| |
| |||||||
Log-Analyse und Auswertung: Windows 8: Rechner langsam, CPU fast immer 100%, Laufwerkfehler (lassen sich nicht korrigieren), Windowsupdates werden nicht installiertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
10.10.2013, 19:45
| #1 |
 |  Windows 8: Rechner langsam, CPU fast immer 100%, Laufwerkfehler (lassen sich nicht korrigieren), Windowsupdates werden nicht installiert Hallo Board, wie bereits im Titel geschrieben, haben sich nach und nach Probleme in meinen Rechner (aus 2005, ursprünglich XP, seit März 2013 Windows8 Pro) geschlichen, der bislang eigentlich gut lief: * Rechner langsam => OK... * CPU fast immer auf 100% => Naja... * Laufwerkfehler laut Wartungscenter angezeigt und lassen sich nicht beheben => Komisch * Laufwerk C wird nicht zur Defragmentation angezeigt => Komisch * Laufwerk D (separate FP) lässt sich nicht formatieren => Komisch * Updates von Windows werden nicht installiert => Bedenklich!! Nun hab ich mich bei euch eingelesen und eure Anleitung befolgt: Hier meine 4 LOG-Files als Anhang, da sie wohl zu groß für die direkte Darstellung sind. Vielleicht kann mir ja jemand helfen. Danke und Gruß Carsten |
|
10.10.2013, 20:00
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 8: Rechner langsam, CPU fast immer 100%, Laufwerkfehler (lassen sich nicht korrigieren), Windowsupdates werden nicht installiert Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
10.10.2013, 23:14
| #3 |
| | Windows 8: Rechner langsam, CPU fast immer 100%, Laufwerkfehler (lassen sich nicht korrigieren), Windowsupdates werden nicht installiert Zweiter Versuch:
__________________1.) Defogger disabled: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:55 on 10/10/2013 (Administrator)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
2.) FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Administrator (administrator) on CARSTEN_SIEMENS on 10-10-2013 18:56:20
Running from C:\Users\Administrator\Desktop
Microsoft Windows 8 Pro (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Juniper Networks, Inc.) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
() C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\FritzDsl.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Opera Software) C:\Program Files\Opera\opera.exe
(Farbar) C:\Users\Administrator\Desktop\2. FRST.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SoundMan] - C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-19] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [VirtualCloneDrive] - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [SAOB Monitor] - C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2571032 2011-09-22] (Acronis)
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5587832 2011-09-22] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [395344 2011-09-22] (Acronis)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
HKU\Carsten\...\Run: [icebear] - c:\program files\bayer vital gmbh\aspirin® complex screenmate\icebear.exe [ 2005-08-03] (Bayer Vital GmbH )
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk
ShortcutTarget: FRITZ!DSL Internet.lnk -> C:\Program Files\FRITZ!DSL\FritzDsl.exe (AVM Berlin)
Startup: C:\Users\Carsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk
ShortcutTarget: FRITZ!DSL Internet.lnk -> C:\Program Files\FRITZ!DSL\FritzDsl.exe (AVM Berlin)
Startup: C:\Users\Carsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk
ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
BootExecute: autocheck autochk /m /P \Device\HarddiskVolume8autocheck autochk *
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://microsoft.com/update
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF60AC7F6CB2FCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
========================== Services (Whitelisted) =================
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [805032 2011-09-22] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2013-04-21] (Acronis)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-19] (Avira Operations GmbH & Co. KG)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft)
S3 EFS; C:\Windows\system32\efssvc.dll [27136 2012-07-26] ()
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [73528 2009-07-28] (AVM Berlin)
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [167464 2013-03-27] (Juniper Networks, Inc.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S3 StorSvc; C:\Windows\system32\storsvc.dll [18432 2012-07-26] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14480 2013-07-02] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R3 ALCXWDM; C:\Windows\system32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [136672 2013-09-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [37352 2013-04-02] (Avira Operations GmbH & Co. KG)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
R3 FETNDIS; C:\Windows\system32\DRIVERS\fetn63.sys [54928 2012-07-06] (VIA Technologies, Inc. )
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R1 NEOFLTR_730_22751; C:\WINDOWS\system32\Drivers\NEOFLTR_730_22751.SYS [91824 2012-11-23] (Juniper Networks)
S3 OM518P; C:\Windows\System32\Drivers\om518vid.sys [183080 2001-10-09] (OmniVision Technologies, Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
