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\msgsm32.acm
2009-07-14 02:03 - 2009-07-14 03:14 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\msadp32.acm
2009-07-14 02:07 - 2009-07-14 03:14 - 00064000 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2009-09-10 18:52 - 2009-09-10 18:52 - 00040960 _____ () C:\Program Files\RapidSolution\Tunebite\lang\miniplay\de.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00386328 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\WebRip.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00505112 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\BadJojo.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00496920 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\BlipTV.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00501016 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\DailyMotion.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00505112 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\MetaCafe.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00566552 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\MusicLoad.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00509208 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\MySpace.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00521496 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\MyVideo.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00492824 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\PornoTube.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 01537304 _____ (RapidSolution Software AG) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\RadioRip.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00156952 _____ (RapidSolution Software AG) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\PlgIJigg.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00177432 _____ (RapidSolution Software AG) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\PlgImeem.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00136472 _____ (RapidSolution Software AG) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\PlgLastfm.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00156952 _____ (RapidSolution Software AG) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\PlgPandora.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00242968 _____ (RapidSolution Software AG) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\PlgSoundclick.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00496920 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\RedTube.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00488728 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\ROFL.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00501016 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\SevenLoad.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00509208 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\Tangle.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00505112 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\TimTube.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00496920 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\YouPorn.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00292120 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\YouTube.dll
2013-09-05 12:25 - 2013-08-13 08:38 - 00100352 _____ () C:\Program Files\HomeTab\InstallHelper.dll
2013-09-05 12:25 - 2013-08-13 08:38 - 00152136 _____ (Simply Tech Ltd.) C:\Program Files\HomeTab\cinshlpr.dll
2013-09-05 12:25 - 2013-06-27 07:14 - 00923720 _____ () C:\Program Files\HomeTab\System.Data.SQLite.dll
2012-04-13 12:04 - 2012-04-13 12:04 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2012-04-13 12:00 - 2012-04-13 12:00 - 00180224 _____ (The cURL library, hxxp://curl.haxx.se/) C:\Program Files\OpenOffice.org 3\program\libcurl.dll
2012-04-13 12:00 - 2012-04-13 12:00 - 00170496 _____ () C:\Program Files\OpenOffice.org 3\program\libxslt.dll
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/23/2013 06:24:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/23/2013 06:02:51 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Procmon.exe, Version: 3.5.0.0, Zeitstempel: 0x519b927b
Name des fehlerhaften Moduls: Procmon.exe, Version: 3.5.0.0, Zeitstempel: 0x519b927b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000b10da
ID des fehlerhaften Prozesses: 0x1564
Startzeit der fehlerhaften Anwendung: 0xProcmon.exe0
Pfad der fehlerhaften Anwendung: Procmon.exe1
Pfad des fehlerhaften Moduls: Procmon.exe2
Berichtskennung: Procmon.exe3
Error: (09/23/2013 05:59:37 PM) (Source: Application Hang) (User: )
Description: Programm Skype.exe, Version 6.6.60.106 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 830
Startzeit: 01ceb86fea4d843d
Endzeit: 123
Anwendungspfad: C:\Program Files\Skype\Phone\Skype.exe
Berichts-ID:
Error: (09/23/2013 05:17:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/22/2013 07:27:05 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(\\?\Volume{66afc441-ad89-11e2-961d-806e6f6e6963} - 000000BC,0x0053c008,00029FA8,0,0002AFB0,4096,[0])". hr = 0x80070079, Das Zeitlimit für die Semaphore wurde erreicht.
.
Vorgang:
EndPrepareSnapshots wird verarbeitet
Kontext:
Ausführungskontext: System Provider
Error: (09/22/2013 07:14:42 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde nicht erfolgreich abgeschlossen, da eine Schattenkopie nicht erstellt werden konnte. Löschen Sie auf dem zu sichernden Laufwerk nicht benötigte Dateien, um Speicherplatz freizugeben, und wiederholen Sie den Vorgang.
Error: (09/22/2013 05:05:48 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: wmprph.exe, Version: 12.0.7600.16385, Zeitstempel: 0x4a5bccac
Name des fehlerhaften Moduls: wmp.dll, Version: 12.0.7601.17514, Zeitstempel: 0x4ce7ba7f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00480fc4
ID des fehlerhaften Prozesses: 0xa78
Startzeit der fehlerhaften Anwendung: 0xwmprph.exe0
Pfad der fehlerhaften Anwendung: wmprph.exe1
Pfad des fehlerhaften Moduls: wmprph.exe2
Berichtskennung: wmprph.exe3
Error: (09/22/2013 00:36:34 PM) (Source: Application Hang) (User: )
Description: Programm Skype.exe, Version 6.6.60.106 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 9a4
Startzeit: 01ceb759a316bf79
Endzeit: 223
Anwendungspfad: C:\Program Files\Skype\Phone\Skype.exe
Berichts-ID: d5dedf49-2372-11e3-b6fd-4487fcd157d6
Error: (09/22/2013 08:05:03 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/21/2013 04:33:35 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {6ccd5e48-3064-49fa-a29d-4732efe3537d}
System errors:
=============
Error: (09/23/2013 06:24:58 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (09/23/2013 06:24:58 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (09/23/2013 05:17:46 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (09/22/2013 07:27:05 PM) (Source: volsnap) (User: )
Description: Die Schattenkopie des erstellten Volumes "C:" konnte nicht installiert werden.
Error: (09/22/2013 05:29:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/22/2013 05:18:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/22/2013 08:11:20 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (09/22/2013 08:05:41 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (09/21/2013 04:08:02 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (09/21/2013 04:07:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Freemake Improver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Microsoft Office Sessions:
=========================
Error: (09/23/2013 06:24:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/23/2013 06:02:51 PM) (Source: Application Error)(User: )
Description: Procmon.exe3.5.0.0519b927bProcmon.exe3.5.0.0519b927bc0000005000b10da156401ceb8764d866eb8E:\Dokumente\Computer\portable\PortableApps\ProcessMonitorPortable\App\ProcessMonitor\Procmon.exeE:\Dokumente\Computer\portable\PortableApps\ProcessMonitorPortable\App\ProcessMonitor\Procmon.exe98860d80-2469-11e3-b9dd-4487fcd157d6
Error: (09/23/2013 05:59:37 PM) (Source: Application Hang)(User: )
Description: Skype.exe6.6.60.10683001ceb86fea4d843d123C:\Program Files\Skype\Phone\Skype.exe
Error: (09/23/2013 05:17:08 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/22/2013 07:27:05 PM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{66afc441-ad89-11e2-961d-806e6f6e6963} - 000000BC,0x0053c008,00029FA8,0,0002AFB0,4096,[0])0x80070079, Das Zeitlimit für die Semaphore wurde erreicht.
Vorgang:
EndPrepareSnapshots wird verarbeitet
Kontext:
Ausführungskontext: System Provider
Error: (09/22/2013 07:14:42 PM) (Source: Windows Backup)(User: )
Description: Bei der Erstellung einer Schattenkopie ist eine Zeitüberschreitung aufgetreten. Wiederholen Sie diesen Vorgang. (0x81000101)
Error: (09/22/2013 05:05:48 PM) (Source: Application Error)(User: )
Description: wmprph.exe12.0.7600.163854a5bccacwmp.dll12.0.7601.175144ce7ba7fc000000500480fc4a7801ceb7a4efbe08bdC:\Program Files\Windows Media Player\wmprph.exeC:\Windows\system32\wmp.dll75d94368-2398-11e3-b6fd-4487fcd157d6
Error: (09/22/2013 00:36:34 PM) (Source: Application Hang)(User: )
Description: Skype.exe6.6.60.1069a401ceb759a316bf79223C:\Program Files\Skype\Phone\Skype.exed5dedf49-2372-11e3-b6fd-4487fcd157d6
Error: (09/22/2013 08:05:03 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/21/2013 04:33:35 PM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {6ccd5e48-3064-49fa-a29d-4732efe3537d}
==================== Memory info ===========================
Percentage of memory in use: 38%
Total physical RAM: 3197.24 MB
Available physical RAM: 1972.59 MB
Total Pagefile: 6392.77 MB
Available Pagefile: 4841.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:32.23 GB) (Free:2.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:265.76 GB) (Free:21.24 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 000C6A20)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=32 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=266 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:32 on 23/09/2013 (Kini)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
avira hat keinen Virus gefunden. Vor ein paar Tagen ist mir aufgefallen, daß Avira ausgeschaltet war, obwohl ich das ganz sicher nicht selbst gemacht habe. Für den gmer-Scan konnte ich avira nicht deaktivieren, es kam die Fehlermeldung, ich müßte Admistrator sein, um das zu tun. Nachdem ich mir dann für mein Benutzerkonto ein Passwort gesetzt habe, hat avira meinen Befehl angenommen. Bin für jede Hilfe dankbar. Kini |
|
24.09.2013, 04:59
| #2 | |
| /// the machine /// TB-Ausbilder    | dauernd 100% CPU-Auslastung durch svchost.exe hi,
__________________Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
24.09.2013, 15:45
| #3 |
| | dauernd 100% CPU-Auslastung durch svchost.exe Combofix wollte keinen Neustart...
__________________Code:
ATTFilter ComboFix 13-09-24.02 - Kini 24.09.2013 15:59:42.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3197.2209 [GMT 2:00]
ausgeführt von:: e:\dokumente\Computer\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kini\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
c:\users\Kini\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\windows\IsUn0407.exe
c:\windows\system32\SET99FA.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-08-24 bis 2013-09-24 ))))))))))))))))))))))))))))))
.
.
2013-09-24 14:09 . 2013-09-24 14:10 -------- d-----w- c:\users\Kini\AppData\Local\temp
2013-09-24 14:09 . 2013-09-24 14:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-21 15:44 . 2013-09-21 15:44 -------- d-----w- c:\users\Kini\AppData\Local\stellarium
2013-09-21 09:41 . 2013-09-21 09:41 -------- d-----w- C:\FRST
2013-09-20 22:14 . 2013-09-20 22:14 -------- d-----w- c:\program files\VIA
2013-09-20 21:26 . 2013-09-20 21:26 -------- d-----w- c:\program files\Intel
2013-09-20 21:26 . 2013-09-20 21:26 -------- d-----w- C:\Intel
2013-09-09 17:58 . 2013-09-09 17:58 -------- d-----w- c:\users\Kini\AppData\Roaming\Games
2013-09-09 17:56 . 2013-09-09 17:57 -------- d-----w- c:\programdata\Solidshield
2013-09-09 17:56 . 2013-09-09 17:56 -------- d-----w- c:\programdata\InstallShield
2013-09-09 17:51 . 2013-09-09 17:51 -------- d-----w- c:\windows\system32\AGEIA
2013-09-09 17:51 . 2013-09-09 17:51 -------- d-----w- c:\program files\AGEIA Technologies
2013-09-09 17:48 . 2004-08-09 03:04 73728 ----a-w- c:\windows\system32\ISUSPM.cpl
2013-09-09 17:48 . 2004-08-09 03:03 221184 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
2013-09-09 17:48 . 2004-08-09 03:03 385024 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\_ispmres.dll
2013-09-09 17:48 . 2004-08-09 03:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
2013-09-09 17:48 . 2004-08-09 03:03 368640 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\_isusres.dll
2013-09-09 17:48 . 2004-08-09 03:03 512000 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\agent.exe
2013-09-09 17:48 . 2004-08-09 03:02 217088 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISDM.exe
2013-09-09 17:46 . 2004-10-22 00:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2013-09-09 17:46 . 2004-10-22 00:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2013-09-09 17:46 . 2004-10-22 00:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2013-09-09 17:46 . 2004-10-22 00:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2013-09-09 17:46 . 2004-10-22 00:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2013-09-09 17:46 . 2013-09-09 17:46 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2013-09-09 17:46 . 2013-09-09 17:46 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2013-09-05 10:32 . 2013-09-05 10:47 -------- d-----w- c:\users\Kini\AppData\Local\Anvil Studio
2013-09-05 10:26 . 2013-09-05 10:26 -------- d-----w- c:\program files\Anvil Studio 2013
2013-09-05 10:25 . 2013-09-05 10:25 -------- d-----w- c:\users\Kini\AppData\Roaming\SimplyTech
2013-09-05 10:25 . 2013-09-05 10:25 -------- d-----w- c:\users\Kini\AppData\Roaming\HomeTab
2013-09-05 10:25 . 2013-09-05 10:25 -------- d-----w- c:\program files\HomeTab
2013-09-05 10:25 . 2013-08-13 06:38 32328 ----a-w- c:\windows\Launcher.exe
2013-09-05 10:23 . 2013-09-05 10:24 -------- d-----w- c:\users\Kini\AppData\Local\DownloadGuide
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-21 15:00 . 2013-04-27 09:31 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-21 15:00 . 2013-04-27 09:31 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-03 14:28 . 2013-05-06 08:48 66144 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-09-03 14:28 . 2013-04-25 23:24 88840 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-09-03 14:28 . 2013-04-25 23:24 136672 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-08-08 09:52 . 2013-08-08 09:52 773968 ----a-w- c:\windows\system32\msvcr100.dll
2013-08-08 09:52 . 2013-08-08 09:52 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-07-25 08:57 . 2013-08-14 20:15 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-19 01:41 . 2013-08-14 20:15 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-09 05:03 . 2013-08-14 20:15 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-09 05:03 . 2013-08-14 20:15 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-09 04:53 . 2013-08-14 20:15 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-07-09 04:52 . 2013-08-14 20:15 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 04:50 . 2013-08-14 20:15 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 04:46 . 2013-08-14 20:15 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 04:46 . 2013-08-14 20:15 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 04:46 . 2013-08-14 20:15 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-06 05:05 . 2013-08-14 20:15 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-29 17:53 . 2013-06-29 17:53 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-29 17:53 . 2013-06-03 22:41 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-29 17:53 . 2013-06-03 22:41 789416 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2013-04-10 7032920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-21 19876456]
"Tunebite"="c:\program files\RapidSolution\Tunebite\Tunebite.exe" [2009-09-10 4678960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-09-03 347192]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-08-29 131072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-01 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-06 856064]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"ApnTBMon"="c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-08-29 1603024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 110592]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2013-07-31 101888]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-04-25 37352]
S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2013-09-03 622648]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-09-03 84024]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-09-03 815160]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-08-29 164816]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\Freemake\CaptureLib\CaptureLibService.exe [2013-07-31 9216]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-02-11 35088]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\PDF Architect\HelperService.exe [2013-04-08 1320496]
S2 PDF Architect Service;PDF Architect Service;c:\program files\PDF Architect\ConversionService.exe [2013-04-08 799280]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-21 07:01 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 13:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-27 15:00]
.
2013-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-09 11:14]
.
2013-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-09 11:14]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:newtab
mStart Page = about:newtab
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Kini\AppData\Roaming\Mozilla\firefox\Profiles\nbs63um4.default-1378379978201\
FF - prefs.js: browser.startup.homepage - hxxp://www.counterstatistik.de/login.php
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: 2013-08-10 10:34; tunebite-firefox-surf-and-catch-extension@audials.com; c:\program files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com
FF - ExtSQL: 2013-09-05 14:45; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Kini\AppData\Roaming\Mozilla\Firefox\Profiles\nbs63um4.default-1378379978201\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-09-05 14:46; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Kini\AppData\Roaming\Mozilla\Firefox\Profiles\nbs63um4.default-1378379978201\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Photoshop Elements 2.0 - c:\windows\ISUN0407.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1679163233-2589811110-745578018-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{a25e7121-3dd8-41b3-855b-756c5bc45449}]
@Denied: (A 2) (Administrators)
@Denied: (A 2) (S-1-5-21-1679163233-2589811110-745578018-1000)
"Flags"=dword:00000400
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-09-24 16:17:26
ComboFix-quarantined-files.txt 2013-09-24 14:17
.
Vor Suchlauf: 3.085.778.944 Bytes frei
Nach Suchlauf: 3.455.873.024 Bytes frei
.
- - End Of File - - A2F88CEB9BDA13B4FC027EF4566F2AD4
A36C5E4F47E84449FF07ED3517B43A31
|
|
24.09.2013, 19:12
| #4 |
| /// the machine /// TB-Ausbilder | dauernd 100% CPU-Auslastung durch svchost.exe Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.09.2013, 21:06
| #5 |
| | dauernd 100% CPU-Auslastung durch svchost.exe So, ich hab jetzt alles durch: Malwarebyte: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.24.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16686 Kini :: KINISEINGROSSER [Administrator] 24.09.2013 21:01:42 mbam-log-2013-09-24 (21-01-42).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 199078 Laufzeit: 5 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Program Files\HomeTab\ProtectedSearch.exe (PUP.Optional.HomeTab.A) -> 3168 -> Löschen bei Neustart. Infizierte Speichermodule: 2 C:\Program Files\HomeTab\cinshlpr.dll (PUP.Optional.HomeTab.A) -> Löschen bei Neustart. C:\Program Files\HomeTab\InstallHelper.dll (PUP.Optional.HomeTab.A) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 6 HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{327b0f8c-49d9-466c-a8ab-0c30310a3ad0}_is1 (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{3c98be86-cf79-4484-a2b2-dfe1ee126592} (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\wtb.NotificationSource.1 (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\wtb.NotificationSource (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 9 C:\Users\Kini\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Kini\AppData\Roaming\SimplyTech\home (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\HomeTab (PUP.Optional.HomeTab.A) -> Löschen bei Neustart. C:\Program Files\HomeTab\chrome (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\HomeTab\support@HomeTab.com (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\HomeTab\support@HomeTab.com\chrome (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\HomeTab\support@HomeTab.com\components (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\HomeTab\support@HomeTab.com\plugins (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeTab (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 36 C:\ProgramData\YTD Video Downloader\ytd_installer.exe (PUP.Optional.BundledToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Kini\AppData\Roaming\DVDVideoSoft\FreeScreenVideoRecorder.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Kini\AppData\Local\DownloadGuide\Offers\hometab.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Kini\AppData\Local\DownloadGuide\Offers\plus-hd-3-8.exe (Adware.Packed.Ranver) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Kini\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Kini\AppData\Roaming\SimplyTech\home\home.htm (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Kini\AppData\Roaming\SimplyTech\home\jquery-ui-1.10.1.custom.min.js (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Kini\AppData\Roaming\SimplyTech\home\jquiso.js (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Kini\AppData\Roaming\SimplyTech\home\style.css (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Kini\AppData\Roaming\SimplyTech\home\vars.js (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\HomeTab\Microsoft.Win32.TaskScheduler.xml (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\HomeTab\cinshlpr.dll (PUP.Optional.HomeTab.A) -> Löschen bei Neustart. C:\Program Files\HomeTab\hometab_icon.ico (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\HomeTab\InstallHelper.dll (PUP.Optional.HomeTab.A) -> Löschen bei Neustart. C:\Program Files\HomeTab\Interop.IWshRuntimeLibrary.dll (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\HomeTab\Microsoft.Win32.TaskScheduler.dll (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\HomeTab\ProtectedSearch.exe (PUP.Optional.HomeTab.A) -> Löschen bei Neustart. C:\Program Files\HomeTab\ProtectedSearch.ico (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\HomeTab\STInst32.dll (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\HomeTab\STInst32.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\HomeTab\System.Data.SQLite.dll (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\HomeTab\TaskSchedulerCreator.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\HomeTab\TBUpdater.dll (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\HomeTab\ToolbarUninstall.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\HomeTab\unins000.dat (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\HomeTab\unins000.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\HomeTab\chrome\HomeTab.crx (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\HomeTab\support@HomeTab.com\chrome.manifest (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\HomeTab\support@HomeTab.com\install.js (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\HomeTab\support@HomeTab.com\install.rdf (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\HomeTab\support@HomeTab.com\pop.htm (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\HomeTab\support@HomeTab.com\chrome\HomeTab_6787.jar (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\HomeTab\support@HomeTab.com\components\wtb_complete.js (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\HomeTab\support@HomeTab.com\plugins\npwiddit.dll (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeTab\Protected Search Settings.lnk (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Kini\AppData\Roaming\HomeTab\HomeTab.dll (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v3.005 - Bericht erstellt am 24/09/2013 um 21:41:08
# Updated 22/09/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Kini - KINISEINGROSSER
# Gestartet von : E:\Dokumente\Computer\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\Kini\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\Kini\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Kini\AppData\LocalLow\HomeTab
Ordner Gelöscht : C:\Users\Kini\AppData\LocalLow\SimplyTech
Ordner Gelöscht : C:\Users\Kini\AppData\Roaming\HomeTab
Ordner Gelöscht : C:\Users\Kini\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Kini\AppData\Roaming\SimplyTech
Ordner Gelöscht : C:\Users\Kini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video downloader
Ordner Gelöscht : C:\Program Files\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Datei Gelöscht : C:\Windows\System32\Tasks\Browser Updater
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\HomeTab.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\59558c8fb634b945
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3FC27B34-0C19-49DA-875E-1875DDD4A6B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A928E66C-F501-4E66-9953-855C712F93B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
[#] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A25E7121-3DD8-41B3-855B-756C5BC45449}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\HomeTab
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\simplytech
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video downloader
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16686
-\\ Mozilla Firefox v24.0 (de)
[ Datei : C:\Users\Kini\AppData\Roaming\Mozilla\Firefox\Profiles\ck1ir88r.default\prefs.js ]
[ Datei : C:\Users\Kini\AppData\Roaming\Mozilla\Firefox\Profiles\nbs63um4.default-1378379978201\prefs.js ]
*************************
AdwCleaner[R0].txt - [4605 octets] - [24/09/2013 21:25:05]
AdwCleaner[S0].txt - [4473 octets] - [24/09/2013 21:41:08]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4533 octets] ##########
und JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.2 (09.22.2013:1)
OS: Windows 7 Professional x86
Ran by Kini on 24.09.2013 at 21:48:26,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1679163233-2589811110-745578018-1000\Software\SweetIM
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
~~~ FireFox
Emptied folder: C:\Users\Kini\AppData\Roaming\mozilla\firefox\profiles\nbs63um4.default-1378379978201\minidumps [2 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.09.2013 at 21:50:24,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-09-2013 01
Ran by Kini (administrator) on KINISEINGROSSER on 24-09-2013 21:52:00
Running from E:\Dokumente\Computer
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Ellora Assets Corp.) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
(SafeNet Inc.) C:\Windows\system32\hasplms.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
() c:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Musicmatch, Inc.) C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Adobe Sytems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
(RapidSolution Software AG) C:\Program Files\RapidSolution\Tunebite\Tunebite.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-03] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [MMTray] - C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [131072 2004-08-29] (Musicmatch, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2508104 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [IJNetworkScanUtility] - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM\...\Run: [LexwareInfoService] - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [Adobe Version Cue CS2] - c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [AnyDVD] - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [7032920 2013-04-10] (SlySoft, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19876456 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Tunebite] - C:\Program Files\RapidSolution\Tunebite\Tunebite.exe [4678960 2009-09-10] (RapidSolution Software AG)
HKCU\...\Policies\Explorer: [NoDrives] 0
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3DF75E140442CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll (RapidSolution Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 27 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Kini\AppData\Roaming\Mozilla\Firefox\Profiles\nbs63um4.default-1378379978201
FF Homepage: hxxp://www.counterstatistik.de/login.php
FF NetworkProxy: "autoconfig_url", "file:///C:/Users/Kini/Music/Temp/Tunebite/.downloading/profile/rrproxy_ffox_5241ebcf.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Kini\AppData\Roaming\Mozilla\Firefox\Profiles\nbs63um4.default-1378379978201\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Kini\AppData\Roaming\Mozilla\Firefox\Profiles\nbs63um4.default-1378379978201\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF HKLM\...\Firefox\Extensions: [tunebite-firefox-surf-and-catch-extension@audials.com] - C:\Program Files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\
FF Extension: Tunebite Firefox Surf and Catch Plugin - C:\Program Files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\
========================== Services (Whitelisted) =================
R2 Adobe Version Cue CS2; c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated)
R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [622648 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [164816 2013-08-29] (APN LLC.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-07-31] (Freemake)
R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-07-31] (Ellora Assets Corp.)
R2 hasplms; C:\Windows\system32\hasplms.exe [4412872 2012-08-23] (SafeNet Inc.)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
==================== Drivers (Whitelisted) ====================
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [365056 2012-08-07] (SafeNet Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [124504 2013-03-18] (SlySoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-26] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [605128 2012-09-27] (SafeNet Inc.)
R3 MxlW2k; C:\Windows\System32\Drivers\MxlW2k.sys [28352 2013-04-28] (MusicMatch, Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [428088 2013-04-26] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-26] (Avira GmbH)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [38816 2009-01-23] (RapidSolution Software AG)
S3 catchme; \??\C:\Users\Kini\AppData\Local\Temp\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-24 21:50 - 2013-09-24 21:50 - 00001307 _____ C:\Users\Kini\Desktop\JRT.txt
2013-09-24 21:48 - 2013-09-24 21:48 - 00000000 ____D C:\Windows\ERUNT
2013-09-24 21:24 - 2013-09-24 21:41 - 00000000 ____D C:\AdwCleaner
2013-09-24 20:55 - 2013-09-24 20:55 - 00001067 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-24 20:55 - 2013-09-24 20:55 - 00000000 ____D C:\Users\Kini\AppData\Roaming\Malwarebytes
2013-09-24 20:55 - 2013-09-24 20:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-24 20:55 - 2013-09-24 20:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-24 20:55 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-24 16:17 - 2013-09-24 16:17 - 00013288 _____ C:\ComboFix.txt
2013-09-24 15:57 - 2013-09-24 16:17 - 00000000 ____D C:\Qoobox
2013-09-24 15:57 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-24 15:57 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-24 15:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-24 15:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-24 15:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-24 15:57 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-24 15:57 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-24 15:57 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-24 15:56 - 2013-09-24 16:15 - 00000000 ____D C:\Windows\erdnt
2013-09-23 21:17 - 2013-09-23 21:17 - 98685961 _____ C:\Windows\system32\䷅갨᭄b
2013-09-23 18:32 - 2013-09-23 18:32 - 00000020 _____ C:\Users\Kini\defogger_reenable
2013-09-21 17:44 - 2013-09-21 17:44 - 00000000 ____D C:\Users\Kini\AppData\Local\stellarium
2013-09-21 11:41 - 2013-09-21 11:41 - 00000000 ____D C:\FRST
2013-09-21 08:39 - 2013-09-21 08:39 - 00000823 _____ C:\Users\Kini\Desktop\Asterix and Obelix XXL2.lnk
2013-09-21 08:39 - 2013-09-21 08:39 - 00000000 ____D C:\Users\Kini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Atari
2013-09-21 00:14 - 2013-09-21 00:14 - 00000000 ____D C:\Program Files\VIA
2013-09-20 23:26 - 2013-09-20 23:26 - 00000000 ____D C:\Program Files\Intel
2013-09-20 23:26 - 2013-09-20 23:26 - 00000000 ____D C:\Intel
2013-09-20 20:40 - 2013-09-20 20:40 - 98487876 _____ C:\Windows\system32\⠋᭄a
2013-09-19 18:18 - 2013-09-19 20:18 - 98395704 _____ C:\Windows\system32\槡늝᭄w
2013-09-19 05:01 - 2013-09-19 05:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-17 16:03 - 2013-09-17 20:02 - 98008335 _____ C:\Windows\system32\쉎筋᭄]
2013-09-14 07:32 - 2013-09-14 07:32 - 97519942 _____ C:\Windows\system32\탮믗᭄b
2013-09-12 21:22 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 21:22 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 21:22 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 21:22 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 21:22 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 21:22 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 18:35 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 18:35 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 18:35 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 18:35 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 18:35 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 18:35 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 18:35 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 18:35 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 20:36 - 2013-09-23 18:00 - 00007606 _____ C:\Users\Kini\AppData\Local\Resmon.ResmonCfg
2013-09-10 16:20 - 2013-09-10 20:20 - 96985259 _____ C:\Windows\system32\捜쳶᭄`
2013-09-09 19:58 - 2013-09-09 19:58 - 00000000 ____D C:\Users\Kini\AppData\Roaming\Games
2013-09-09 19:56 - 2013-09-09 19:57 - 00000000 ____D C:\ProgramData\Solidshield
2013-09-09 19:56 - 2013-09-09 19:56 - 00000000 ____D C:\ProgramData\InstallShield
2013-09-09 19:51 - 2013-09-09 19:51 - 00001306 _____ C:\Windows\DIFx.log
2013-09-09 19:51 - 2013-09-09 19:51 - 00000000 ____D C:\Windows\system32\AGEIA
2013-09-09 19:51 - 2013-09-09 19:51 - 00000000 ____D C:\Program Files\AGEIA Technologies
2013-09-09 19:50 - 2013-09-09 19:50 - 00000619 _____ C:\Users\Public\Desktop\Sherlock Holmes - Die Spur der Erwachten Remastered spielen.lnk
2013-09-09 19:48 - 2004-08-09 05:04 - 00073728 _____ (InstallShield Software Corporation) C:\Windows\system32\ISUSPM.cpl
2013-09-08 10:07 - 2013-09-08 10:07 - 96533415 _____ C:\Windows\system32\Ᏼ啌᭄q
2013-09-06 08:22 - 2013-09-06 22:23 - 96470395 _____ C:\Windows\system32\ᨛ抜᭄_
2013-09-05 12:40 - 2013-09-05 20:41 - 96185213 _____ C:\Windows\system32\殖脂᭄Z
2013-09-05 12:32 - 2013-09-05 12:47 - 00000000 ____D C:\Users\Kini\AppData\Local\Anvil Studio
2013-09-05 12:26 - 2013-09-05 12:26 - 00002585 _____ C:\Users\Public\Desktop\Anvil Studio.lnk
2013-09-05 12:26 - 2013-09-05 12:26 - 00000000 ____D C:\Program Files\Anvil Studio 2013
2013-09-05 12:25 - 2013-08-13 08:38 - 00032328 _____ C:\Windows\Launcher.exe
2013-09-05 10:40 - 2013-09-05 10:40 - 96029535 _____ C:\Windows\system32\챈蛕᭄h
2013-09-04 17:30 - 2013-09-04 21:30 - 95956132 _____ C:\Windows\system32\팞膱᭄v
2013-09-01 16:47 - 2013-09-01 16:47 - 00987960 _____ C:\Windows\Minidump\090113-18002-01.dmp
2013-08-28 22:19 - 2013-08-28 22:19 - 00000000 ____D C:\Windows\system32\RTCOM
2013-08-28 22:19 - 2013-08-28 22:19 - 00000000 ____D C:\Program Files\Realtek
2013-08-28 22:19 - 2013-03-29 21:42 - 02646088 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2013-08-28 22:19 - 2013-03-29 18:04 - 21170176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes.dat
2013-08-28 22:19 - 2013-03-29 17:51 - 00860208 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2013-08-28 22:19 - 2013-03-29 17:10 - 00449481 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-08-28 22:19 - 2013-03-27 16:57 - 00112200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2013-08-28 22:19 - 2013-03-26 17:06 - 02536008 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2013-08-28 22:19 - 2013-03-26 17:04 - 02386464 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2013-08-28 22:19 - 2013-03-26 15:40 - 03237448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2013-08-28 22:19 - 2013-03-26 14:38 - 01596488 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2013-08-28 22:19 - 2013-03-25 17:32 - 03180264 _____ C:\Windows\system32\Drivers\rtvienna.dat