R1 ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [28520 2013-03-17] (Avira GmbH)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [x]
S3 usbbus; \SystemRoot\System32\drivers\lgusbbus.sys [x]
S3 UsbDiag; \SystemRoot\system32\DRIVERS\lgusbdiag.sys [x]
S3 USBModem; \SystemRoot\system32\DRIVERS\lgusbmodem.sys [x]
U3 pxaoipog; \??\C:\Users\ADMINI~1\AppData\Local\Temp\pxaoipog.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-10 18:55 - 2013-10-10 18:55 - 00000488 _____ C:\Users\Administrator\Desktop\defogger_disable.log
2013-10-10 18:55 - 2013-10-10 18:55 - 00000000 _____ C:\Users\Administrator\defogger_reenable
2013-10-10 18:54 - 2013-10-10 18:54 - 00000000 ____D C:\FRST
2013-10-10 18:47 - 2013-10-10 18:47 - 00377856 _____ C:\Users\Administrator\Desktop\3. gmer_2.1.19163.exe
2013-10-10 18:45 - 2013-10-10 18:45 - 01087213 _____ (Farbar) C:\Users\Administrator\Desktop\2. FRST.exe
2013-10-10 18:36 - 2013-10-10 18:36 - 00050477 _____ C:\Users\Administrator\Desktop\1. Defogger.exe
2013-10-10 18:18 - 2013-10-10 18:19 - 00000000 ____D C:\Users\Administrator\AppData\Local\FreePDF_XP
2013-10-10 18:01 - 2013-10-10 18:01 - 00031557 _____ C:\Users\Administrator\Desktop\RKreport[0]_S_10102013_180157.txt
2013-10-10 17:57 - 2013-10-10 18:43 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
2013-10-10 17:41 - 2013-10-10 18:43 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2013-10-10 17:41 - 2013-10-10 17:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\OpenOffice
2013-10-10 10:00 - 2013-10-10 10:00 - 00000493 _____ C:\Users\Administrator\Desktop\Windows Update.lnk
2013-10-09 19:43 - 2013-10-09 19:43 - 00310416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-09 18:59 - 2013-09-14 00:58 - 00052656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-10-09 18:59 - 2013-09-14 00:36 - 02600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2013-10-09 18:59 - 2013-08-30 02:44 - 00054104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2013-10-09 18:59 - 2013-08-30 01:48 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2013-10-09 18:59 - 2013-08-21 06:28 - 00407384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2013-10-09 18:59 - 2013-08-10 07:24 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2013-10-09 18:59 - 2013-08-10 05:58 - 00656896 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2013-10-09 18:59 - 2013-07-25 01:10 - 10799104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2013-10-09 18:59 - 2013-07-12 03:30 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2013-10-09 18:10 - 2013-07-09 04:50 - 00085760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys
2013-10-09 18:09 - 2013-07-20 00:13 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 18:09 - 2013-07-02 00:15 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbscan.sys
2013-10-09 18:09 - 2013-07-02 00:15 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys
2013-10-09 18:09 - 2013-06-29 04:32 - 00026496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2013-10-09 18:09 - 2013-06-29 04:31 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2013-10-05 13:50 - 2013-10-05 13:50 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\AVG
2013-10-05 13:42 - 2013-10-05 13:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVG
2013-10-05 13:41 - 2013-10-05 13:43 - 00000000 ____D C:\ProgramData\AVG
2013-10-05 13:41 - 2013-10-05 13:41 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-10-03 23:44 - 2013-10-05 13:43 - 00000285 _____ C:\Users\Carsten\AppData\Roaming\GPU MeterV2_Settings.ini
2013-10-03 23:43 - 2013-10-03 23:45 - 00000579 _____ C:\Users\Carsten\AppData\Roaming\All CPU MeterV3_Settings.ini
2013-10-03 23:01 - 2013-10-03 23:01 - 00000000 ____D C:\Users\Carsten\AppData\Local\Clipboarder
2013-10-03 22:59 - 2013-10-03 23:02 - 00000000 ____D C:\Users\Carsten\AppData\Local\Sidebar7
2013-10-03 10:58 - 2012-07-26 06:17 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20131003-105802.backup
2013-10-03 10:02 - 2013-10-03 10:02 - 98878632 _____ C:\WINDOWS\system32\쏮Lī
2013-10-03 09:54 - 2013-10-03 09:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-03 09:53 - 2013-10-03 11:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-03 09:43 - 2013-10-10 18:04 - 00000000 ____D C:\AdwCleaner
2013-09-28 10:06 - 2013-09-28 10:06 - 98372650 _____ C:\WINDOWS\system32\걕ⱅL„
2013-09-25 10:34 - 2012-07-26 06:17 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20130925-103431.backup
2013-09-25 10:18 - 2013-09-25 10:18 - 97673008 _____ C:\WINDOWS\system32\堷Lp
2013-09-25 09:30 - 2013-09-25 09:30 - 00001151 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk
2013-09-25 09:30 - 2013-09-25 09:30 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\FreeFLVConverter
2013-09-25 08:56 - 2013-09-25 23:27 - 00000000 ____D C:\Users\Carsten\AppData\Local\CrashDumps
2013-09-25 08:55 - 2013-09-25 08:55 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\DivX
2013-09-24 21:32 - 2013-09-25 10:26 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2013-09-24 14:37 - 2013-10-09 19:20 - 00004525 _____ C:\WINDOWS\wininit.ini
2013-09-23 22:38 - 2013-09-23 22:48 - 00001030 _____ C:\LGITK.LOG
2013-09-22 09:41 - 2013-09-22 09:41 - 98547399 _____ C:\WINDOWS\system32\鬖銈LĖ
2013-09-21 12:24 - 2013-10-10 18:29 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-21 12:24 - 2013-10-10 17:48 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-21 12:24 - 2013-09-21 12:25 - 00000000 ____D C:\Program Files\Google
2013-09-21 09:38 - 2013-09-21 09:38 - 98498750 _____ C:\WINDOWS\system32\狗ᵙLŒ
2013-09-20 12:31 - 2013-09-20 12:31 - 98467286 _____ C:\WINDOWS\system32\≭ᶴLĬ
2013-09-19 10:10 - 2013-09-19 01:26 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-19 10:10 - 2013-09-19 01:26 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-19 09:38 - 2013-08-16 01:59 - 02156392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2013-09-19 09:38 - 2013-08-16 01:21 - 00051544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2013-09-19 09:38 - 2013-08-16 01:08 - 00199872 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
2013-09-19 09:38 - 2013-08-16 00:43 - 03831808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2013-09-19 09:38 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00083968 _____ C:\WINDOWS\system32\OEMLicense.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2013-09-19 09:38 - 2013-08-16 00:42 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2013-09-19 09:38 - 2013-08-16 00:42 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2013-09-19 09:38 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2013-09-19 09:38 - 2013-08-16 00:42 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2013-09-19 09:38 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcln.dll
2013-09-19 09:37 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-09-19 09:37 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-09-19 09:37 - 2013-08-21 04:06 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2013-09-19 09:37 - 2013-08-03 06:17 - 03390464 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-09-19 09:36 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2013-09-19 09:36 - 2013-08-21 04:06 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-09-19 09:36 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2013-09-19 09:36 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-09-19 09:36 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2013-09-19 09:36 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
==================== One Month Modified Files and Folders =======
2013-10-10 18:57 - 2013-03-17 17:46 - 02770524 _____ C:\Users\Administrator\DesktopStCenter.txt
2013-10-10 18:55 - 2013-10-10 18:55 - 00000488 _____ C:\Users\Administrator\Desktop\defogger_disable.log
2013-10-10 18:55 - 2013-10-10 18:55 - 00000000 _____ C:\Users\Administrator\defogger_reenable
2013-10-10 18:55 - 2013-03-17 16:47 - 00000000 ____D C:\Users\Administrator
2013-10-10 18:54 - 2013-10-10 18:54 - 00000000 ____D C:\FRST
2013-10-10 18:49 - 2013-03-17 19:56 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-10 18:47 - 2013-10-10 18:47 - 00377856 _____ C:\Users\Administrator\Desktop\3. gmer_2.1.19163.exe
2013-10-10 18:45 - 2013-10-10 18:45 - 01087213 _____ (Farbar) C:\Users\Administrator\Desktop\2. FRST.exe
2013-10-10 18:43 - 2013-10-10 17:57 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
2013-10-10 18:43 - 2013-10-10 17:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2013-10-10 18:36 - 2013-10-10 18:36 - 00050477 _____ C:\Users\Administrator\Desktop\1. Defogger.exe
2013-10-10 18:36 - 2013-03-17 09:41 - 01122558 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-10 18:29 - 2013-09-21 12:24 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-10 18:19 - 2013-10-10 18:18 - 00000000 ____D C:\Users\Administrator\AppData\Local\FreePDF_XP
2013-10-10 18:04 - 2013-10-03 09:43 - 00000000 ____D C:\AdwCleaner
2013-10-10 18:01 - 2013-10-10 18:01 - 00031557 _____ C:\Users\Administrator\Desktop\RKreport[0]_S_10102013_180157.txt
2013-10-10 18:00 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\sru
2013-10-10 17:59 - 2013-03-17 13:36 - 00000000 ____D C:\Program Files\Opera
2013-10-10 17:53 - 2013-03-17 09:43 - 01745416 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-10 17:48 - 2013-09-21 12:24 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-10 17:45 - 2012-07-26 08:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-10 17:41 - 2013-10-10 17:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\OpenOffice
2013-10-10 16:49 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-10-10 16:06 - 2011-01-30 21:32 - 21702718 _____ C:\Users\Carsten\DesktopStCenter.txt
2013-10-10 13:54 - 2013-04-03 14:36 - 00000000 ____D C:\Users\Carsten\AppData\Local\FreePDF_XP
2013-10-10 10:00 - 2013-10-10 10:00 - 00000493 _____ C:\Users\Administrator\Desktop\Windows Update.lnk
2013-10-09 20:19 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\rescache
2013-10-09 20:05 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-09 19:43 - 2013-10-09 19:43 - 00310416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-09 19:43 - 2013-07-15 15:38 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-10-09 19:43 - 2013-03-17 09:23 - 00030640 _____ C:\WINDOWS\PFRO.log
2013-10-09 19:20 - 2013-09-24 14:37 - 00004525 _____ C:\WINDOWS\wininit.ini
2013-10-09 19:03 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\WinStore
2013-10-09 18:15 - 2013-07-11 16:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-09 18:11 - 2013-03-17 15:10 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-09 18:06 - 2013-03-17 17:46 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\FRITZ!