2013-08-28 22:19 - 2013-03-23 03:43 - 00181960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2013-08-28 22:19 - 2013-03-21 00:26 - 13769496 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2013-08-28 22:19 - 2013-03-21 00:26 - 01931032 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2013-08-28 22:19 - 2013-03-20 13:17 - 08872216 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA.dll
2013-08-28 22:19 - 2013-03-20 13:17 - 01822488 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2013-08-28 22:19 - 2013-03-20 13:17 - 01656600 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek2.dll
2013-08-28 22:19 - 2013-03-20 13:17 - 00776984 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2013-08-28 22:19 - 2013-03-15 19:33 - 04335384 _____ (A-volute) C:\Windows\system32\RTKSMlfx.dll
2013-08-28 22:19 - 2013-03-15 19:32 - 00852824 _____ (A-Volute) C:\Windows\system32\RTKSMSettingsIPC.dll
2013-08-28 22:19 - 2013-03-08 12:51 - 00849968 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2013-08-28 22:19 - 2013-02-27 05:37 - 00699680 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt32.dll
2013-08-28 22:19 - 2013-02-27 05:37 - 00547104 _____ (SRS Labs, Inc.) C:\Windows\system32\sltech32.dll
2013-08-28 22:19 - 2013-02-27 05:37 - 00336672 _____ (SRS Labs, Inc.) C:\Windows\system32\sl3apo32.dll
2013-08-28 22:19 - 2013-02-27 05:37 - 00184608 _____ (TODO: <Company name>) C:\Windows\system32\slprp32.dll
2013-08-28 22:19 - 2013-02-19 18:52 - 00765000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2013-08-28 22:19 - 2013-01-17 19:32 - 00639256 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO50.dll
2013-08-28 22:19 - 2013-01-16 16:02 - 02079816 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2013-08-28 22:19 - 2012-12-12 11:17 - 00350664 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2013-08-28 22:19 - 2012-10-02 14:39 - 00426952 _____ (DTS) C:\Windows\system32\DTSU2PLFX32.dll
2013-08-28 22:19 - 2012-10-02 14:39 - 00402888 _____ (DTS) C:\Windows\system32\DTSU2PGFX32.dll
2013-08-28 22:19 - 2012-10-02 14:39 - 00346056 _____ (DTS) C:\Windows\system32\DTSU2PREC32.dll
2013-08-28 22:19 - 2012-09-10 20:06 - 00549240 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO40.dll
2013-08-28 22:19 - 2012-08-31 19:17 - 07162128 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP32A.dll
2013-08-28 22:19 - 2012-08-31 19:17 - 00352016 _____ (Dolby Laboratories) C:\Windows\system32\R4EED32A.dll
2013-08-28 22:19 - 2012-08-31 19:17 - 00106768 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL32A.dll
2013-08-28 22:19 - 2012-08-31 19:17 - 00091920 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA32A.dll
2013-08-28 22:19 - 2012-08-31 19:17 - 00062224 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG32A.dll
2013-08-28 22:19 - 2012-07-15 21:13 - 00349048 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2013-08-28 22:19 - 2012-06-20 17:26 - 00090624 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-08-28 22:19 - 2012-03-08 11:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2013-08-28 22:19 - 2012-01-30 11:42 - 00819648 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo2.dll
2013-08-28 22:19 - 2012-01-10 10:20 - 00058264 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\TepeqAPO.dll
2013-08-28 22:19 - 2011-11-22 16:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2013-08-28 22:19 - 2011-09-02 14:21 - 00214368 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK.dll
2013-08-28 22:19 - 2011-09-02 14:21 - 00074080 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM.dll
2013-08-28 22:19 - 2011-09-02 14:21 - 00068960 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO.dll
2013-08-28 22:19 - 2011-08-23 17:00 - 00357712 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 01509480 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 01292904 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 01220200 _____ (DTS) C:\Windows\system32\DTSBoostDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00654952 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00631400 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00601704 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00458344 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00389736 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00375400 _____ (DTS) C:\Windows\system32\DTSLimiterDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00218728 _____ (DTS) C:\Windows\system32\DTSGFXAPONS.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00218728 _____ (DTS) C:\Windows\system32\DTSGFXAPO.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00218216 _____ (DTS) C:\Windows\system32\DTSLFXAPO.dll
2013-08-28 22:19 - 2011-03-17 12:16 - 01379760 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2013-08-28 22:19 - 2011-03-07 17:03 - 00134584 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2013-08-28 22:19 - 2010-11-08 07:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2013-08-28 22:19 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2013-08-28 22:19 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2013-08-28 22:19 - 2010-11-08 07:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2013-08-28 22:19 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2013-08-28 22:19 - 2010-11-08 07:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2013-08-28 22:19 - 2010-09-27 09:34 - 00232792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2013-08-28 22:19 - 2009-12-04 15:43 - 00132368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2013-08-28 22:19 - 2009-11-24 09:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2013-08-28 22:19 - 2009-11-24 09:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2013-08-28 22:19 - 2009-11-24 09:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2013-08-28 22:19 - 2009-11-24 09:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2013-08-28 22:19 - 2009-11-18 18:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
==================== One Month Modified Files and Folders =======
2013-09-24 21:50 - 2013-09-24 21:50 - 00001307 _____ C:\Users\Kini\Desktop\JRT.txt
2013-09-24 21:49 - 2009-07-14 06:34 - 00022544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-24 21:49 - 2009-07-14 06:34 - 00022544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-24 21:48 - 2013-09-24 21:48 - 00000000 ____D C:\Windows\ERUNT
2013-09-24 21:46 - 2013-04-28 14:53 - 00000000 ____D C:\Users\Kini\AppData\Roaming\Skype
2013-09-24 21:45 - 2013-04-25 11:23 - 01302695 _____ C:\Windows\WindowsUpdate.log
2013-09-24 21:44 - 2013-05-09 13:14 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-24 21:42 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-24 21:42 - 2009-07-14 06:39 - 06532678 _____ C:\Windows\setupact.log
2013-09-24 21:41 - 2013-09-24 21:24 - 00000000 ____D C:\AdwCleaner
2013-09-24 21:13 - 2010-11-20 23:48 - 00084242 _____ C:\Windows\PFRO.log
2013-09-24 21:13 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\PLA
2013-09-24 21:08 - 2013-08-10 10:18 - 00000000 ____D C:\Users\Kini\AppData\Roaming\DVDVideoSoft
2013-09-24 21:00 - 2013-05-09 13:14 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-24 21:00 - 2013-04-27 11:31 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-24 20:55 - 2013-09-24 20:55 - 00001067 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-24 20:55 - 2013-09-24 20:55 - 00000000 ____D C:\Users\Kini\AppData\Roaming\Malwarebytes
2013-09-24 20:55 - 2013-09-24 20:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-24 20:55 - 2013-09-24 20:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-24 16:17 - 2013-09-24 16:17 - 00013288 _____ C:\ComboFix.txt
2013-09-24 16:17 - 2013-09-24 15:57 - 00000000 ____D C:\Qoobox
2013-09-24 16:17 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-09-24 16:17 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-09-24 16:15 - 2013-09-24 15:56 - 00000000 ____D C:\Windows\erdnt
2013-09-24 16:10 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-09-23 21:17 - 2013-09-23 21:17 - 98685961 _____ C:\Windows\system32\䷅갨᭄b
2013-09-23 18:32 - 2013-09-23 18:32 - 00000020 _____ C:\Users\Kini\defogger_reenable
2013-09-23 18:32 - 2013-04-26 00:22 - 00000000 ____D C:\Users\Kini
2013-09-23 18:00 - 2013-09-11 20:36 - 00007606 _____ C:\Users\Kini\AppData\Local\Resmon.ResmonCfg
2013-09-21 17:44 - 2013-09-21 17:44 - 00000000 ____D C:\Users\Kini\AppData\Local\stellarium
2013-09-21 17:00 - 2013-04-27 11:31 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-21 17:00 - 2013-04-27 11:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-21 11:41 - 2013-09-21 11:41 - 00000000 ____D C:\FRST
2013-09-21 09:13 - 2013-05-09 13:15 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-21 08:39 - 2013-09-21 08:39 - 00000823 _____ C:\Users\Kini\Desktop\Asterix and Obelix XXL2.lnk
2013-09-21 08:39 - 2013-09-21 08:39 - 00000000 ____D C:\Users\Kini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Atari
2013-09-21 08:39 - 2013-04-26 01:30 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-09-21 00:14 - 2013-09-21 00:14 - 00000000 ____D C:\Program Files\VIA
2013-09-20 23:26 - 2013-09-20 23:26 - 00000000 ____D C:\Program Files\Intel
2013-09-20 23:26 - 2013-09-20 23:26 - 00000000 ____D C:\Intel
2013-09-20 20:40 - 2013-09-20 20:40 - 98487876 _____ C:\Windows\system32\⠋᭄a
2013-09-20 19:08 - 2010-11-20 23:01 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-19 20:18 - 2013-09-19 18:18 - 98395704 _____ C:\Windows\system32\槡늝᭄w
2013-09-19 18:16 - 2013-04-26 00:32 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-19 05:17 - 2013-04-26 00:32 - 00000000 ____D C:\Users\Kini\AppData\Local\Mozilla
2013-09-19 05:01 - 2013-09-19 05:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-17 20:02 - 2013-09-17 16:03 - 98008335 _____ C:\Windows\system32\쉎筋᭄]
2013-09-17 19:59 - 2013-04-26 01:33 - 00000000 ____D C:\Users\Kini\MEDION NAS TOOL
2013-09-14 09:25 - 2013-06-22 12:22 - 00000000 ____D C:\Windows\rescache
2013-09-14 07:32 - 2013-09-14 07:32 - 97519942 _____ C:\Windows\system32\탮믗᭄b
2013-09-13 16:39 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-13 16:32 - 2009-07-14 06:33 - 00610632 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 16:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-12 21:21 - 2013-08-14 22:38 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 21:20 - 2013-05-21 08:19 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-10 20:20 - 2013-09-10 16:20 - 96985259 _____ C:\Windows\system32\捜쳶᭄`
2013-09-09 19:58 - 2013-09-09 19:58 - 00000000 ____D C:\Users\Kini\AppData\Roaming\Games
2013-09-09 19:57 - 2013-09-09 19:56 - 00000000 ____D C:\ProgramData\Solidshield
2013-09-09 19:56 - 2013-09-09 19:56 - 00000000 ____D C:\ProgramData\InstallShield
2013-09-09 19:51 - 2013-09-09 19:51 - 00001306 _____ C:\Windows\DIFx.log
2013-09-09 19:51 - 2013-09-09 19:51 - 00000000 ____D C:\Windows\system32\AGEIA
2013-09-09 19:51 - 2013-09-09 19:51 - 00000000 ____D C:\Program Files\AGEIA Technologies
2013-09-09 19:50 - 2013-09-09 19:50 - 00000619 _____ C:\Users\Public\Desktop\Sherlock Holmes - Die Spur der Erwachten Remastered spielen.lnk
2013-09-09 19:48 - 2013-04-26 01:30 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-09-08 21:47 - 2013-04-28 10:46 - 00000000 ____D C:\Users\Kini\AppData\Roaming\FileZilla
2013-09-08 21:42 - 2013-04-27 10:08 - 00000000 ____D C:\Users\Kini\AppData\Roaming\Audacity
2013-09-08 10:07 - 2013-09-08 10:07 - 96533415 _____ C:\Windows\system32\Ᏼ啌᭄q
2013-09-06 22:23 - 2013-09-06 08:22 - 96470395 _____ C:\Windows\system32\ᨛ抜᭄_
2013-09-05 20:41 - 2013-09-05 12:40 - 96185213 _____ C:\Windows\system32\殖脂᭄Z
2013-09-05 12:47 - 2013-09-05 12:32 - 00000000 ____D C:\Users\Kini\AppData\Local\Anvil Studio
2013-09-05 12:26 - 2013-09-05 12:26 - 00002585 _____ C:\Users\Public\Desktop\Anvil Studio.lnk
2013-09-05 12:26 - 2013-09-05 12:26 - 00000000 ____D C:\Program Files\Anvil Studio 2013
2013-09-05 10:40 - 2013-09-05 10:40 - 96029535 _____ C:\Windows\system32\챈蛕᭄h
2013-09-04 21:30 - 2013-09-04 17:30 - 95956132 _____ C:\Windows\system32\팞膱᭄v
2013-09-03 16:28 - 2013-05-06 10:48 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-03 16:28 - 2013-04-26 01:24 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-03 16:28 - 2013-04-26 01:24 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-01 16:47 - 2013-09-01 16:47 - 00987960 _____ C:\Windows\Minidump\090113-18002-01.dmp
2013-09-01 16:47 - 2013-07-21 08:45 - 341388226 _____ C:\Windows\MEMORY.DMP
2013-09-01 16:47 - 2013-07-21 08:45 - 00000000 ____D C:\Windows\Minidump
2013-08-28 22:19 - 2013-08-28 22:19 - 00000000 ____D C:\Windows\system32\RTCOM
2013-08-28 22:19 - 2013-08-28 22:19 - 00000000 ____D C:\Program Files\Realtek
Some content of TEMP:
====================
C:\Users\Kini\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-24 20:40
==================== End Of Log ============================
und Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-09-2013 01 Ran by Kini at 2013-09-24 21:52:33 Running from E:\Dokumente\Computer Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe AIR (Version: 3.7.0.1530) Adobe Bridge 1.0 (Version: 001.000.001) Adobe Common File Installer (Version: 1.00.001) Adobe Creative Suite 2 Adobe Download Assistant (Version: 1.2.5) Adobe Flash Player 11 ActiveX (Version: 11.8.800.175) Adobe Flash Player 11 Plugin (Version: 11.8.800.168) Adobe Help Center 1.0 (Version: 1.0.1) Adobe Illustrator CS2 (Version: 12.000.000) Adobe InDesign CS2 (Version: 004.000.000) Adobe Photoshop CS2 (Version: 9.0) Adobe Reader XI (11.0.04) - Deutsch (Version: 11.0.04) Adobe Stock Photos 1.0 (Version: 1.0.1) Adobe SVG Viewer 3.0 (Version: 3.0) Adobe Version Cue CS2 (Version: 2.0) Anvil Studio (Version: 13.08.01) AnyDVD (Version: 7.1.8.0) AquaSoft DiaShow 7 Ultimate (Version: 7.7.11) AquaSoftware Eyedestructor 1.501 (Version: 1.501) Ask Shopping Toolbar (Version: 12.4.0.1029) Ask Toolbar (Version: 12.2.2.676) Asterix and Obelix XXL2 (Version: 1.00.0000) aTube Catcher (Version: 2.9.1501) Audacity 2.0.3 (Version: 2.0.3) Avidemux 2.6 (32-bit) (Version: 2.6.3.8518) Avira Antivirus Premium (Version: 13.0.0.4052) BlockCAD 3.19 (Version: 3.19) Canon Easy-WebPrint EX Canon IJ Network Scan Utility Canon IJ Network Tool Canon MP Navigator EX 3.1 Canon MX340 series Benutzerregistrierung Canon MX340 series MP Drivers Canon Utilities Easy-PhotoPrint EX Canon Utilities My Printer Canon Utilities Solution Menu DVDStyler v2.4.3 easyHDR BASIC 2 (Version: 2.13.3) FileZilla Client 3.7.3 (Version: 3.7.3) Free Screen Video Recorder version 2.5.30.725 (Version: 2.5.30.725) Freemake Video Converter Version 4.0.1 (Version: 4.0.1) Freemake Video Downloader (Version: 3.5.3) GIMP 2.8.4 (Version: 2.8.4) Google Chrome (Version: 29.0.1547.76) Google Earth (Version: 7.1.1.1888) jAlbum (Version: 11.2.1) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) LAME v3.99.3 (for Windows) LEGO Digital Designer Lexware Info Service (Version: 2.90.00.0009) Luminance HDR 2.3.1 Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) MEDION NAS TOOL Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Mozilla Firefox 24.0 (x86 de) (Version: 24.0) Mozilla Maintenance Service (Version: 24.0) Mozilla Thunderbird 17.0.8 (x86 de) (Version: 17.0.8) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Musicmatch® Jukebox (Version: 9.00.0156) NVIDIA GAME System Software 2.8.1 (Version: 2.8.1) OpenOffice.org 3.4 (Version: 3.4.9590) Paragon Partition Manager™ 12 Free (Version: 90.00.0003) PDF Architect (Version: 1.1.83.9982) PDF Split And Merge Basic (Version: 2.2.2) PDFCreator (Version: 1.7.0) Picturenaut 3.2 (Version: 3.2.0.1690) PixiePack Codec Pack (Version: 1.0.100.0) Realtek High Definition Audio Driver (Version: 6.0.1.6873) Sherlock Holmes - Die Spur der Erwachten Remastered (Version: 1.00.0777) SILKYPIX Developer Studio 2.1 SE (Version: 2.1.0.2) Skype™ 6.6 (Version: 6.6.106) Spotify (HKCU Version: 0.9.0.129.g6978da9c) Suite Specific (Version: 2.0.0) TAXMAN 2013 (Version: 19.06.00.0003) Tunebite (Version: 6.0.31728.2500) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Video Downloader version 2.0 (Version: 2.0) WinPcap 4.1.2 (Version: 4.1.0.2001) XAMPP 1.8.1-0 (Version: 1.8.1-0) YTD Video Downloader 4.4 (Version: 4.4) ==================== Restore Points ========================= 24-09-2013 18:47:05 Geplanter Prüfpunkt ==================== Hosts content: ========================== 2009-07-14 04:04 - 2013-09-24 16:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started Task: {1E7FF0A5-0465-4189-9BDA-E86162E81C40} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation) Task: {33C872BC-E8E1-4BEC-8D4D-0DEFAE203599} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-20] (Microsoft Corporation) Task: {4648E1F1-F0B1-4C04-A33A-AE270D2D829B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-09] (Google Inc.) Task: {508CE812-F0C9-4A25-9BB4-538FB7D18297} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files\HomeTab\ProtectedSearch.exe Task: {86291118-796D-4674-BCAB-D72F084F3F2F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-21] (Adobe Systems Incorporated) Task: {AFAF1CBD-0716-4405-B61E-D2C48D6A6CF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-09] (Google Inc.) Task: {F774CFC2-F716-4239-89CA-B991A8723045} - \Browser Updater\Browser Updater No Task File Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-04-28 10:50 - 2004-08-29 12:52 - 00434176 _____ () C:\Program Files\Musicmatch\Musicmatch Jukebox\CoreDll.dll 2013-04-28 10:50 - 2004-08-29 12:53 - 00495616 _____ (Sample Corporation) C:\Program Files\Musicmatch\Musicmatch Jukebox\MMVCP70.dll 2013-04-28 10:50 - 2004-08-29 12:53 - 00339968 _____ (Sample Corporation) C:\Program