2013-10-06 23:01 - 2013-04-22 02:22 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\vlc
2013-10-05 13:50 - 2013-10-05 13:50 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\AVG
2013-10-05 13:43 - 2013-10-05 13:41 - 00000000 ____D C:\ProgramData\AVG
2013-10-05 13:43 - 2013-10-03 23:44 - 00000285 _____ C:\Users\Carsten\AppData\Roaming\GPU MeterV2_Settings.ini
2013-10-05 13:42 - 2013-10-05 13:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVG
2013-10-05 13:41 - 2013-10-05 13:41 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-10-04 02:18 - 2012-07-26 06:17 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2013-10-04 02:10 - 2013-08-20 14:53 - 00000000 ____D C:\WINDOWS\Minidump
2013-10-04 02:01 - 2013-08-19 18:12 - 00000000 ____D C:\Program Files\SpeedFan
2013-10-03 23:45 - 2013-10-03 23:43 - 00000579 _____ C:\Users\Carsten\AppData\Roaming\All CPU MeterV3_Settings.ini
2013-10-03 23:02 - 2013-10-03 22:59 - 00000000 ____D C:\Users\Carsten\AppData\Local\Sidebar7
2013-10-03 23:01 - 2013-10-03 23:01 - 00000000 ____D C:\Users\Carsten\AppData\Local\Clipboarder
2013-10-03 22:57 - 2012-07-26 08:53 - 00000000 ___SD C:\Program Files\Windows Sidebar
2013-10-03 11:06 - 2013-10-03 09:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-03 10:53 - 2005-09-20 08:33 - 00000245 ___SH C:\boot.ini
2013-10-03 10:02 - 2013-10-03 10:02 - 98878632 _____ C:\WINDOWS\system32\쏮Lī
2013-10-03 09:54 - 2013-10-03 09:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-28 10:06 - 2013-09-28 10:06 - 98372650 _____ C:\WINDOWS\system32\걕ⱅL„
2013-09-26 19:22 - 2013-08-07 16:03 - 00000000 ____D C:\Program Files\iTunes
2013-09-26 19:20 - 2013-08-07 16:00 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-26 19:15 - 2013-08-18 11:49 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-25 23:27 - 2013-09-25 08:56 - 00000000 ____D C:\Users\Carsten\AppData\Local\CrashDumps
2013-09-25 10:26 - 2013-09-24 21:32 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2013-09-25 10:26 - 2013-08-20 14:27 - 00000000 ____D C:\ProgramData\DivX
2013-09-25 10:25 - 2013-08-04 14:30 - 00000000 ____D C:\Program Files\Free FLV Converter
2013-09-25 10:18 - 2013-09-25 10:18 - 97673008 _____ C:\WINDOWS\system32\堷Lp
2013-09-25 09:30 - 2013-09-25 09:30 - 00001151 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk
2013-09-25 09:30 - 2013-09-25 09:30 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\FreeFLVConverter
2013-09-25 09:21 - 2013-06-09 18:51 - 00009728 _____ C:\Users\Carsten\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-25 08:55 - 2013-09-25 08:55 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\DivX
2013-09-23 22:48 - 2013-09-23 22:38 - 00001030 _____ C:\LGITK.LOG
2013-09-22 09:41 - 2013-09-22 09:41 - 98547399 _____ C:\WINDOWS\system32\鬖銈LĖ
2013-09-21 18:44 - 2013-03-18 16:07 - 00000000 ____D C:\Program Files\GMX SMS-MMS-Manager
2013-09-21 12:25 - 2013-09-21 12:24 - 00000000 ____D C:\Program Files\Google
2013-09-21 12:23 - 2013-08-04 14:41 - 00000000 ____D C:\Users\Carsten\AppData\Local\Google
2013-09-21 09:38 - 2013-09-21 09:38 - 98498750 _____ C:\WINDOWS\system32\狗ᵙLŒ
2013-09-20 12:31 - 2013-09-20 12:31 - 98467286 _____ C:\WINDOWS\system32\≭ᶴLĬ
2013-09-19 16:07 - 2011-01-30 21:51 - 00000000 ____D C:\Users\Carsten\Documents\Daten und Korrespondenz
2013-09-19 10:50 - 2013-03-18 16:07 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-09-19 10:16 - 2013-05-06 13:41 - 00065632 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2013-09-19 10:16 - 2013-03-17 11:29 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-09-19 10:16 - 2013-03-17 11:29 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-09-19 10:04 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\de-DE
2013-09-19 01:26 - 2013-09-19 10:10 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-19 01:26 - 2013-09-19 10:10 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-14 00:58 - 2013-10-09 18:59 - 00052656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-09-14 00:36 - 2013-10-09 18:59 - 02600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Administrator\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Administrator\AppData\Local\Temp\sfamcc00002.dll
C:\Users\Carsten\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Carsten\AppData\Local\Temp\ResetDevice.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-10 13:38
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- 3.) Addition Farbar Recovery: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by Administrator at 2013-10-10 18:57:30
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
7-Zip 9.20
8GadgetPack (Version: 6.0.0)
Acronis*True*Image*Home 2011 (Version: 14.0.6942)
Adobe AIR (Version: 3.8.0.1430)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Shockwave Player 12.0 (Version: 12.0.4.144)
Aspirin® Complex Screenmate (Version: 1.00.0004)
Avira Free Antivirus (Version: 13.0.0.4052)
AVM FRITZ!DSL (Version: 2.04.03)
Brother MFL-Pro Suite DCP-195C (Version: 2.0.0.0)
CDBurnerXP (Version: 4.5.2.4214)
Classic Shell (Version: 3.6.8)
ClipGrab 3.2.1.2
CPUID CPU-Z 1.63.0
DVD Flick 1.3.0.7 (Version: 1.3.0.7)
FreePDF (Remove only)
GMX ProfiFax (Version: 2.00.236)
GMX SMS-Manager (Version: 3.2.4)
Google Earth Plug-in (Version: 7.1.1.1888)
GPL Ghostscript (Version: 9.04)
ImgBurn (Version: 2.5.5.0)
IrfanView (remove only) (Version: 4.36)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Juniper Networks Junos Pulse Collaboration 7.4.0 (HKCU Version: 7.4.0.24401)
Juniper Networks Secure Application Manager (Version: 7.3.0.22751)
Juniper Networks, Inc. Setup Client (HKCU Version: 7.4.2.34169)
Junos Pulse Collaboration 7.4.0 (Version: 7.4.24401)
Junos Pulse Collaboration 7.4.0 Admin (Version: 7.4.24401)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
NVIDIA Grafiktreiber 307.74 (Version: 307.74)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Systemsteuerung 307.74 (Version: 307.74)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
OpenOffice 4.0.0 (Version: 4.00.9702)
Opera 12.16 (Version: 12.16.1860)
Pazera Free FLV to AVI Converter 1.7 (Version: 1.7)
PDF-Viewer (Version: 2.5.210.0)
Realtek AC'97 Audio
RedMon - Redirection Port Monitor
Secunia PSI (3.0.0.7011) (Version: 3.0.0.7011)
Skype™ 6.3 (Version: 6.3.105)
SpeedFan (remove only)
Steuer 2012 (Version: 20.00.8137)
swMSM (Version: 12.0.0.1)
TerraCam USB Pro (Version: 2.0.0.0000)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VirtualCloneDrive
VLC media player 2.0.8 (Version: 2.0.8)
WinDirStat 1.1.2
==================== Restore Points =========================
26-09-2013 17:08:54 Removed iTunes
03-10-2013 20:54:58 Installed 8GadgetPack
09-10-2013 15:36:43 AVG PC TuneUp wird entfernt
==================== Hosts content: ==========================
2012-07-26 06:17 - 2012-07-26 06:17 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {5777FF50-C75D-4481-8459-F92A1D9E9092} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {71976875-B46F-46DA-A24E-89D46835231D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-21] (Google Inc.)
Task: {74E1D25E-042F-4B6E-B425-89D539C8377E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {ADD07284-0D43-42AB-BFCB-DF4633902ADE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-21] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-03-18 18:38 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2009-02-04 13:08 - 2009-02-04 13:08 - 00207872 _____ () C:\Program Files\FRITZ!DSL\C90dll.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: TerraCam USB Pro
Description: TerraCam USB Pro
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: OVT
Service: OM518P
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/10/2013 06:43:36 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: soffice.bin, Version: 4.0.9702.500, Zeitstempel: 0x51de9766
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451, Zeitstempel: 0x50988a1f
Ausnahmecode: 0x00000000
Fehleroffset: 0x00012005
ID des fehlerhaften Prozesses: 0x68
Startzeit der fehlerhaften Anwendung: 0xsoffice.bin0
Pfad der fehlerhaften Anwendung: soffice.bin1
Pfad des fehlerhaften Moduls: soffice.bin2
Berichtskennung: soffice.bin3
Vollständiger Name des fehlerhaften Pakets: soffice.bin4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: soffice.bin5
Error: (10/10/2013 06:40:55 PM) (Source: Application Hang) (User: )
Description: Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 698
Startzeit: 01cec5d5570a4da6
Endzeit: 4294967295
Anwendungspfad: C:\Users\Administrator\Desktop\OTL.exe
Berichts-ID: ba3d9622-31ca-11e3-b033-0011d8883bcc
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (10/10/2013 06:29:27 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi
Error: (10/10/2013 06:23:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: CARSTEN_SIEMENS)