Files\Musicmatch\Musicmatch Jukebox\MMVCR70.dll 2013-04-28 10:50 - 2004-08-29 12:52 - 00122880 _____ () C:\Program Files\Musicmatch\Musicmatch Jukebox\TrackUtils.dll 2013-04-28 10:50 - 2004-08-29 12:52 - 00475264 _____ (Musicmatch, Inc.) C:\Program Files\Musicmatch\Musicmatch Jukebox\Enforce.dll 2013-04-28 10:50 - 2004-08-29 12:52 - 00385024 _____ (Musicmatch, Inc.) C:\Program Files\Musicmatch\Musicmatch Jukebox\SkinnedCtrls.dll 2013-04-28 10:50 - 2004-08-29 12:52 - 00106496 _____ (Musicmatch, Inc.) C:\Program Files\Musicmatch\Musicmatch Jukebox\MMReg.dll 2013-04-28 10:50 - 2004-08-29 12:52 - 00069632 _____ (Musicmatch, Inc.) C:\Program Files\Musicmatch\Musicmatch Jukebox\FileAssoc.dll 2013-04-29 16:53 - 2009-11-01 19:30 - 00077824 _____ (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMyRes.dll 2013-04-29 16:56 - 2009-09-28 17:52 - 00019968 _____ (CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNSU_DEU.DLL 2013-04-26 09:54 - 2009-10-09 15:01 - 00354816 _____ (CANON INC.) C:\Windows\system32\CNMNPPM.DLL 2013-04-27 11:00 - 2013-03-15 18:38 - 00131160 _____ (SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll 2011-07-28 16:30 - 2011-07-28 16:30 - 00184688 _____ (Haufe-Lexware GmbH & Co. KG) C:\Program Files\Common Files\Lexware\Update Manager\lxiuum20.dll 2011-02-11 18:44 - 2011-02-11 18:44 - 00086016 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc 2013-03-09 14:48 - 2013-03-09 14:48 - 00097176 _____ (Elaborate Bytes AG) C:\Windows\system32\ElbyCDIO.dll 2013-03-16 13:02 - 2013-03-16 13:02 - 01162840 _____ (SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\AnyDialog.dll 2009-09-10 18:57 - 2009-09-10 18:57 - 00427312 _____ (hxxp://www.id3lib.org/) C:\Program Files\RapidSolution\Tunebite\id3libU.dll 2009-09-10 18:57 - 2009-09-10 18:57 - 03151152 _____ () C:\Program Files\RapidSolution\Tunebite\dllMiniplayU.dll 2009-09-10 18:53 - 2009-09-10 18:53 - 00540672 _____ () C:\Program Files\RapidSolution\Tunebite\SQLite3.dll 2009-09-10 18:53 - 2009-09-10 18:53 - 01413120 _____ (RapidSolution Software AG) C:\Program Files\RapidSolution\Tunebite\RSTagLib.dll 2009-09-10 18:53 - 2009-09-10 18:53 - 00372736 _____ () C:\Program Files\RapidSolution\Tunebite\libfaad2.dll 2009-09-10 18:53 - 2009-09-10 18:53 - 00266240 _____ () C:\Program Files\RapidSolution\Tunebite\libFLAC_dynamic.dll 2009-09-10 18:53 - 2009-09-10 18:53 - 00122880 _____ () C:\Program Files\RapidSolution\Tunebite\libFLAC++_dynamic.dll 2009-09-10 18:58 - 2009-09-10 18:58 - 01455408 _____ () C:\Program Files\RapidSolution\Tunebite\StreamingClient.dll 2009-07-28 18:16 - 2009-07-28 18:16 - 00061440 _____ () C:\Program Files\RapidSolution\Tunebite\boost_thread-vc80-mt-1_39.dll 2009-07-28 18:16 - 2009-07-28 18:16 - 00057344 _____ () C:\Program Files\RapidSolution\Tunebite\boost_date_time-vc80-mt-1_39.dll 2009-07-28 18:16 - 2009-07-28 18:16 - 00012288 _____ () C:\Program Files\RapidSolution\Tunebite\boost_system-vc80-mt-1_39.dll 2009-09-10 18:58 - 2009-09-10 18:58 - 01365296 _____ (RapidSolution Software AG) C:\Program Files\RapidSolution\Tunebite\update.dll 2009-09-10 18:57 - 2009-09-10 18:57 - 02086192 _____ (RapidSolution Software AG) C:\Program Files\RapidSolution\Tunebite\EncodingBackend.dll 2009-09-10 18:53 - 2009-09-10 18:53 - 00212992 _____ (RapidSolution Software AG) C:\Program Files\RapidSolution\Tunebite\MediaFinalizer.dll 2009-09-10 18:56 - 2009-09-10 18:56 - 00503808 _____ (RapidSolution Software AG) C:\Program Files\RapidSolution\Tunebite\lang\de.dll 2009-09-10 18:53 - 2009-09-10 18:53 - 00028672 _____ (RapidSolution Software AG) C:\Program Files\RapidSolution\Tunebite\lang\EncodingBackend\de.dll 2009-07-14 02:03 - 2009-07-14 03:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\imaadp32.acm 2009-07-14 02:03 - 2009-07-14 03:14 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\msg711.acm 2009-07-14 02:03 - 2009-07-14 03:14 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\msgsm32.acm 2009-07-14 02:03 - 2009-07-14 03:14 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\msadp32.acm 2009-07-14 02:07 - 2009-07-14 03:14 - 00064000 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm 2009-09-10 18:52 - 2009-09-10 18:52 - 00040960 _____ () C:\Program Files\RapidSolution\Tunebite\lang\miniplay\de.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00386328 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\WebRip.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00505112 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\BadJojo.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00496920 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\BlipTV.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00501016 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\DailyMotion.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00505112 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\MetaCafe.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00566552 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\MusicLoad.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00509208 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\MySpace.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00521496 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\MyVideo.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00492824 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\PornoTube.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 01537304 _____ (RapidSolution Software AG) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\RadioRip.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00156952 _____ (RapidSolution Software AG) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\PlgIJigg.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00177432 _____ (RapidSolution Software AG) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\PlgImeem.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00136472 _____ (RapidSolution Software AG) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\PlgLastfm.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00156952 _____ (RapidSolution Software AG) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\PlgPandora.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00242968 _____ (RapidSolution Software AG) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\PlgSoundclick.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00496920 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\RedTube.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00488728 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\ROFL.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00501016 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\SevenLoad.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00509208 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\Tangle.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00505112 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\TimTube.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00496920 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\YouPorn.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00292120 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\YouTube.dll 2013-08-07 21:25 - 2013-08-07 21:25 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 31% Total physical RAM: 3197.24 MB Available physical RAM: 2183.97 MB Total Pagefile: 6392.77 MB Available Pagefile: 5014.71 MB Total Virtual: 2047.88 MB Available Virtual: 1897.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:32.23 GB) (Free:3.22 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: () (Fixed) (Total:265.76 GB) (Free:36.29 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 000C6A20) Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Active) - (Size=32 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=266 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
|
25.09.2013, 12:17
| #6 |
| /// the machine /// TB-Ausbilder | dauernd 100% CPU-Auslastung durch svchost.exeESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> dauernd 100% CPU-Auslastung durch svchost.exe |
|
26.09.2013, 07:33
| #7 |
| | dauernd 100% CPU-Auslastung durch svchost.exe Über Nacht ist ESET dann doch noch fertig geworden. Ich war nur mit dem Deinstallieren zu voreilig, ich find die log-Datei nimmer. Ich hab sie mir aber anbgesehen, und da stand drin: Code:
ATTFilter all ok
Code:
ATTFilter Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 25 Adobe Flash Player 11.8.800.168 Adobe Reader XI Mozilla Firefox (24.0) Mozilla Thunderbird (17.0.8) Google Chrome 29.0.1547.66 Google Chrome 29.0.1547.76 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Das Programm meldet: Your Version is outdated... Kini Jetzt ist auch FRST da: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-09-2013
Ran by Kini (administrator) on KINISEINGROSSER on 26-09-2013 08:13:41
Running from E:\Dokumente\Computer
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Ellora Assets Corp.) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
(SafeNet Inc.) C:\Windows\system32\hasplms.exe
() c:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Musicmatch, Inc.) C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Adobe Sytems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
(RapidSolution Software AG) C:\Program Files\RapidSolution\Tunebite\Tunebite.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\swriter.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-03] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [MMTray] - C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [131072 2004-08-29] (Musicmatch, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2508104 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [IJNetworkScanUtility] - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM\...\Run: [LexwareInfoService] - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [Adobe Version Cue CS2] - c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKCU\...\Run: [AnyDVD] - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [7032920 2013-04-10] (SlySoft, Inc.)
HKCU\...\Run: [Tunebite] - C:\Program Files\RapidSolution\Tunebite\Tunebite.exe [4678960 2009-09-10] (RapidSolution Software AG)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3DF75E140442CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll (RapidSolution Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 27 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Kini\AppData\Roaming\Mozilla\Firefox\Profiles\nbs63um4.default-1378379978201
FF Homepage: hxxp://www.counterstatistik.de/login.php
FF NetworkProxy: "autoconfig_url", "file:///C:/Users/Kini/Music/Temp/Tunebite/.downloading/profile/rrproxy_ffox_52434147.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Kini\AppData\Roaming\Mozilla\Firefox\Profiles\nbs63um4.default-1378379978201\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Kini\AppData\Roaming\Mozilla\Firefox\Profiles\nbs63um4.default-1378379978201\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF HKLM\...\Firefox\Extensions: [tunebite-firefox-surf-and-catch-extension@audials.com] - C:\Program Files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\
FF Extension: Tunebite Firefox Surf and Catch Plugin - C:\Program Files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\
========================== Services (Whitelisted) =================
R2 Adobe Version Cue CS2; c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated)
R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [622648 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [164816 2013-08-29] (APN LLC.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-07-31] (Freemake)
R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-07-31] (Ellora Assets Corp.)
R2 hasplms; C:\Windows\system32\hasplms.exe [4412872 2012-08-23] (SafeNet Inc.)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
==================== Drivers (Whitelisted) ====================
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [365056 2012-08-07] (SafeNet Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [124504 2013-03-18] (SlySoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-26] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [605128 2012-09-27] (SafeNet Inc.)
R3 MxlW2k; C:\Windows\System32\Drivers\MxlW2k.sys [28352 2013-04-28] (MusicMatch, Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [428088 2013-04-26] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-26] (Avira GmbH)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [38816 2009-01-23] (RapidSolution Software AG)
S3 catchme; \??\C:\Users\Kini\AppData\Local\Temp\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-26 00:16 - 2013-09-26 00:16 - 97892804 _____ C:\Windows\system32\퀻᭄c
2013-09-25 20:17 - 2013-09-25 20:17 - 97858179 _____ C:\Windows\system32\ㅓ差᭄[
2013-09-25 16:43 - 2013-09-25 16:43 - 00000000 ____D C:\Program Files\ESET
2013-09-24 21:50 - 2013-09-24 21:50 - 00001307 _____ C:\Users\Kini\Desktop\JRT.txt
2013-09-24 21:48 - 2013-09-24 21:48 - 00000000 ____D C:\Windows\ERUNT
2013-09-24 21:24 - 2013-09-24 21:41 - 00000000 ____D C:\AdwCleaner
2013-09-24 20:55 - 2013-09-24 20:55 - 00001067 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-24 20:55 - 2013-09-24 20:55 - 00000000 ____D C:\Users\Kini\AppData\Roaming\Malwarebytes
2013-09-24 20:55 - 2013-09-24 20:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-24 20:55 - 2013-09-24 20:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-24 20:55 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-24 16:17 - 2013-09-24 16:17 - 00013288 _____ C:\ComboFix.txt
2013-09-24 15:57 - 2013-09-24 16:17 - 00000000 ____D C:\Qoobox
2013-09-24 15:57 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-24 15:57 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-24 15:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-24 15:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-24 15:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-24 15:57 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-24 15:57 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-24 15:57 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-24 15:56 - 2013-09-24 16:15 - 00000000 ____D C:\Windows\erdnt
2013-09-23 21:17 - 2013-09-23 21:17 - 98685961 _____ C:\Windows\system32\䷅갨᭄b
2013-09-23 18:32 - 2013-09-23 18:32 - 00000020 _____ C:\Users\Kini\defogger_reenable
2013-09-21 17:44 - 2013-09-21 17:44 - 00000000 ____D C:\Users\Kini\AppData\Local\stellarium
2013-09-21 11:41 - 2013-09-21 11:41 - 00000000 ____D C:\FRST
2013-09-21 08:39 - 2013-09-21 08:39 - 00000823 _____ C:\Users\Kini\Desktop\Asterix and Obelix XXL2.lnk
2013-09-21 08:39 - 2013-09-21 08:39 - 00000000 ____D C:\Users\Kini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Atari
2013-09-21 00:14 - 2013-09-21 00:14 - 00000000 ____D C:\Program Files\VIA
2013-09-20 23:26 - 2013-09-20 23:26 - 00000000 ____D C:\Program Files\Intel
2013-09-20 23:26 - 2013-09-20 23:26 - 00000000 ____D C:\Intel
2013-09-20 20:40 - 2013-09-20 20:40 - 98487876 _____ C:\Windows\system32\⠋᭄a
2013-09-19 18:18 - 2013-09-19 20:18 - 98395704 _____ C:\Windows\system32\槡늝᭄w
2013-09-19 05:01 - 2013-09-19 05:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-17 16:03 - 2013-09-17 20:02 - 98008335 _____ C:\Windows\system32\쉎筋᭄]
2013-09-14 07:32 - 2013-09-14 07:32 - 97519942 _____ C:\Windows\system32\탮믗᭄b
2013-09-12 21:22 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 21:22 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 21:22 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 21:22 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 21:22 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 21:22 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 18:35 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 18:35 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 18:35 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 18:35 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 18:35 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 18:35 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 18:35 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 18:35 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 20:36 - 2013-09-24 21:57 - 00007606 _____ C:\Users\Kini\AppData\Local\Resmon.ResmonCfg
2013-09-10 16:20 - 2013-09-10 20:20 - 96985259 _____ C:\Windows\system32\捜쳶᭄`
2013-09-09 19:58 - 2013-09-09 19:58 - 00000000 ____D C:\Users\Kini\AppData\Roaming\Games
2013-09-09 19:56 - 2013-09-09 19:57 - 00000000 ____D C:\ProgramData\Solidshield
2013-09-09 19:56 - 2013-09-09 19:56 - 00000000 ____D C:\ProgramData\InstallShield
2013-09-09 19:51 - 2013-09-09 19:51 - 00001306 _____ C:\Windows\DIFx.log
2013-09-09 19:51 - 2013-09-09 19:51 - 00000000 ____D C:\Windows\system32\AGEIA
2013-09-09 19:51 - 2013-09-09 19:51 - 00000000 ____D C:\Program Files\AGEIA Technologies
2013-09-09 19:50 - 2013-09-09 19:50 - 00000619 _____ C:\Users\Public\Desktop\Sherlock Holmes - Die Spur der Erwachten Remastered spielen.lnk
2013-09-09 19:48 - 2004-08-09 05:04 - 00073728 _____ (InstallShield Software Corporation) C:\Windows\system32\ISUSPM.cpl
2013-09-08 10:07 - 2013-09-08 10:07 - 96533415 _____ C:\Windows\system32\Ᏼ啌᭄q
2013-09-06 08:22 - 2013-09-06 22:23 - 96470395 _____ C:\Windows\system32\ᨛ抜᭄_
2013-09-05 12:40 - 2013-09-05 20:41 - 96185213 _____ C:\Windows\system32\殖脂᭄Z
2013-09-05 12:32 - 2013-09-05 12:47 - 00000000 ____D C:\Users\Kini\AppData\Local\Anvil Studio
2013-09-05 12:26 - 2013-09-05 12:26 - 00002585 _____ C:\Users\Public\Desktop\Anvil Studio.lnk
2013-09-05 12:26 - 2013-09-05 12:26 - 00000000 ____D C:\Program Files\Anvil Studio 2013
2013-09-05 12:25 - 2013-08-13 08:38 - 00032328 _____ C:\Windows\Launcher.exe
2013-09-05 10:40 - 2013-09-05 10:40 - 96029535 _____ C:\Windows\system32\챈蛕᭄h
2013-09-04 17:30 - 2013-09-04 21:30 - 95956132 _____ C:\Windows\system32\팞膱᭄v
2013-09-01 16:47 - 2013-09-01 16:47 - 00987960 _____ C:\Windows\Minidump\090113-18002-01.dmp