Description: Bei der Aktivierung der App „Microsoft.Reader_6.2.8516.0_x86__8wekyb3d8bbwe:Microsoft.Reader.AppXqwpk1t4bvqdvwhxhbyg53psw2e2hmdrd.mca“ ist folgender Fehler aufgetreten: -2144927149. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (10/10/2013 06:22:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: soffice.bin, Version: 4.0.9702.500, Zeitstempel: 0x51de9766
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451, Zeitstempel: 0x50988a1f
Ausnahmecode: 0x00000000
Fehleroffset: 0x00012005
ID des fehlerhaften Prozesses: 0xec8
Startzeit der fehlerhaften Anwendung: 0xsoffice.bin0
Pfad der fehlerhaften Anwendung: soffice.bin1
Pfad des fehlerhaften Moduls: soffice.bin2
Berichtskennung: soffice.bin3
Vollständiger Name des fehlerhaften Pakets: soffice.bin4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: soffice.bin5
Error: (10/10/2013 06:22:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: CARSTEN_SIEMENS)
Description: Bei der Aktivierung der App „Microsoft.Reader_6.2.8516.0_x86__8wekyb3d8bbwe:Microsoft.Reader.AppXqwpk1t4bvqdvwhxhbyg53psw2e2hmdrd.mca“ ist folgender Fehler aufgetreten: -2144927149. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (10/10/2013 06:19:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: CARSTEN_SIEMENS)
Description: Bei der Aktivierung der App „Microsoft.Reader_6.2.8516.0_x86__8wekyb3d8bbwe:Microsoft.Reader.AppXqwpk1t4bvqdvwhxhbyg53psw2e2hmdrd.mca“ ist folgender Fehler aufgetreten: -2144927149. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (10/10/2013 06:11:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: soffice.bin, Version: 4.0.9702.500, Zeitstempel: 0x51de9766
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451, Zeitstempel: 0x50988a1f
Ausnahmecode: 0x00000000
Fehleroffset: 0x00012005
ID des fehlerhaften Prozesses: 0xc6c
Startzeit der fehlerhaften Anwendung: 0xsoffice.bin0
Pfad der fehlerhaften Anwendung: soffice.bin1
Pfad des fehlerhaften Moduls: soffice.bin2
Berichtskennung: soffice.bin3
Vollständiger Name des fehlerhaften Pakets: soffice.bin4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: soffice.bin5
Error: (10/10/2013 05:50:49 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: soffice.bin, Version: 4.0.9702.500, Zeitstempel: 0x51de9766
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451, Zeitstempel: 0x50988a1f
Ausnahmecode: 0x00000000
Fehleroffset: 0x00012005
ID des fehlerhaften Prozesses: 0xef4
Startzeit der fehlerhaften Anwendung: 0xsoffice.bin0
Pfad der fehlerhaften Anwendung: soffice.bin1
Pfad des fehlerhaften Moduls: soffice.bin2
Berichtskennung: soffice.bin3
Vollständiger Name des fehlerhaften Pakets: soffice.bin4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: soffice.bin5
Error: (10/10/2013 05:42:33 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: soffice.bin, Version: 4.0.9702.500, Zeitstempel: 0x51de9766
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451, Zeitstempel: 0x50988a1f
Ausnahmecode: 0x00000000
Fehleroffset: 0x00012005
ID des fehlerhaften Prozesses: 0xcdc
Startzeit der fehlerhaften Anwendung: 0xsoffice.bin0
Pfad der fehlerhaften Anwendung: soffice.bin1
Pfad des fehlerhaften Moduls: soffice.bin2
Berichtskennung: soffice.bin3
Vollständiger Name des fehlerhaften Pakets: soffice.bin4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: soffice.bin5
System errors:
=============
Error: (10/10/2013 05:49:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1070
Error: (10/10/2013 05:49:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SSDP-Suche" wurde nicht richtig gestartet.
Error: (10/10/2013 05:49:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde nicht richtig gestartet.
Error: (10/10/2013 05:45:15 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT)
Description: Einige Features zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error: (10/10/2013 05:31:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1070
Error: (10/10/2013 05:31:07 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde nicht richtig gestartet.
Error: (10/10/2013 05:29:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1070
Error: (10/10/2013 05:29:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SSDP-Suche" wurde nicht richtig gestartet.
Error: (10/10/2013 05:29:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde nicht richtig gestartet.