2013-08-28 22:19 - 2013-08-28 22:19 - 00000000 ____D C:\Windows\system32\RTCOM
2013-08-28 22:19 - 2013-08-28 22:19 - 00000000 ____D C:\Program Files\Realtek
2013-08-28 22:19 - 2013-03-29 21:42 - 02646088 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2013-08-28 22:19 - 2013-03-29 18:04 - 21170176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes.dat
2013-08-28 22:19 - 2013-03-29 17:51 - 00860208 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2013-08-28 22:19 - 2013-03-29 17:10 - 00449481 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-08-28 22:19 - 2013-03-27 16:57 - 00112200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2013-08-28 22:19 - 2013-03-26 17:06 - 02536008 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2013-08-28 22:19 - 2013-03-26 17:04 - 02386464 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2013-08-28 22:19 - 2013-03-26 15:40 - 03237448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2013-08-28 22:19 - 2013-03-26 14:38 - 01596488 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2013-08-28 22:19 - 2013-03-25 17:32 - 03180264 _____ C:\Windows\system32\Drivers\rtvienna.dat
2013-08-28 22:19 - 2013-03-23 03:43 - 00181960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2013-08-28 22:19 - 2013-03-21 00:26 - 13769496 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2013-08-28 22:19 - 2013-03-21 00:26 - 01931032 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2013-08-28 22:19 - 2013-03-20 13:17 - 08872216 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA.dll
2013-08-28 22:19 - 2013-03-20 13:17 - 01822488 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2013-08-28 22:19 - 2013-03-20 13:17 - 01656600 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek2.dll
2013-08-28 22:19 - 2013-03-20 13:17 - 00776984 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2013-08-28 22:19 - 2013-03-15 19:33 - 04335384 _____ (A-volute) C:\Windows\system32\RTKSMlfx.dll
2013-08-28 22:19 - 2013-03-15 19:32 - 00852824 _____ (A-Volute) C:\Windows\system32\RTKSMSettingsIPC.dll
2013-08-28 22:19 - 2013-03-08 12:51 - 00849968 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2013-08-28 22:19 - 2013-02-27 05:37 - 00699680 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt32.dll
2013-08-28 22:19 - 2013-02-27 05:37 - 00547104 _____ (SRS Labs, Inc.) C:\Windows\system32\sltech32.dll
2013-08-28 22:19 - 2013-02-27 05:37 - 00336672 _____ (SRS Labs, Inc.) C:\Windows\system32\sl3apo32.dll
2013-08-28 22:19 - 2013-02-27 05:37 - 00184608 _____ (TODO: <Company name>) C:\Windows\system32\slprp32.dll
2013-08-28 22:19 - 2013-02-19 18:52 - 00765000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2013-08-28 22:19 - 2013-01-17 19:32 - 00639256 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO50.dll
2013-08-28 22:19 - 2013-01-16 16:02 - 02079816 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2013-08-28 22:19 - 2012-12-12 11:17 - 00350664 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2013-08-28 22:19 - 2012-10-02 14:39 - 00426952 _____ (DTS) C:\Windows\system32\DTSU2PLFX32.dll
2013-08-28 22:19 - 2012-10-02 14:39 - 00402888 _____ (DTS) C:\Windows\system32\DTSU2PGFX32.dll
2013-08-28 22:19 - 2012-10-02 14:39 - 00346056 _____ (DTS) C:\Windows\system32\DTSU2PREC32.dll
2013-08-28 22:19 - 2012-09-10 20:06 - 00549240 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO40.dll
2013-08-28 22:19 - 2012-08-31 19:17 - 07162128 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP32A.dll
2013-08-28 22:19 - 2012-08-31 19:17 - 00352016 _____ (Dolby Laboratories) C:\Windows\system32\R4EED32A.dll
2013-08-28 22:19 - 2012-08-31 19:17 - 00106768 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL32A.dll
2013-08-28 22:19 - 2012-08-31 19:17 - 00091920 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA32A.dll
2013-08-28 22:19 - 2012-08-31 19:17 - 00062224 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG32A.dll
2013-08-28 22:19 - 2012-07-15 21:13 - 00349048 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2013-08-28 22:19 - 2012-06-20 17:26 - 00090624 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-08-28 22:19 - 2012-03-08 11:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2013-08-28 22:19 - 2012-01-30 11:42 - 00819648 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo2.dll
2013-08-28 22:19 - 2012-01-10 10:20 - 00058264 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\TepeqAPO.dll
2013-08-28 22:19 - 2011-11-22 16:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2013-08-28 22:19 - 2011-09-02 14:21 - 00214368 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK.dll
2013-08-28 22:19 - 2011-09-02 14:21 - 00074080 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM.dll
2013-08-28 22:19 - 2011-09-02 14:21 - 00068960 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO.dll
2013-08-28 22:19 - 2011-08-23 17:00 - 00357712 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 01509480 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 01292904 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 01220200 _____ (DTS) C:\Windows\system32\DTSBoostDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00654952 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00631400 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00601704 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00458344 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00389736 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00375400 _____ (DTS) C:\Windows\system32\DTSLimiterDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00218728 _____ (DTS) C:\Windows\system32\DTSGFXAPONS.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00218728 _____ (DTS) C:\Windows\system32\DTSGFXAPO.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00218216 _____ (DTS) C:\Windows\system32\DTSLFXAPO.dll
2013-08-28 22:19 - 2011-03-17 12:16 - 01379760 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2013-08-28 22:19 - 2011-03-07 17:03 - 00134584 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2013-08-28 22:19 - 2010-11-08 07:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2013-08-28 22:19 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2013-08-28 22:19 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2013-08-28 22:19 - 2010-11-08 07:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2013-08-28 22:19 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2013-08-28 22:19 - 2010-11-08 07:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2013-08-28 22:19 - 2010-09-27 09:34 - 00232792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2013-08-28 22:19 - 2009-12-04 15:43 - 00132368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2013-08-28 22:19 - 2009-11-24 09:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2013-08-28 22:19 - 2009-11-24 09:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2013-08-28 22:19 - 2009-11-24 09:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2013-08-28 22:19 - 2009-11-24 09:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2013-08-28 22:19 - 2009-11-18 18:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
==================== One Month Modified Files and Folders =======
2013-09-26 08:14 - 2009-07-14 06:39 - 09687342 _____ C:\Windows\setupact.log
2013-09-26 08:00 - 2013-05-09 13:14 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-26 08:00 - 2013-04-27 11:31 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-26 06:59 - 2013-04-25 11:23 - 01414319 _____ C:\Windows\WindowsUpdate.log
2013-09-26 00:16 - 2013-09-26 00:16 - 97892804 _____ C:\Windows\system32\퀻᭄c
2013-09-25 22:07 - 2009-07-14 06:34 - 00022544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-25 22:07 - 2009-07-14 06:34 - 00022544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-25 22:01 - 2013-05-09 13:14 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-25 22:00 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-25 20:17 - 2013-09-25 20:17 - 97858179 _____ C:\Windows\system32\ㅓ差᭄[
2013-09-25 16:43 - 2013-09-25 16:43 - 00000000 ____D C:\Program Files\ESET
2013-09-25 16:33 - 2013-04-28 14:53 - 00000000 ____D C:\Users\Kini\AppData\Roaming\Skype
2013-09-24 21:57 - 2013-09-11 20:36 - 00007606 _____ C:\Users\Kini\AppData\Local\Resmon.ResmonCfg
2013-09-24 21:50 - 2013-09-24 21:50 - 00001307 _____ C:\Users\Kini\Desktop\JRT.txt
2013-09-24 21:48 - 2013-09-24 21:48 - 00000000 ____D C:\Windows\ERUNT
2013-09-24 21:41 - 2013-09-24 21:24 - 00000000 ____D C:\AdwCleaner
2013-09-24 21:13 - 2010-11-20 23:48 - 00084242 _____ C:\Windows\PFRO.log
2013-09-24 21:13 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\PLA
2013-09-24 21:08 - 2013-08-10 10:18 - 00000000 ____D C:\Users\Kini\AppData\Roaming\DVDVideoSoft
2013-09-24 20:55 - 2013-09-24 20:55 - 00001067 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-24 20:55 - 2013-09-24 20:55 - 00000000 ____D C:\Users\Kini\AppData\Roaming\Malwarebytes
2013-09-24 20:55 - 2013-09-24 20:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-24 20:55 - 2013-09-24 20:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-24 16:17 - 2013-09-24 16:17 - 00013288 _____ C:\ComboFix.txt
2013-09-24 16:17 - 2013-09-24 15:57 - 00000000 ____D C:\Qoobox
2013-09-24 16:17 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-09-24 16:17 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-09-24 16:15 - 2013-09-24 15:56 - 00000000 ____D C:\Windows\erdnt
2013-09-24 16:10 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-09-23 21:17 - 2013-09-23 21:17 - 98685961 _____ C:\Windows\system32\䷅갨᭄b
2013-09-23 18:32 - 2013-09-23 18:32 - 00000020 _____ C:\Users\Kini\defogger_reenable
2013-09-23 18:32 - 2013-04-26 00:22 - 00000000 ____D C:\Users\Kini
2013-09-21 17:44 - 2013-09-21 17:44 - 00000000 ____D C:\Users\Kini\AppData\Local\stellarium
2013-09-21 17:00 - 2013-04-27 11:31 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-21 17:00 - 2013-04-27 11:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-21 11:41 - 2013-09-21 11:41 - 00000000 ____D C:\FRST
2013-09-21 09:13 - 2013-05-09 13:15 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-21 08:39 - 2013-09-21 08:39 - 00000823 _____ C:\Users\Kini\Desktop\Asterix and Obelix XXL2.lnk
2013-09-21 08:39 - 2013-09-21 08:39 - 00000000 ____D C:\Users\Kini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Atari
2013-09-21 08:39 - 2013-04-26 01:30 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-09-21 00:14 - 2013-09-21 00:14 - 00000000 ____D C:\Program Files\VIA
2013-09-20 23:26 - 2013-09-20 23:26 - 00000000 ____D C:\Program Files\Intel
2013-09-20 23:26 - 2013-09-20 23:26 - 00000000 ____D C:\Intel
2013-09-20 20:40 - 2013-09-20 20:40 - 98487876 _____ C:\Windows\system32\⠋᭄a
2013-09-20 19:08 - 2010-11-20 23:01 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-19 20:18 - 2013-09-19 18:18 - 98395704 _____ C:\Windows\system32\槡늝᭄w
2013-09-19 18:16 - 2013-04-26 00:32 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-19 05:17 - 2013-04-26 00:32 - 00000000 ____D C:\Users\Kini\AppData\Local\Mozilla
2013-09-19 05:01 - 2013-09-19 05:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-17 20:02 - 2013-09-17 16:03 - 98008335 _____ C:\Windows\system32\쉎筋᭄]
2013-09-17 19:59 - 2013-04-26 01:33 - 00000000 ____D C:\Users\Kini\MEDION NAS TOOL
2013-09-14 09:25 - 2013-06-22 12:22 - 00000000 ____D C:\Windows\rescache
2013-09-14 07:32 - 2013-09-14 07:32 - 97519942 _____ C:\Windows\system32\탮믗᭄b
2013-09-13 16:39 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-13 16:32 - 2009-07-14 06:33 - 00610632 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 16:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-12 21:21 - 2013-08-14 22:38 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 21:20 - 2013-05-21 08:19 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-10 20:20 - 2013-09-10 16:20 - 96985259 _____ C:\Windows\system32\捜쳶᭄`
2013-09-09 19:58 - 2013-09-09 19:58 - 00000000 ____D C:\Users\Kini\AppData\Roaming\Games
2013-09-09 19:57 - 2013-09-09 19:56 - 00000000 ____D C:\ProgramData\Solidshield
2013-09-09 19:56 - 2013-09-09 19:56 - 00000000 ____D C:\ProgramData\InstallShield
2013-09-09 19:51 - 2013-09-09 19:51 - 00001306 _____ C:\Windows\DIFx.log
2013-09-09 19:51 - 2013-09-09 19:51 - 00000000 ____D C:\Windows\system32\AGEIA
2013-09-09 19:51 - 2013-09-09 19:51 - 00000000 ____D C:\Program Files\AGEIA Technologies
2013-09-09 19:50 - 2013-09-09 19:50 - 00000619 _____ C:\Users\Public\Desktop\Sherlock Holmes - Die Spur der Erwachten Remastered spielen.lnk
2013-09-09 19:48 - 2013-04-26 01:30 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-09-08 21:47 - 2013-04-28 10:46 - 00000000 ____D C:\Users\Kini\AppData\Roaming\FileZilla
2013-09-08 21:42 - 2013-04-27 10:08 - 00000000 ____D C:\Users\Kini\AppData\Roaming\Audacity
2013-09-08 10:07 - 2013-09-08 10:07 - 96533415 _____ C:\Windows\system32\Ᏼ啌᭄q
2013-09-06 22:23 - 2013-09-06 08:22 - 96470395 _____ C:\Windows\system32\ᨛ抜᭄_
2013-09-05 20:41 - 2013-09-05 12:40 - 96185213 _____ C:\Windows\system32\殖脂᭄Z
2013-09-05 12:47 - 2013-09-05 12:32 - 00000000 ____D C:\Users\Kini\AppData\Local\Anvil Studio
2013-09-05 12:26 - 2013-09-05 12:26 - 00002585 _____ C:\Users\Public\Desktop\Anvil Studio.lnk
2013-09-05 12:26 - 2013-09-05 12:26 - 00000000 ____D C:\Program Files\Anvil Studio 2013
2013-09-05 10:40 - 2013-09-05 10:40 - 96029535 _____ C:\Windows\system32\챈蛕᭄h
2013-09-04 21:30 - 2013-09-04 17:30 - 95956132 _____ C:\Windows\system32\팞膱᭄v
2013-09-03 16:28 - 2013-05-06 10:48 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-03 16:28 - 2013-04-26 01:24 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-03 16:28 - 2013-04-26 01:24 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-01 16:47 - 2013-09-01 16:47 - 00987960 _____ C:\Windows\Minidump\090113-18002-01.dmp
2013-09-01 16:47 - 2013-07-21 08:45 - 341388226 _____ C:\Windows\MEMORY.DMP
2013-09-01 16:47 - 2013-07-21 08:45 - 00000000 ____D C:\Windows\Minidump
2013-08-28 22:19 - 2013-08-28 22:19 - 00000000 ____D C:\Windows\system32\RTCOM
2013-08-28 22:19 - 2013-08-28 22:19 - 00000000 ____D C:\Program Files\Realtek
Some content of TEMP:
====================
C:\Users\Kini\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-24 20:40
==================== End Of Log ============================
--- --- --- --- --- --- additional auch? Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-09-2013
Ran by Kini at 2013-09-26 08:15:04
Running from E:\Dokumente\Computer
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe AIR (Version: 3.7.0.1530)
Adobe Bridge 1.0 (Version: 001.000.001)
Adobe Common File Installer (Version: 1.00.001)
Adobe Creative Suite 2
Adobe Download Assistant (Version: 1.2.5)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Help Center 1.0 (Version: 1.0.1)
Adobe Illustrator CS2 (Version: 12.000.000)
Adobe InDesign CS2 (Version: 004.000.000)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Reader XI (11.0.04) - Deutsch (Version: 11.0.04)
Adobe Stock Photos 1.0 (Version: 1.0.1)
Adobe SVG Viewer 3.0 (Version: 3.0)
Adobe Version Cue CS2 (Version: 2.0)
Anvil Studio (Version: 13.08.01)
AnyDVD (Version: 7.1.8.0)
AquaSoft DiaShow 7 Ultimate (Version: 7.7.11)
AquaSoftware Eyedestructor 1.501 (Version: 1.501)
Ask Shopping Toolbar (Version: 12.4.0.1029)
Ask Toolbar (Version: 12.2.2.676)
Asterix and Obelix XXL2 (Version: 1.00.0000)
aTube Catcher (Version: 2.9.1501)
Audacity 2.0.3 (Version: 2.0.3)
Avidemux 2.6 (32-bit) (Version: 2.6.3.8518)
Avira Antivirus Premium (Version: 13.0.0.4052)
BlockCAD 3.19 (Version: 3.19)
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 3.1
Canon MX340 series Benutzerregistrierung
Canon MX340 series MP Drivers
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
DVDStyler v2.4.3
easyHDR BASIC 2 (Version: 2.13.3)
FileZilla Client 3.7.3 (Version: 3.7.3)
Free Screen Video Recorder version 2.5.30.725 (Version: 2.5.30.725)
Freemake Video Converter Version 4.0.1 (Version: 4.0.1)
Freemake Video Downloader (Version: 3.5.3)
GIMP 2.8.4 (Version: 2.8.4)
Google Chrome (Version: 29.0.1547.76)
Google Earth (Version: 7.1.1.1888)
jAlbum (Version: 11.2.1)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
LAME v3.99.3 (for Windows)
LEGO Digital Designer
Lexware Info Service (Version: 2.90.00.0009)
Luminance HDR 2.3.1
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
MEDION NAS TOOL
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
Mozilla Thunderbird 17.0.8 (x86 de) (Version: 17.0.8)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Musicmatch® Jukebox (Version: 9.00.0156)
NVIDIA GAME System Software 2.8.1 (Version: 2.8.1)
OpenOffice.org 3.4 (Version: 3.4.9590)
Paragon Partition Manager™ 12 Free (Version: 90.00.0003)
PDF Architect (Version: 1.1.83.9982)
PDF Split And Merge Basic (Version: 2.2.2)
PDFCreator (Version: 1.7.0)
Picturenaut 3.2 (Version: 3.2.0.1690)
PixiePack Codec Pack (Version: 1.0.100.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6873)
Sherlock Holmes - Die Spur der Erwachten Remastered (Version: 1.00.0777)
SILKYPIX Developer Studio 2.1 SE (Version: 2.1.0.2)
Skype™ 6.6 (Version: 6.6.106)
Spotify (HKCU Version: 0.9.0.129.g6978da9c)
Suite Specific (Version: 2.0.0)
TAXMAN 2013 (Version: 19.06.00.0003)
Tunebite (Version: 6.0.31728.2500)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Video Downloader version 2.0 (Version: 2.0)
WinPcap 4.1.2 (Version: 4.1.0.2001)
XAMPP 1.8.1-0 (Version: 1.8.1-0)
YTD Video Downloader 4.4 (Version: 4.4)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:04 - 2013-09-24 16:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {4648E1F1-F0B1-4C04-A33A-AE270D2D829B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-09] (Google Inc.)
Task: {508CE812-F0C9-4A25-9BB4-538FB7D18297} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files\HomeTab\ProtectedSearch.exe
Task: {86291118-796D-4674-BCAB-D72F084F3F2F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-21] (Adobe Systems Incorporated)
Task: {AFAF1CBD-0716-4405-B61E-D2C48D6A6CF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-09] (Google Inc.)