Error: (10/10/2013 05:26:30 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT)
Description: Einige Features zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Microsoft Office Sessions:
=========================
Error: (10/10/2013 06:43:36 PM) (Source: Application Error)(User: )
Description: soffice.bin4.0.9702.50051de9766KERNELBASE.dll6.2.9200.1645150988a1f00000000000120056801cec5d7db79184cC:\Program Files\OpenOffice 4\program\soffice.binC:\WINDOWS\system32\KERNELBASE.dll1b55f3ef-31cb-11e3-b033-0011d8883bcc
Error: (10/10/2013 06:40:55 PM) (Source: Application Hang)(User: )
Description: OTL.exe3.2.69.069801cec5d5570a4da64294967295C:\Users\Administrator\Desktop\OTL.exeba3d9622-31ca-11e3-b033-0011d8883bcc
Error: (10/10/2013 06:29:27 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (10/10/2013 06:23:05 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: CARSTEN_SIEMENS)
Description: Microsoft.Reader_6.2.8516.0_x86__8wekyb3d8bbwe:Microsoft.Reader.AppXqwpk1t4bvqdvwhxhbyg53psw2e2hmdrd.mca-2144927149
Error: (10/10/2013 06:22:44 PM) (Source: Application Error)(User: )
Description: soffice.bin4.0.9702.50051de9766KERNELBASE.dll6.2.9200.1645150988a1f0000000000012005ec801cec5d4f26316ecC:\Program Files\OpenOffice 4\program\soffice.binC:\WINDOWS\system32\KERNELBASE.dll30fe3732-31c8-11e3-b033-0011d8883bcc
Error: (10/10/2013 06:22:34 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: CARSTEN_SIEMENS)
Description: Microsoft.Reader_6.2.8516.0_x86__8wekyb3d8bbwe:Microsoft.Reader.AppXqwpk1t4bvqdvwhxhbyg53psw2e2hmdrd.mca-2144927149
Error: (10/10/2013 06:19:05 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: CARSTEN_SIEMENS)
Description: Microsoft.Reader_6.2.8516.0_x86__8wekyb3d8bbwe:Microsoft.Reader.AppXqwpk1t4bvqdvwhxhbyg53psw2e2hmdrd.mca-2144927149
Error: (10/10/2013 06:11:44 PM) (Source: Application Error)(User: )
Description: soffice.bin4.0.9702.50051de9766KERNELBASE.dll6.2.9200.1645150988a1f0000000000012005c6c01cec5d3683ff21fC:\Program Files\OpenOffice 4\program\soffice.binC:\WINDOWS\system32\KERNELBASE.dlla75bacef-31c6-11e3-b033-0011d8883bcc
Error: (10/10/2013 05:50:49 PM) (Source: Application Error)(User: )
Description: soffice.bin4.0.9702.50051de9766KERNELBASE.dll6.2.9200.1645150988a1f0000000000012005ef401cec5d07d186541C:\Program Files\OpenOffice 4\program\soffice.binC:\WINDOWS\system32\KERNELBASE.dllbbb8243a-31c3-11e3-b033-0011d8883bcc
Error: (10/10/2013 05:42:33 PM) (Source: Application Error)(User: )
Description: soffice.bin4.0.9702.50051de9766KERNELBASE.dll6.2.9200.1645150988a1f0000000000012005cdc01cec5cf555c2d8bC:\Program Files\OpenOffice 4\program\soffice.binC:\WINDOWS\system32\KERNELBASE.dll93f98a17-31c2-11e3-b032-0011d8883bcc
==================== Memory info ===========================
Percentage of memory in use: 69%
Total physical RAM: 1534.8 MB
Available physical RAM: 463.15 MB
Total Pagefile: 3068.8 MB
Available Pagefile: 1880.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.76 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:149.05 GB) (Free:46.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Sicherung Eigene Dokumente) (Fixed) (Total:76.33 GB) (Free:14.31 GB) NTFS
Drive g: (STICK 1 GB) (Removable) (Total:0.97 GB) (Free:0.97 GB) FAT32
Drive y: (Systemauslagerung) (Fixed) (Total:14.33 GB) (Free:12.71 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 4494C9E0)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 76 GB) (Disk ID: B9974D25)
Partition 1: (Not Active) - (Size=76 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 14 GB) (Disk ID: 4C77EA61)
Partition 1: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
========================================================
Disk: 8 (Size: 1000 MB) (Disk ID: 0DFF7265)
No partition Table on disk 8.
==================== End Of Log ============================
4.) GMER: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-11 00:07:31
Windows 6.2.9200 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 SAMSUNG_SP1604N rev.TM100-24 149,05GB
Running: 3. gmer_2.1.19163.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pxaoipog.sys
---- System - GMER 2.1 ----
SSDT 8D53EEBF ZwTerminateProcess
SSDT 8D53EF32 ZwSystemDebugControl
SSDT 8D53EF2D ZwSetSecurityObject
SSDT 8D53EF23 ZwSetContextThread
SSDT 8D53EF28 ZwRequestWaitReplyPort
SSDT 8D53EF1E ZwCreateSection
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwReplacePartitionUnit + 26B1 8155CAB5 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 66A 8156139A 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\WINDOWS\system32\TrueSight.sys Das System kann die angegebene Datei nicht finden. !