Task: {F774CFC2-F716-4239-89CA-B991A8723045} - \Browser Updater\Browser Updater No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-04-27 11:00 - 2013-03-15 18:38 - 00131160 _____ (SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll
2013-08-07 21:25 - 2013-08-07 21:25 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2011-02-11 18:44 - 2011-02-11 18:44 - 00086016 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc
2013-04-28 10:50 - 2004-08-29 12:52 - 00434176 _____ () C:\Program Files\Musicmatch\Musicmatch Jukebox\CoreDll.dll
2013-04-28 10:50 - 2004-08-29 12:53 - 00495616 _____ (Sample Corporation) C:\Program Files\Musicmatch\Musicmatch Jukebox\MMVCP70.dll
2013-04-28 10:50 - 2004-08-29 12:53 - 00339968 _____ (Sample Corporation) C:\Program Files\Musicmatch\Musicmatch Jukebox\MMVCR70.dll
2013-04-28 10:50 - 2004-08-29 12:52 - 00122880 _____ () C:\Program Files\Musicmatch\Musicmatch Jukebox\TrackUtils.dll
2013-04-28 10:50 - 2004-08-29 12:52 - 00475264 _____ (Musicmatch, Inc.) C:\Program Files\Musicmatch\Musicmatch Jukebox\Enforce.dll
2013-04-28 10:50 - 2004-08-29 12:52 - 00385024 _____ (Musicmatch, Inc.) C:\Program Files\Musicmatch\Musicmatch Jukebox\SkinnedCtrls.dll
2013-04-28 10:50 - 2004-08-29 12:52 - 00106496 _____ (Musicmatch, Inc.) C:\Program Files\Musicmatch\Musicmatch Jukebox\MMReg.dll
2013-04-28 10:50 - 2004-08-29 12:52 - 00069632 _____ (Musicmatch, Inc.) C:\Program Files\Musicmatch\Musicmatch Jukebox\FileAssoc.dll
2013-04-26 09:54 - 2009-10-09 15:01 - 00354816 _____ (CANON INC.) C:\Windows\system32\CNMNPPM.DLL
2011-07-28 16:30 - 2011-07-28 16:30 - 00184688 _____ (Haufe-Lexware GmbH & Co. KG) C:\Program Files\Common Files\Lexware\Update Manager\lxiuum20.dll
2013-03-09 14:48 - 2013-03-09 14:48 - 00097176 _____ (Elaborate Bytes AG) C:\Windows\system32\ElbyCDIO.dll
2013-03-16 13:02 - 2013-03-16 13:02 - 01162840 _____ (SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\AnyDialog.dll
2009-09-10 18:57 - 2009-09-10 18:57 - 00427312 _____ (hxxp://www.id3lib.org/) C:\Program Files\RapidSolution\Tunebite\id3libU.dll
2009-09-10 18:57 - 2009-09-10 18:57 - 03151152 _____ () C:\Program Files\RapidSolution\Tunebite\dllMiniplayU.dll
2009-09-10 18:53 - 2009-09-10 18:53 - 00540672 _____ () C:\Program Files\RapidSolution\Tunebite\SQLite3.dll
2009-09-10 18:53 - 2009-09-10 18:53 - 01413120 _____ (RapidSolution Software AG) C:\Program Files\RapidSolution\Tunebite\RSTagLib.dll
2009-09-10 18:53 - 2009-09-10 18:53 - 00372736 _____ () C:\Program Files\RapidSolution\Tunebite\libfaad2.dll
2009-09-10 18:53 - 2009-09-10 18:53 - 00266240 _____ () C:\Program Files\RapidSolution\Tunebite\libFLAC_dynamic.dll
2009-09-10 18:53 - 2009-09-10 18:53 - 00122880 _____ () C:\Program Files\RapidSolution\Tunebite\libFLAC++_dynamic.dll
2009-09-10 18:58 - 2009-09-10 18:58 - 01455408 _____ () C:\Program Files\RapidSolution\Tunebite\StreamingClient.dll
2009-07-28 18:16 - 2009-07-28 18:16 - 00061440 _____ () C:\Program Files\RapidSolution\Tunebite\boost_thread-vc80-mt-1_39.dll
2009-07-28 18:16 - 2009-07-28 18:16 - 00057344 _____ () C:\Program Files\RapidSolution\Tunebite\boost_date_time-vc80-mt-1_39.dll
2009-07-28 18:16 - 2009-07-28 18:16 - 00012288 _____ () C:\Program Files\RapidSolution\Tunebite\boost_system-vc80-mt-1_39.dll
2009-09-10 18:58 - 2009-09-10 18:58 - 01365296 _____ (RapidSolution Software AG) C:\Program Files\RapidSolution\Tunebite\update.dll
2009-09-10 18:57 - 2009-09-10 18:57 - 02086192 _____ (RapidSolution Software AG) C:\Program Files\RapidSolution\Tunebite\EncodingBackend.dll
2009-09-10 18:53 - 2009-09-10 18:53 - 00212992 _____ (RapidSolution Software AG) C:\Program Files\RapidSolution\Tunebite\MediaFinalizer.dll
2009-09-10 18:56 - 2009-09-10 18:56 - 00503808 _____ (RapidSolution Software AG) C:\Program Files\RapidSolution\Tunebite\lang\de.dll
2009-09-10 18:53 - 2009-09-10 18:53 - 00028672 _____ (RapidSolution Software AG) C:\Program Files\RapidSolution\Tunebite\lang\EncodingBackend\de.dll
2009-07-14 02:07 - 2009-07-14 03:14 - 00064000 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2009-09-10 18:52 - 2009-09-10 18:52 - 00040960 _____ () C:\Program Files\RapidSolution\Tunebite\lang\miniplay\de.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00386328 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\WebRip.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00505112 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\BadJojo.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00496920 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\BlipTV.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00501016 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\DailyMotion.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00505112 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\MetaCafe.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00566552 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\MusicLoad.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00509208 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\MySpace.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00521496 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\MyVideo.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00492824 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\PornoTube.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 01537304 _____ (RapidSolution Software AG) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\RadioRip.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00156952 _____ (RapidSolution Software AG) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\PlgIJigg.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00177432 _____ (RapidSolution Software AG) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\PlgImeem.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00136472 _____ (RapidSolution Software AG) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\PlgLastfm.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00156952 _____ (RapidSolution Software AG) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\PlgPandora.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00242968 _____ (RapidSolution Software AG) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\PlgSoundclick.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00496920 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\RedTube.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00488728 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\ROFL.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00501016 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\SevenLoad.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00509208 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\Tangle.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00505112 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\TimTube.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00496920 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\YouPorn.dll
2013-08-10 10:35 - 2013-08-10 10:35 - 00292120 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\YouTube.dll
2013-09-19 05:01 - 2013-09-19 05:01 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2012-04-13 12:04 - 2012-04-13 12:04 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2012-04-13 12:00 - 2012-04-13 12:00 - 00180224 _____ (The cURL library, hxxp://curl.haxx.se/) C:\Program Files\OpenOffice.org 3\program\libcurl.dll
2012-04-13 12:00 - 2012-04-13 12:00 - 00170496 _____ () C:\Program Files\OpenOffice.org 3\program\libxslt.dll
2013-04-26 09:53 - 2012-03-14 05:00 - 00638464 _____ (CANON INC.) C:\Windows\system32\spool\DRIVERS\W32X86\3\CNMDRA5.DLL
2013-04-26 09:53 - 2012-03-14 05:00 - 03535360 _____ (CANON INC.) C:\Windows\system32\spool\DRIVERS\W32X86\3\CNMUIA5.DLL
2013-04-26 09:53 - 2012-03-14 05:00 - 00108544 _____ (CANON INC.) C:\Windows\system32\spool\DRIVERS\W32X86\3\CNMCPA5.DLL
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/25/2013 10:01:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/25/2013 04:36:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/25/2013 04:17:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/25/2013 11:53:56 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/25/2013 07:23:09 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (09/25/2013 11:00:32 PM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
Error: (09/25/2013 10:01:13 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (09/25/2013 10:01:13 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (09/25/2013 09:58:37 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows-Audio-Endpunkterstellung" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1059
Error: (09/25/2013 09:58:36 PM) (Source: Service Control Manager) (User: )
Description: Erkannte Ringabhängigkeiten erfordern Start von Windows-Audio-Endpunkterstellung. Überprüfen Sie die Abhängigkeitsstruktur des Diensts.
Error: (09/25/2013 09:58:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Audio-Endpunkterstellung" ist von einem Dienst in einer Gruppe abhängig, der später gestartet wird. Ändern Sie die Reihenfolge in der Dienstabhängigkeitsstruktur, um sicherzustellen, dass alle für diesen Dienst erforderlichen Dienste gestartet sind, bevor dieser Dienst gestartet wird.
Error: (09/25/2013 09:58:02 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Plug & Play" Korrekturmaßnahmen (Neustart des Computers) durchzuführen, ist fehlgeschlagen. Fehler:
%%1190
Error: (09/25/2013 09:58:02 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Stromversorgung" Korrekturmaßnahmen (Neustart des Computers) durchzuführen, ist fehlgeschlagen. Fehler:
%%1190
Error: (09/25/2013 09:58:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Stromversorgung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Computers.
Error: (09/25/2013 09:58:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Plug & Play" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Computers.
Microsoft Office Sessions:
=========================
Error: (09/25/2013 10:01:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/25/2013 04:36:22 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/25/2013 04:17:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/25/2013 11:53:56 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/25/2013 07:23:09 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 72%
Total physical RAM: 3197.24 MB
Available physical RAM: 864.49 MB
Total Pagefile: 6392.77 MB
Available Pagefile: 2965.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.14 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:32.23 GB) (Free:3.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:265.76 GB) (Free:35 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 000C6A20)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=32 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=266 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Ich weiß nicht, so richtig besser ist das jetzt nicht. Ich häng mal ein Bild vom Taskmanager ran:  Ich hab dann den einen svchost manuell beendet, dann wars weg. Der Prozess ist allerdings dann nach ner kurzen Zeit wieder von selber angelaufen, wie man hier sieht:   Kini |
|
26.09.2013, 09:30
| #8 |
| /// the machine /// TB-Ausbilder | dauernd 100% CPU-Auslastung durch svchost.exe Downloade dir bitte Windows Repair (All In One) von hier.
Frisches FRST log bitte. Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.09.2013, 11:39
| #9 |
| | dauernd 100% CPU-Auslastung durch svchost.exe Das Winrepair hat sich bei mir etwas anders präsentiert, ich hab versucht, die Haken so zu setzen, wie Du es angegeben hast:  Danach FRST: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-09-2013
Ran by Kini (administrator) on KINISEINGROSSER on 26-09-2013 12:31:58
Running from E:\Dokumente\Computer
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Ellora Assets Corp.) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
(SafeNet Inc.) C:\Windows\system32\hasplms.exe
() c:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Musicmatch, Inc.) C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Adobe Sytems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
(RapidSolution Software AG) C:\Program Files\RapidSolution\Tunebite\Tunebite.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-03] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [MMTray] - C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [131072 2004-08-29] (Musicmatch, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2508104 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [IJNetworkScanUtility] - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM\...\Run: [LexwareInfoService] - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [Adobe Version Cue CS2] - c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKCU\...\Run: [AnyDVD] - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [7032920 2013-04-10] (SlySoft, Inc.)
HKCU\...\Run: [Tunebite] - C:\Program Files\RapidSolution\Tunebite\Tunebite.exe [4678960 2009-09-10] (RapidSolution Software AG)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3DF75E140442CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll (RapidSolution Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Kini\AppData\Roaming\Mozilla\Firefox\Profiles\nbs63um4.default-1378379978201
FF Homepage: hxxp://www.counterstatistik.de/login.php
FF NetworkProxy: "autoconfig_url", "file:///C:/Users/Kini/Music/Temp/Tunebite/.downloading/profile/rrproxy_ffox_52440d12.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Kini\AppData\Roaming\Mozilla\Firefox\Profiles\nbs63um4.default-1378379978201\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Kini\AppData\Roaming\Mozilla\Firefox\Profiles\nbs63um4.default-1378379978201\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF HKLM\...\Firefox\Extensions: [tunebite-firefox-surf-and-catch-extension@audials.com] - C:\Program Files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\
FF Extension: Tunebite Firefox Surf and Catch Plugin - C:\Program Files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\
========================== Services (Whitelisted) =================
R2 Adobe Version Cue CS2; c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [622648 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [164816 2013-08-29] (APN LLC.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-07-31] (Freemake)
R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-07-31] (Ellora Assets Corp.)
R2 hasplms; C:\Windows\system32\hasplms.exe [4412872 2012-08-23] (SafeNet Inc.)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
==================== Drivers (Whitelisted) ====================
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [365056 2012-08-07] (SafeNet Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [124504 2013-03-18] (SlySoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-26] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [605128 2012-09-27] (SafeNet Inc.)
R3 MxlW2k; C:\Windows\System32\Drivers\MxlW2k.sys [28352 2013-04-28] (MusicMatch, Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [428088 2013-04-26] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-26] (Avira GmbH)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [38816 2009-01-23] (RapidSolution Software AG)
S3 catchme; \??\C:\Users\Kini\AppData\Local\Temp\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-26 11:57 - 2013-09-26 12:25 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-09-26 11:53 - 2013-09-26 11:53 - 00000207 _____ C:\Windows\tweaking.com-regbackup-KINISEINGROSSER-Microsoft-Windows-7-Professional-(32-bit).dat
2013-09-26 11:52 - 2013-09-26 11:52 - 00000000 ____D C:\RegBackup
2013-09-26 11:21 - 2013-09-26 11:21 - 00145648 _____ C:\Windows\Minidump\092613-39515-01.dmp
2013-09-26 11:21 - 2013-09-26 11:21 - 00006608 ____N C:\bootsqm.dat
2013-09-26 11:16 - 2013-09-26 11:16 - 00002117 _____ C:\Users\Kini\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2013-09-26 11:16 - 2013-09-26 11:16 - 00000000 ____D C:\Program Files\Tweaking.com
2013-09-25 20:17 - 2013-09-25 20:17 - 97858179 _____ C:\Windows\system32\ㅓ差᭄[
2013-09-24 21:50 - 2013-09-24 21:50 - 00001307 _____ C:\Users\Kini\Desktop\JRT.txt
2013-09-24 21:48 - 2013-09-24 21:48 - 00000000 ____D C:\Windows\ERUNT
2013-09-24 21:24 - 2013-09-24 21:41 - 00000000 ____D C:\AdwCleaner
2013-09-24 20:55 - 2013-09-24 20:55 - 00001067 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-24 20:55 - 2013-09-24 20:55 - 00000000 ____D C:\Users\Kini\AppData\Roaming\Malwarebytes
2013-09-24 20:55 - 2013-09-24 20:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-24 20:55 - 2013-09-24 20:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-24 20:55 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-24 16:17 - 2013-09-24 16:17 - 00013288 _____ C:\ComboFix.txt
2013-09-24 15:57 - 2013-09-24 16:17 - 00000000 ____D C:\Qoobox
2013-09-24 15:57 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-24 15:57 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-24 15:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-24 15:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-24 15:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-24 15:57 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-24 15:57 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-24 15:57 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-24 15:56 - 2013-09-24 16:15 - 00000000 ____D C:\Windows\erdnt
2013-09-23 21:17 - 2013-09-23 21:17 - 98685961 _____ C:\Windows\system32\䷅갨᭄b
2013-09-23 18:32 - 2013-09-23 18:32 - 00000020 _____ C:\Users\Kini\defogger_reenable
2013-09-21 17:44 - 2013-09-21 17:44 - 00000000 ____D C:\Users\Kini\AppData\Local\stellarium
2013-09-21 11:41 - 2013-09-21 11:41 - 00000000 ____D C:\FRST
2013-09-21 08:39 - 2013-09-21 08:39 - 00000823 _____ C:\Users\Kini\Desktop\Asterix and Obelix XXL2.lnk
2013-09-21 08:39 - 2013-09-21 08:39 - 00000000 ____D C:\Users\Kini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Atari
2013-09-21 00:14 - 2013-09-21 00:14 - 00000000 ____D C:\Program Files\VIA
2013-09-20 23:26 - 2013-09-20 23:26 - 00000000 ____D C:\Program Files\Intel
2013-09-20 23:26 - 2013-09-20 23:26 - 00000000 ____D C:\Intel
2013-09-20 20:40 - 2013-09-20 20:40 - 98487876 _____ C:\Windows\system32\⠋᭄a
2013-09-19 18:18 - 2013-09-19 20:18 - 98395704 _____ C:\Windows\system32\槡늝᭄w
2013-09-19 05:01 - 2013-09-19 05:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-17 16:03 - 2013-09-17 20:02 - 98008335 _____ C:\Windows\system32\쉎筋᭄]
2013-09-14 07:32 - 2013-09-14 07:32 - 97519942 _____ C:\Windows\system32\탮믗᭄b
2013-09-12 21:22 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 21:22 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 21:22 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 21:22 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 21:22 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 21:22 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 21:22 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 18:35 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 18:35 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 18:35 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 18:35 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 18:35 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 18:35 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 18:35 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 18:35 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 18:35 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 20:36 - 2013-09-26 08:20 - 00007606 _____ C:\Users\Kini\AppData\Local\Resmon.ResmonCfg
2013-09-10 16:20 - 2013-09-10 20:20 - 96985259 _____ C:\Windows\system32\捜쳶᭄`
2013-09-09 19:58 - 2013-09-09 19:58 - 00000000 ____D C:\Users\Kini\AppData\Roaming\Games
2013-09-09 19:56 - 2013-09-09 19:57 - 00000000 ____D C:\ProgramData\Solidshield
2013-09-09 19:56 - 2013-09-09 19:56 - 00000000 ____D C:\ProgramData\InstallShield
2013-09-09 19:51 - 2013-09-09 19:51 - 00001306 _____ C:\Windows\DIFx.log
2013-09-09 19:51 - 2013-09-09 19:51 - 00000000 ____D C:\Windows\system32\AGEIA
2013-09-09 19:51 - 2013-09-09 19:51 - 00000000 ____D C:\Program Files\AGEIA Technologies
2013-09-09 19:50 - 2013-09-09 19:50 - 00000619 _____ C:\Users\Public\Desktop\Sherlock Holmes - Die Spur der Erwachten Remastered spielen.lnk
2013-09-09 19:48 - 2004-08-09 05:04 - 00073728 _____ (InstallShield Software Corporation) C:\Windows\system32\ISUSPM.cpl
2013-09-08 10:07 - 2013-09-08 10:07 - 96533415 _____ C:\Windows\system32\Ᏼ啌᭄q
2013-09-06 08:22 - 2013-09-06 22:23 - 96470395 _____ C:\Windows\system32\ᨛ抜᭄_
2013-09-05 12:40 - 2013-09-05 20:41 - 96185213 _____ C:\Windows\system32\殖脂᭄Z
2013-09-05 12:32 - 2013-09-05 12:47 - 00000000 ____D C:\Users\Kini\AppData\Local\Anvil Studio
2013-09-05 12:26 - 2013-09-05 12:26 - 00002585 _____ C:\Users\Public\Desktop\Anvil Studio.lnk
2013-09-05 12:26 - 2013-09-05 12:26 - 00000000 ____D C:\Program Files\Anvil Studio 2013
2013-09-05 12:25 - 2013-08-13 08:38 - 00032328 _____ C:\Windows\Launcher.exe
2013-09-05 10:40 - 2013-09-05 10:40 - 96029535 _____ C:\Windows\system32\챈蛕᭄h
2013-09-04 17:30 - 2013-09-04 21:30 - 95956132 _____ C:\Windows\system32\팞膱᭄v
2013-09-01 16:47 - 2013-09-01 16:47 - 00987960 _____ C:\Windows\Minidump\090113-18002-01.dmp
2013-08-28 22:19 - 2013-08-28 22:19 - 00000000 ____D C:\Windows\system32\RTCOM
2013-08-28 22:19 - 2013-08-28 22:19 - 00000000 ____D C:\Program Files\Realtek
2013-08-28 22:19 - 2013-03-29 21:42 - 02646088 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2013-08-28 22:19 - 2013-03-29 18:04 - 21170176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes.dat
2013-08-28 22:19 - 2013-03-29 17:51 - 00860208 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2013-08-28 22:19 - 2013-03-29 17:10 - 00449481 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-08-28 22:19 - 2013-03-27 16:57 - 00112200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2013-08-28 22:19 - 2013-03-26 17:06 - 02536008 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2013-08-28 22:19 - 2013-03-26 17:04 - 02386464 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2013-08-28 22:19 - 2013-03-26 15:40 - 03237448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2013-08-28 22:19 - 2013-03-26 14:38 - 01596488 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2013-08-28 22:19 - 2013-03-25 17:32 - 03180264 _____ C:\Windows\system32\Drivers\rtvienna.dat
2013-08-28 22:19 - 2013-03-23 03:43 - 00181960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2013-08-28 22:19 - 2013-03-21 00:26 - 13769496 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2013-08-28 22:19 - 2013-03-21 00:26 - 01931032 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2013-08-28 22:19 - 2013-03-20 13:17 - 08872216 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA.dll
2013-08-28 22:19 - 2013-03-20 13:17 - 01822488 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2013-08-28 22:19 - 2013-03-20 13:17 - 01656600 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek2.dll
2013-08-28 22:19 - 2013-03-20 13:17 - 00776984 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2013-08-28 22:19 - 2013-03-15 19:33 - 04335384 _____ (A-volute) C:\Windows\system32\RTKSMlfx.dll
2013-08-28 22:19 - 2013-03-15 19:32 - 00852824 _____ (A-Volute) C:\Windows\system32\RTKSMSettingsIPC.dll
2013-08-28 22:19 - 2013-03-08 12:51 - 00849968 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2013-08-28 22:19 - 2013-02-27 05:37 - 00699680 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt32.dll
2013-08-28 22:19 - 2013-02-27 05:37 - 00547104 _____ (SRS Labs, Inc.) C:\Windows\system32\sltech32.dll
2013-08-28 22:19 - 2013-02-27 05:37 - 00336672 _____ (SRS Labs, Inc.) C:\Windows\system32\sl3apo32.dll
2013-08-28 22:19 - 2013-02-27 05:37 - 00184608 _____ (TODO: <Company name>) C:\Windows\system32\slprp32.dll
2013-08-28 22:19 - 2013-02-19 18:52 - 00765000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2013-08-28 22:19 - 2013-01-17 19:32 - 00639256 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO50.dll
2013-08-28 22:19 - 2013-01-16 16:02 - 02079816 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2013-08-28 22:19 - 2012-12-12 11:17 - 00350664 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2013-08-28 22:19 - 2012-10-02 14:39 - 00426952 _____ (DTS) C:\Windows\system32\DTSU2PLFX32.dll
2013-08-28 22:19 - 2012-10-02 14:39 - 00402888 _____ (DTS) C:\Windows\system32\DTSU2PGFX32.dll
2013-08-28 22:19 - 2012-10-02 14:39 - 00346056 _____ (DTS) C:\Windows\system32\DTSU2PREC32.dll
2013-08-28 22:19 - 2012-09-10 20:06 - 00549240 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO40.dll
2013-08-28 22:19 - 2012-08-31 19:17 - 07162128 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP32A.dll
2013-08-28 22:19 - 2012-08-31 19:17 - 00352016 _____ (Dolby Laboratories) C:\Windows\system32\R4EED32A.dll
2013-08-28 22:19 - 2012-08-31 19:17 - 00106768 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL32A.dll
2013-08-28 22:19 - 2012-08-31 19:17 - 00091920 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA32A.dll
2013-08-28 22:19 - 2012-08-31 19:17 - 00062224 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG32A.dll
2013-08-28 22:19 - 2012-07-15 21:13 - 00349048 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2013-08-28 22:19 - 2012-06-20 17:26 - 00090624 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-08-28 22:19 - 2012-03-08 11:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2013-08-28 22:19 - 2012-01-30 11:42 - 00819648 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo2.dll
2013-08-28 22:19 - 2012-01-10 10:20 - 00058264 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\TepeqAPO.dll
2013-08-28 22:19 - 2011-11-22 16:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2013-08-28 22:19 - 2011-09-02 14:21 - 00214368 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK.dll
2013-08-28 22:19 - 2011-09-02 14:21 - 00074080 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM.dll
2013-08-28 22:19 - 2011-09-02 14:21 - 00068960 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO.dll
2013-08-28 22:19 - 2011-08-23 17:00 - 00357712 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 01509480 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 01292904 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 01220200 _____ (DTS) C:\Windows\system32\DTSBoostDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00654952 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00631400 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00601704 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00458344 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00389736 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00375400 _____ (DTS) C:\Windows\system32\DTSLimiterDLL.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00218728 _____ (DTS) C:\Windows\system32\DTSGFXAPONS.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00218728 _____ (DTS) C:\Windows\system32\DTSGFXAPO.dll
2013-08-28 22:19 - 2011-05-31 09:42 - 00218216 _____ (DTS) C:\Windows\system32\DTSLFXAPO.dll
2013-08-28 22:19 - 2011-03-17 12:16 - 01379760 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2013-08-28 22:19 - 2011-03-07 17:03 - 00134584 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2013-08-28 22:19 - 2010-11-08 07:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2013-08-28 22:19 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2013-08-28 22:19 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2013-08-28 22:19 - 2010-11-08 07:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2013-08-28 22:19 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2013-08-28 22:19 - 2010-11-08 07:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2013-08-28 22:19 - 2010-09-27 09:34 - 00232792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2013-08-28 22:19 - 2009-12-04 15:43 - 00132368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2013-08-28 22:19 - 2009-11-24 09:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2013-08-28 22:19 - 2009-11-24 09:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2013-08-28 22:19 - 2009-11-24 09:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2013-08-28 22:19 - 2009-11-24 09:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2013-08-28 22:19 - 2009-11-18 18:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
==================== One Month Modified Files and Folders =======
2013-09-26 12:32 - 2010-11-20 23:01 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-26 12:32 - 2009-07-14 06:39 - 10466021 _____ C:\Windows\setupact.log
2013-09-26 12:31 - 2013-05-09 13:14 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-26 12:31 - 2013-04-26 01:12 - 00068240 _____ C:\Users\Kini\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-26 12:31 - 2013-04-25 11:23 - 01449752 _____ C:\Windows\WindowsUpdate.log
2013-09-26 12:27 - 2011-04-12 03:39 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-26 12:27 - 2010-11-20 23:48 - 00085392 _____ C:\Windows\PFRO.log
2013-09-26 12:27 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-26 12:27 - 2009-07-14 06:33 - 00610632 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-26 12:25 - 2013-09-26 11:57 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-09-26 12:00 - 2013-05-09 13:14 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-26 12:00 - 2013-04-27 11:31 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-26 11:58 - 2009-07-14 06:34 - 00022544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-26 11:58 - 2009-07-14 06:34 - 00022544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-26 11:53 - 2013-09-26 11:53 - 00000207 _____ C:\Windows\tweaking.com-regbackup-KINISEINGROSSER-Microsoft-Windows-7-Professional-(32-bit).dat
2013-09-26 11:52 - 2013-09-26 11:52 - 00000000 ____D C:\RegBackup
2013-09-26 11:21 - 2013-09-26 11:21 - 00145648 _____ C:\Windows\Minidump\092613-39515-01.dmp
2013-09-26 11:21 - 2013-09-26 11:21 - 00006608 ____N C:\bootsqm.dat
2013-09-26 11:21 - 2013-07-21 08:45 - 00000000 ____D C:\Windows\Minidump
2013-09-26 11:16 - 2013-09-26 11:16 - 00002117 _____ C:\Users\Kini\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2013-09-26 11:16 - 2013-09-26 11:16 - 00000000 ____D C:\Program Files\Tweaking.com
2013-09-26 08:20 - 2013-09-11 20:36 - 00007606 _____ C:\Users\Kini\AppData\Local\Resmon.ResmonCfg
2013-09-25 20:17 - 2013-09-25 20:17 - 97858179 _____ C:\Windows\system32\ㅓ差᭄[
2013-09-25 16:33 - 2013-04-28 14:53 - 00000000 ____D C:\Users\Kini\AppData\Roaming\Skype
2013-09-24 21:50 - 2013-09-24 21:50 - 00001307 _____ C:\Users\Kini\Desktop\JRT.txt
2013-09-24 21:48 - 2013-09-24 21:48 - 00000000 ____D C:\Windows\ERUNT
2013-09-24 21:41 - 2013-09-24 21:24 - 00000000 ____D C:\AdwCleaner
2013-09-24 21:13 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\PLA
2013-09-24 21:08 - 2013-08-10 10:18 - 00000000 ____D C:\Users\Kini\AppData\Roaming\DVDVideoSoft
2013-09-24 20:55 - 2013-09-24 20:55 - 00001067 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-24 20:55 - 2013-09-24 20:55 - 00000000 ____D C:\Users\Kini\AppData\Roaming\Malwarebytes
2013-09-24 20:55 - 2013-09-24 20:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-24 20:55 - 2013-09-24 20:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-24 16:17 - 2013-09-24 16:17 - 00013288 _____ C:\ComboFix.txt
2013-09-24 16:17 - 2013-09-24 15:57 - 00000000 ____D C:\Qoobox
2013-09-24 16:17 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-09-24 16:17 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-09-24 16:15 - 2013-09-24 15:56 - 00000000 ____D C:\Windows\erdnt
2013-09-24 16:10 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-09-23 21:17 - 2013-09-23 21:17 - 98685961 _____ C:\Windows\system32\䷅갨᭄b
2013-09-23 18:32 - 2013-09-23 18:32 - 00000020 _____ C:\Users\Kini\defogger_reenable
2013-09-23 18:32 - 2013-04-26 00:22 - 00000000 ____D C:\Users\Kini
2013-09-21 17:44 - 2013-09-21 17:44 - 00000000 ____D C:\Users\Kini\AppData\Local\stellarium
2013-09-21 17:00 - 2013-04-27 11:31 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-21 17:00 - 2013-04-27 11:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-21 11:41 - 2013-09-21 11:41 - 00000000 ____D C:\FRST
2013-09-21 09:13 - 2013-05-09 13:15 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-21 08:39 - 2013-09-21 08:39 - 00000823 _____ C:\Users\Kini\Desktop\Asterix and Obelix XXL2.lnk
2013-09-21 08:39 - 2013-09-21 08:39 - 00000000 ____D C:\Users\Kini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Atari
2013-09-21 08:39 - 2013-04-26 01:30 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-09-21 00:14 - 2013-09-21 00:14 - 00000000 ____D C:\Program Files\VIA
2013-09-20 23:26 - 2013-09-20 23:26 - 00000000 ____D C:\Program Files\Intel
2013-09-20 23:26 - 2013-09-20 23:26 - 00000000 ____D C:\Intel
2013-09-20 20:40 - 2013-09-20 20:40 - 98487876 _____ C:\Windows\system32\⠋᭄a
2013-09-19 20:18 - 2013-09-19 18:18 - 98395704 _____ C:\Windows\system32\槡늝᭄w
2013-09-19 18:16 - 2013-04-26 00:32 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-19 05:17 - 2013-04-26 00:32 - 00000000 ____D C:\Users\Kini\AppData\Local\Mozilla
2013-09-19 05:01 - 2013-09-19 05:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-17 20:02 - 2013-09-17 16:03 - 98008335 _____ C:\Windows\system32\쉎筋᭄]
2013-09-17 19:59 - 2013-04-26 01:33 - 00000000 ____D C:\Users\Kini\MEDION NAS TOOL
2013-09-14 09:25 - 2013-06-22 12:22 - 00000000 ____D C:\Windows\rescache
2013-09-14 07:32 - 2013-09-14 07:32 - 97519942 _____ C:\Windows\system32\탮믗᭄b
2013-09-13 16:39 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-13 16:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-12 21:21 - 2013-08-14 22:38 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 21:20 - 2013-05-21 08:19 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-10 20:20 - 2013-09-10 16:20 - 96985259 _____ C:\Windows\system32\捜쳶᭄`
2013-09-09 19:58 - 2013-09-09 19:58 - 00000000 ____D C:\Users\Kini\AppData\Roaming\Games
2013-09-09 19:57 - 2013-09-09 19:56 - 00000000 ____D C:\ProgramData\Solidshield
2013-09-09 19:56 - 2013-09-09 19:56 - 00000000 ____D C:\ProgramData\InstallShield
2013-09-09 19:51 - 2013-09-09 19:51 - 00001306 _____ C:\Windows\DIFx.log
2013-09-09 19:51 - 2013-09-09 19:51 - 00000000 ____D C:\Windows\system32\AGEIA
2013-09-09 19:51 - 2013-09-09 19:51 - 00000000 ____D C:\Program Files\AGEIA Technologies
2013-09-09 19:50 - 2013-09-09 19:50 - 00000619 _____ C:\Users\Public\Desktop\Sherlock Holmes - Die Spur der Erwachten Remastered spielen.lnk
2013-09-09 19:48 - 2013-04-26 01:30 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-09-08 21:47 - 2013-04-28 10:46 - 00000000 ____D C:\Users\Kini\AppData\Roaming\FileZilla
2013-09-08 21:42 - 2013-04-27 10:08 - 00000000 ____D C:\Users\Kini\AppData\Roaming\Audacity
2013-09-08 10:07 - 2013-09-08 10:07 - 96533415 _____ C:\Windows\system32\Ᏼ啌᭄q
2013-09-06 22:23 - 2013-09-06 08:22 - 96470395 _____ C:\Windows\system32\ᨛ抜᭄_
2013-09-05 20:41 - 2013-09-05 12:40 - 96185213 _____ C:\Windows\system32\殖脂᭄Z
2013-09-05 12:47 - 2013-09-05 12:32 - 00000000 ____D C:\Users\Kini\AppData\Local\Anvil Studio
2013-09-05 12:26 - 2013-09-05 12:26 - 00002585 _____ C:\Users\Public\Desktop\Anvil Studio.lnk
2013-09-05 12:26 - 2013-09-05 12:26 - 00000000 ____D C:\Program Files\Anvil Studio 2013
2013-09-05 10:40 - 2013-09-05 10:40 - 96029535 _____ C:\Windows\system32\챈蛕᭄h
2013-09-04 21:30 - 2013-09-04 17:30 - 95956132 _____ C:\Windows\system32\팞膱᭄v
2013-09-03 16:28 - 2013-05-06 10:48 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-03 16:28 - 2013-04-26 01:24 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-03 16:28 - 2013-04-26 01:24 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-01 16:47 - 2013-09-01 16:47 - 00987960 _____ C:\Windows\Minidump\090113-18002-01.dmp
2013-08-28 22:19 - 2013-08-28 22:19 - 00000000 ____D C:\Windows\system32\RTCOM
2013-08-28 22:19 - 2013-08-28 22:19 - 00000000 ____D C:\Program Files\Realtek
Some content of TEMP:
====================
C:\Users\Kini\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-24 20:40
==================== End Of Log ============================
--- --- --- additional dazu: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-09-2013 Ran by Kini at 2013-09-26 12:32:49 Running from E:\Dokumente\Computer Boot Mode: Normal ========================================================== ==================== Security Center ======================== ==================== Installed Programs ====================== Adobe AIR (Version: 3.7.0.1530) Adobe Bridge 1.0 (Version: 001.000.001) Adobe Common File Installer (Version: 1.00.001) Adobe Creative Suite 2 Adobe Download Assistant (Version: 1.2.5) Adobe Flash Player 11 ActiveX (Version: 11.8.800.175) Adobe Flash Player 11 Plugin (Version: 11.8.800.168) Adobe Help Center 1.0 (Version: 1.0.1) Adobe Illustrator CS2 (Version: 12.000.000) Adobe InDesign CS2 (Version: 004.000.000) Adobe Photoshop CS2 (Version: 9.0) Adobe Reader XI (11.0.04) - Deutsch (Version: 11.0.04) Adobe Stock Photos 1.0 (Version: 1.0.1) Adobe SVG Viewer 3.0 (Version: 3.0) Adobe Version Cue CS2 (Version: 2.0) Anvil Studio (Version: 13.08.01) AnyDVD (Version: 7.1.8.0) AquaSoft DiaShow 7 Ultimate (Version: 7.7.11) AquaSoftware Eyedestructor 1.501 (Version: 1.501) Ask Shopping Toolbar (Version: 12.4.0.1029) Ask Toolbar (Version: 12.2.2.676) Asterix and Obelix XXL2 (Version: 1.00.0000) aTube Catcher (Version: 2.9.1501) Audacity 2.0.3 (Version: 2.0.3) Avidemux 2.6 (32-bit) (Version: 2.6.3.8518) Avira Antivirus Premium (Version: 13.0.0.4052) BlockCAD 3.19 (Version: 3.19) Canon Easy-WebPrint EX Canon IJ Network Scan Utility Canon IJ Network Tool Canon MP Navigator EX 3.1 Canon MX340 series Benutzerregistrierung Canon MX340 series MP Drivers Canon Utilities Easy-PhotoPrint EX Canon Utilities My Printer Canon Utilities Solution Menu DVDStyler v2.4.3 easyHDR BASIC 2 (Version: 2.13.3) FileZilla Client 3.7.3 (Version: 3.7.3) Free Screen Video Recorder version 2.5.30.725 (Version: 2.5.30.725) Freemake Video Converter Version 4.0.1 (Version: 4.0.1) Freemake Video Downloader (Version: 3.5.3) GIMP 2.8.4 (Version: 2.8.4) Google Chrome (Version: 29.0.1547.76) Google Earth (Version: 7.1.1.1888) jAlbum (Version: 11.2.1) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) LAME v3.99.3 (for Windows) LEGO Digital Designer Lexware Info Service (Version: 2.90.00.0009) Luminance HDR 2.3.1 Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) MEDION NAS TOOL Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Mozilla Firefox 24.0 (x86 de) (Version: 24.0) Mozilla Maintenance Service (Version: 24.0) Mozilla Thunderbird 17.0.8 (x86 de) (Version: 17.0.8) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Musicmatch® Jukebox (Version: 9.00.0156) NVIDIA GAME System Software 2.8.1 (Version: 2.8.1) OpenOffice.org 3.4 (Version: 3.4.9590) Paragon Partition Manager™ 12 Free (Version: 90.00.0003) PDF Architect (Version: 1.1.83.9982) PDF Split And Merge Basic (Version: 2.2.2) PDFCreator (Version: 1.7.0) Picturenaut 3.2 (Version: 3.2.0.1690) PixiePack Codec Pack (Version: 1.0.100.0) Realtek High Definition Audio Driver (Version: 6.0.1.6873) Sherlock Holmes - Die Spur der Erwachten Remastered (Version: 1.00.0777) SILKYPIX Developer Studio 2.1 SE (Version: 2.1.0.2) Skype™ 6.6 (Version: 6.6.106) Spotify (HKCU Version: 0.9.0.129.g6978da9c) Suite Specific (Version: 2.0.0) TAXMAN 2013 (Version: 19.06.00.0003) Tunebite (Version: 6.0.31728.2500) Tweaking.com - Windows Repair (All in One) (Version: 1.9.18) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Video Downloader version 2.0 (Version: 2.0) WinPcap 4.1.2 (Version: 4.1.0.2001) XAMPP 1.8.1-0 (Version: 1.8.1-0) YTD Video Downloader 4.4 (Version: 4.4) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-14 04:04 - 2013-09-24 16:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {4648E1F1-F0B1-4C04-A33A-AE270D2D829B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-09] (Google Inc.) Task: {508CE812-F0C9-4A25-9BB4-538FB7D18297} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files\HomeTab\ProtectedSearch.exe Task: {86291118-796D-4674-BCAB-D72F084F3F2F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-21] (Adobe Systems Incorporated) Task: {AFAF1CBD-0716-4405-B61E-D2C48D6A6CF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-09] (Google Inc.) Task: {F774CFC2-F716-4239-89CA-B991A8723045} - \Browser Updater\Browser Updater No Task File Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-04-27 11:00 - 2013-03-15 18:38 - 00131160 _____ (SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll 2013-08-07 21:25 - 2013-08-07 21:25 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll 2013-04-28 10:50 - 2004-08-29 12:52 - 00434176 _____ () C:\Program Files\Musicmatch\Musicmatch Jukebox\CoreDll.dll 2013-04-28 10:50 - 2004-08-29 12:53 - 00495616 _____ (Sample Corporation) C:\Program Files\Musicmatch\Musicmatch Jukebox\MMVCP70.dll 2013-04-28 10:50 - 2004-08-29 12:53 - 00339968 _____ (Sample Corporation) C:\Program Files\Musicmatch\Musicmatch Jukebox\MMVCR70.dll 2013-04-28 10:50 - 2004-08-29 12:52 - 00122880 _____ () C:\Program Files\Musicmatch\Musicmatch Jukebox\TrackUtils.dll 2013-04-28 10:50 - 2004-08-29 12:52 - 00475264 _____ (Musicmatch, Inc.) C:\Program Files\Musicmatch\Musicmatch Jukebox\Enforce.dll 2013-04-28 10:50 - 2004-08-29 12:52 - 00385024 _____ (Musicmatch, Inc.) C:\Program Files\Musicmatch\Musicmatch Jukebox\SkinnedCtrls.dll 2013-04-28 10:50 - 2004-08-29 12:52 - 00106496 _____ (Musicmatch, Inc.) C:\Program Files\Musicmatch\Musicmatch Jukebox\MMReg.dll 2013-04-28 10:50 - 2004-08-29 12:52 - 00069632 _____ (Musicmatch, Inc.) C:\Program Files\Musicmatch\Musicmatch Jukebox\FileAssoc.dll 2013-04-26 09:54 - 2009-10-09 15:01 - 00354816 _____ (CANON INC.) C:\Windows\system32\CNMNPPM.DLL 2011-07-28 16:30 - 2011-07-28 16:30 - 00184688 _____ (Haufe-Lexware GmbH & Co. KG) C:\Program Files\Common Files\Lexware\Update Manager\lxiuum20.dll 2011-02-11 18:44 - 2011-02-11 18:44 - 00086016 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc 2013-03-09 14:48 - 2013-03-09 14:48 - 00097176 _____ (Elaborate Bytes AG) C:\Windows\system32\ElbyCDIO.dll 2013-03-16 13:02 - 2013-03-16 13:02 - 01162840 _____ (SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\AnyDialog.dll 2009-09-10 18:57 - 2009-09-10 18:57 - 00427312 _____ (hxxp://www.id3lib.org/) C:\Program Files\RapidSolution\Tunebite\id3libU.dll 2009-09-10 18:57 - 2009-09-10 18:57 - 03151152 _____ () C:\Program Files\RapidSolution\Tunebite\dllMiniplayU.dll 2009-09-10 18:53 - 2009-09-10 18:53 - 00540672 _____ () C:\Program Files\RapidSolution\Tunebite\SQLite3.dll 2009-09-10 18:53 - 2009-09-10 18:53 - 01413120 _____ (RapidSolution Software AG) C:\Program Files\RapidSolution\Tunebite\RSTagLib.dll 2009-09-10 18:53 - 2009-09-10 18:53 - 00372736 _____ () C:\Program Files\RapidSolution\Tunebite\libfaad2.dll 2009-09-10 18:53 - 2009-09-10 18:53 - 00266240 _____ () C:\Program Files\RapidSolution\Tunebite\libFLAC_dynamic.dll 2009-09-10 18:53 - 2009-09-10 18:53 - 00122880 _____ () C:\Program Files\RapidSolution\Tunebite\libFLAC++_dynamic.dll 2009-09-10 18:58 - 2009-09-10 18:58 - 01455408 _____ () C:\Program Files\RapidSolution\Tunebite\StreamingClient.dll 2009-07-28 18:16 - 2009-07-28 18:16 - 00061440 _____ () C:\Program Files\RapidSolution\Tunebite\boost_thread-vc80-mt-1_39.dll 2009-07-28 18:16 - 2009-07-28 18:16 - 00057344 _____ () C:\Program Files\RapidSolution\Tunebite\boost_date_time-vc80-mt-1_39.dll 2009-07-28 18:16 - 2009-07-28 18:16 - 00012288 _____ () C:\Program Files\RapidSolution\Tunebite\boost_system-vc80-mt-1_39.dll 2009-09-10 18:58 - 2009-09-10 18:58 - 01365296 _____ (RapidSolution Software AG) C:\Program Files\RapidSolution\Tunebite\update.dll 2009-09-10 18:57 - 2009-09-10 18:57 - 02086192 _____ (RapidSolution Software AG) C:\Program Files\RapidSolution\Tunebite\EncodingBackend.dll 2009-09-10 18:53 - 2009-09-10 18:53 - 00212992 _____ (RapidSolution Software AG) C:\Program Files\RapidSolution\Tunebite\MediaFinalizer.dll 2009-09-10 18:56 - 2009-09-10 18:56 - 00503808 _____ (RapidSolution Software AG) C:\Program Files\RapidSolution\Tunebite\lang\de.dll 2009-09-10 18:53 - 2009-09-10 18:53 - 00028672 _____ (RapidSolution Software AG) C:\Program Files\RapidSolution\Tunebite\lang\EncodingBackend\de.dll 2009-07-14 02:07 - 2009-07-14 03:14 - 00064000 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm 2009-09-10 18:52 - 2009-09-10 18:52 - 00040960 _____ () C:\Program Files\RapidSolution\Tunebite\lang\miniplay\de.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00386328 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\WebRip.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00505112 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\BadJojo.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00496920 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\BlipTV.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00501016 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\DailyMotion.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00505112 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\MetaCafe.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00566552 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\MusicLoad.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00509208 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\MySpace.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00521496 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\MyVideo.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00492824 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\PornoTube.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 01537304 _____ (RapidSolution Software AG) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\RadioRip.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00156952 _____ (RapidSolution Software AG) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\PlgIJigg.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00177432 _____ (RapidSolution Software AG) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\PlgImeem.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00136472 _____ (RapidSolution Software AG) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\PlgLastfm.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00156952 _____ (RapidSolution Software AG) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\PlgPandora.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00242968 _____ (RapidSolution Software AG) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\PlgSoundclick.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00496920 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\RedTube.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00488728 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\ROFL.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00501016 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\SevenLoad.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00509208 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\Tangle.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00505112 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\TimTube.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00496920 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\YouPorn.dll 2013-08-10 10:35 - 2013-08-10 10:35 - 00292120 _____ (RapidSolution Software) C:\ProgramData\RapidSolution\Tunebite\WebRipDLLs\YouTube.dll 2013-05-07 00:19 - 2012-10-07 12:08 - 00284288 _____ (Haufe-Lexware GmbH & Co. KG) C:\Program Files\Common Files\Lexware\LxWebAccess\LxNetworkDiagnostics.dll ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/26/2013 00:28:44 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: avmailc.exe, Version: 13.6.20.2202, Zeitstempel: 0x521f4012 Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften Prozesses: 0x9dc Startzeit der fehlerhaften Anwendung: 0xavmailc.exe0 Pfad der fehlerhaften Anwendung: avmailc.exe1 Pfad des fehlerhaften Moduls: avmailc.exe2 Berichtskennung: avmailc.exe3 Error: (09/26/2013 00:28:43 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: avmailc.exe, Version: 13.6.20.2202, Zeitstempel: 0x521f4012 Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften Prozesses: 0xda8 Startzeit der fehlerhaften Anwendung: 0xavmailc.exe0 Pfad der fehlerhaften Anwendung: avmailc.exe1 Pfad des fehlerhaften Moduls: avmailc.exe2 Berichtskennung: avmailc.exe3 Error: (09/26/2013 00:28:34 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: avmailc.exe, Version: 13.6.20.2202, Zeitstempel: 0x521f4012 Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften Prozesses: 0xc88 Startzeit der fehlerhaften Anwendung: 0xavmailc.exe0 Pfad der fehlerhaften Anwendung: avmailc.exe1 Pfad des fehlerhaften Moduls: avmailc.exe2 Berichtskennung: avmailc.exe3 Error: (09/26/2013 11:51:25 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/26/2013 11:33:13 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/26/2013 11:23:12 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/26/2013 10:00:21 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: FreemakeUtilsService.exe, Version: 1.0.0.0, Zeitstempel: 0x51f8da00 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb10c6 Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000812f ID des fehlerhaften Prozesses: 0x74c Startzeit der fehlerhaften Anwendung: 0xFreemakeUtilsService.exe0 Pfad der fehlerhaften Anwendung: FreemakeUtilsService.exe1 Pfad des fehlerhaften Moduls: FreemakeUtilsService.exe2 Berichtskennung: FreemakeUtilsService.exe3 Error: (09/26/2013 10:00:20 AM) (Source: .NET Runtime) (User: ) Description: Anwendung: FreemakeUtilsService.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.ArgumentException Stapel: bei System.Security.Principal.SecurityIdentifier..ctor(System.String) bei FreemakeUtilsService.Common.ToolbarInstallationChecker.GetSidToUsernameDictionary() bei FreemakeUtilsService.Common.ToolbarInstallationChecker.CheckInfo(FreemakeUtilsService.Common.FreemakeToolbarsInfo) bei FreemakeUtilsService.Statistics.Manager.StartToolbarInfoCheck() bei FreemakeUtilsService.Statistics.Manager.SettingsSyncFailed(System.Object, System.EventArgs) bei FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs) bei System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs) bei System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object) bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (09/26/2013 09:29:42 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: Tunebite.exe, Version: 6.0.31728.2500, Zeitstempel: 0x4aa9217c Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb10c6 Ausnahmecode: 0xe06d7363 Fehleroffset: 0x0000812f ID des fehlerhaften Prozesses: 0xfe8 Startzeit der fehlerhaften Anwendung: 0xTunebite.exe0 Pfad der fehlerhaften Anwendung: Tunebite.exe1 Pfad des fehlerhaften Moduls: Tunebite.exe2 Berichtskennung: Tunebite.exe3 Error: (09/25/2013 10:01:42 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (09/26/2013 00:29:04 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (09/26/2013 00:28:44 PM) (Source: Service Control Manager) (User: ) Description: Dienst "Avira Email Schutz" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert. Error: (09/26/2013 00:28:43 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Avira Email Schutz" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (09/26/2013 00:28:41 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Avira Email Schutz" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (09/26/2013 11:51:45 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (09/26/2013 11:51:45 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (09/26/2013 11:33:46 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (09/26/2013 11:22:57 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (09/26/2013 11:21:54 AM) (Source: BugCheck) (User: ) Description: 0x000000c2 (0x00000099, 0x8679301c, 0x00000000, 0x00000000)C:\Windows\MEMORY.DMP092613-39515-01 Error: (09/26/2013 10:00:31 AM) (Source: Service Control Manager) (User: ) Description: Dienst "Freemake Improver" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Microsoft Office Sessions: ========================= Error: (09/26/2013 00:28:44 PM) (Source: Application Error)(User: ) Description: avmailc.exe13.6.20.2202521f4012MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd9dc01cebaa32cf8b5f9C:\Program Files\Avira\AntiVir Desktop\avmailc.exeC:\Windows\system32\MSVCR100.dll6b12c026-2696-11e3-aa3e-4487fcd157d6 Error: (09/26/2013 00:28:43 PM) (Source: Application Error)(User: ) Description: avmailc.exe13.6.20.2202521f4012MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdda801cebaa32b8ee4cfC:\Program Files\Avira\AntiVir Desktop\avmailc.exeC:\Windows\system32\MSVCR100.dll6a629a52-2696-11e3-aa3e-4487fcd157d6 Error: (09/26/2013 00:28:34 PM) (Source: Application Error)(User: ) Description: avmailc.exe13.6.20.2202521f4012MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdc8801cebaa31dc72d79C:\Program Files\Avira\AntiVir Desktop\avmailc.exeC:\Windows\system32\MSVCR100.dll65514c5c-2696-11e3-aa3e-4487fcd157d6 Error: (09/26/2013 11:51:25 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/26/2013 11:33:13 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/26/2013 11:23:12 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/26/2013 10:00:21 AM) (Source: Application Error)(User: ) Description: FreemakeUtilsService.exe1.0.0.051f8da00KERNELBASE.dll6.1.7601.1822951fb10c6e04343520000812f74c01ceba29d3eb4188C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exeC:\Windows\system32\KERNELBASE.dllb0645472-2681-11e3-9e9d-4487fcd157d6 Error: (09/26/2013 10:00:20 AM) (Source: .NET Runtime)(User: ) Description: Anwendung: FreemakeUtilsService.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.ArgumentException Stapel: bei System.Security.Principal.SecurityIdentifier..ctor(System.String) bei FreemakeUtilsService.Common.ToolbarInstallationChecker.GetSidToUsernameDictionary() bei FreemakeUtilsService.Common.ToolbarInstallationChecker.CheckInfo(FreemakeUtilsService.Common.FreemakeToolbarsInfo) bei FreemakeUtilsService.Statistics.Manager.StartToolbarInfoCheck() bei FreemakeUtilsService.Statistics.Manager.SettingsSyncFailed(System.Object, System.EventArgs) bei FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs) bei System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs) bei System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object) bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (09/26/2013 09:29:42 AM) (Source: Application Error)(User: ) Description: Tunebite.exe6.0.31728.25004aa9217cKERNELBASE.dll6.1.7601.1822951fb10c6e06d73630000812ffe801ceba2a0631db9dC:\Program Files\RapidSolution\Tunebite\Tunebite.exeC:\Windows\system32\KERNELBASE.dll689b5f24-267d-11e3-9e9d-4487fcd157d6 Error: (09/25/2013 10:01:42 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 34% Total physical RAM: 3197.24 MB Available physical RAM: 2109.46 MB Total Pagefile: 6392.77 MB Available Pagefile: 4987.31 MB Total Virtual: 2047.88 MB Available Virtual: 1902.64 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:32.23 GB) (Free:3.63 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: () (Fixed) (Total:265.76 GB) (Free:35 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 000C6A20) Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Active) - (Size=32 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=266 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Kini farbar ist auch da: Code:
ATTFilter Farbar Service Scanner Version: 13-09-2013
Ran by Kini (administrator) on 26-09-2013 at 12:38:57
Running from "E:\Dokumente\Computer"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-08-14 22:15] - [2013-07-06 07:05] - 1293760 ____A (Microsoft Corporation) 4E8B9BE71B807B3BAEDB7F4243F85E3C
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-08-14 22:15] - [2013-07-09 06:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9
C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-10 22:50] - [2013-05-27 06:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
|
|
26.09.2013, 19:38
| #10 |
| /// the machine /// TB-Ausbilder | dauernd 100% CPU-Auslastung durch svchost.exe Wie läuft der Rechner?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.09.2013, 22:25
| #11 |
| | dauernd 100% CPU-Auslastung durch svchost.exe Es hängt an diesem svchost... Ich bin jetzt auf diesen Prozeßexplorer gestoßen. Dieser Prozeß ist es, der mir die CPU auslastet:  Kini Geändert von Der Kini (26.09.2013 um 22:34 Uhr) |
|
27.09.2013, 09:35
| #12 |
| /// the machine /// TB-Ausbilder | dauernd 100% CPU-Auslastung durch svchost.exe Win DVD zur Hand?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.09.2013, 12:29
| #13 |
| | dauernd 100% CPU-Auslastung durch svchost.exe Die könnt irgendwo rumliegen... Hab sie... :-) |
|
28.09.2013, 08:35
| #14 |
| /// the machine /// TB-Ausbilder | dauernd 100% CPU-Auslastung durch svchost.exe
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.10.2013, 09:39
| #15 |
| | dauernd 100% CPU-Auslastung durch svchost.exe Danke für die Hilfe. Das mit dem Upgrade hat - soweit ich das beurteilen kann - funktioniert, obwohl ich eine CPU-Auslastung von rund 10% im Leerlauf auch noch für überhöht halte. Es hat sich aber zumindest fürs nerste erledigt, meine Festplatte hat scheinbar die Grätsche gemacht. Zumindest sagt Windows-Setup beim Verusch zu reparien, daß keine Festplatte drin ist, oder die nicht reagiert. Auch im BIOS wird mir die Festplatte nimmer angezeigt. Kini |
|
| Themen zu dauernd 100% CPU-Auslastung durch svchost.exe |
| 100%, adware.packed.ranver, antivirus, browser, canon, desktop, farbar, farbar recovery scan tool, fehlermeldung, flash player, homepage, hometab\tbupdater.dll, installation, minidump, mozilla, nicht installiert, plug-in, problem, prozess, pup.optional.babylon.a, pup.optional.bundledtoolbar.a, pup.optional.datamngr.a, pup.optional.delta.a, pup.optional.hometab.a, pup.optional.opencandy, required, services.exe, software, speicherplatz, svchost.exe, system, taskmanager |
Linear-Darstellung