---- Devices - GMER 2.1 ----
Device Ntfs.sys
AttachedDevice tdrpm273.sys
Device fastfat.SYS
AttachedDevice \Driver\tdx \Device\Tcp NEOFLTR_730_22751.SYS
Device pci.sys
Device volmgr.sys
AttachedDevice fltmgr.sys
AttachedDevice \Driver\tdx \Device\Udp NEOFLTR_730_22751.SYS
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat tdrpm273.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -376613297
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Bayer Vital GmbH\Aspirin\xae Complex Screenmate\icebear.exe 1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{9118CCF8-299A-11DA-9AB4-806D6172696F} 9451316696
---- EOF - GMER 2.1 ----
Geändert von Carsten1502 (10.10.2013 um 23:45 Uhr) Grund: Übersichtlichkeit |
|
11.10.2013, 08:55
| #4 |
| /// the machine /// TB-Ausbilder | Windows 8: Rechner langsam, CPU fast immer 100%, Laufwerkfehler (lassen sich nicht korrigieren), Windowsupdates werden nicht installiert hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.10.2013, 10:10
| #5 |
| | Windows 8: Rechner langsam, CPU fast immer 100%, Laufwerkfehler (lassen sich nicht korrigieren), Windowsupdates werden nicht installiert Hi, hier das ComboFix Logfile: Code:
ATTFilter ComboFix 13-10-09.01 - Administrator 11.10.2013 10:43:41.1.1 - x86
Microsoft Windows 8 Pro 6.2.9200.0.1252.49.1031.18.1535.549 [GMT 2:00]
ausgeführt von:: c:\users\Administrator\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-09-11 bis 2013-10-11 ))))))))))))))))))))))))))))))
.
.
2013-10-11 09:02 . 2013-10-11 09:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-10-10 16:54 . 2013-10-10 16:54 -------- d-----w- C:\FRST
2013-10-10 16:18 . 2013-10-11 07:07 -------- d-----w- c:\users\Administrator\AppData\Local\FreePDF_XP
2013-10-10 15:41 . 2013-10-10 17:58 -------- d-----w- c:\users\Administrator\AppData\Local\CrashDumps
2013-10-10 15:41 . 2013-10-10 15:41 -------- d-----w- c:\users\Administrator\AppData\Roaming\OpenOffice
2013-10-09 17:19 . 2013-10-09 17:19 -------- d-----w- c:\users\Administrator\AppData\Local\Programs
2013-10-09 16:10 . 2013-07-09 02:50 85760 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2013-10-09 16:09 . 2013-07-01 22:15 36864 ----a-w- c:\windows\system32\drivers\usbscan.sys
2013-10-09 16:09 . 2013-07-01 22:15 18944 ----a-w- c:\windows\system32\drivers\usbprint.sys
2013-10-09 16:09 . 2013-06-29 02:32 26496 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-10-09 16:09 . 2013-06-29 02:31 61440 ----a-w- c:\windows\system32\drivers\hidclass.sys
2013-10-09 16:09 . 2013-07-19 22:13 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-05 11:50 . 2013-10-05 11:50 -------- d-----w- c:\users\Carsten\AppData\Roaming\AVG
2013-10-05 11:42 . 2013-10-05 11:42 -------- d-----w- c:\users\Administrator\AppData\Roaming\AVG
2013-10-05 11:41 . 2013-10-05 11:43 -------- d-----w- c:\programdata\AVG
2013-10-05 11:41 . 2013-10-05 11:41 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-10-05 09:22 . 2013-10-05 09:22 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2013-10-03 21:01 . 2013-10-03 21:01 -------- d-----w- c:\users\Carsten\AppData\Local\Clipboarder
2013-10-03 20:59 . 2013-10-03 21:02 -------- d-----w- c:\users\Carsten\AppData\Local\Sidebar7
2013-10-03 20:57 . 2012-05-19 04:43 1144832 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
2013-10-03 20:57 . 2012-05-19 04:41 77824 ----a-w- c:\program files\Windows Sidebar\sbdrop.dll
2013-10-03 20:57 . 2006-11-02 15:03 63488 ----a-w- c:\program files\Windows Sidebar\wlsrvc.dll
2013-10-03 20:57 . 2013-05-04 10:18 46080 ----a-w- c:\program files\Windows Sidebar\dwmapi.dll
2013-10-03 07:54 . 2013-10-03 07:54 -------- d-----w- c:\programdata\Malwarebytes
2013-10-03 07:53 . 2013-10-03 09:06 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-03 07:43 . 2013-10-10 16:04 -------- d-----w- C:\AdwCleaner
2013-09-25 07:30 . 2013-09-25 07:30 -------- d-----w- c:\users\Administrator\AppData\Roaming\FreeFLVConverter
2013-09-25 06:56 . 2013-09-25 21:27 -------- d-----w- c:\users\Carsten\AppData\Local\CrashDumps
2013-09-25 06:55 . 2013-09-25 06:55 -------- d-----w- c:\users\Carsten\AppData\Roaming\DivX
2013-09-24 19:32 . 2013-09-25 08:26 -------- d-----w- c:\program files\Common Files\DivX Shared
2013-09-21 10:24 . 2013-09-21 10:25 -------- d-----w- c:\program files\Google
2013-09-19 08:10 . 2013-09-18 23:26 78296 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-19 08:10 . 2013-09-18 23:26 694232 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-19 07:37 . 2013-08-03 04:17 3390464 ----a-w- c:\windows\system32\win32k.sys
2013-09-19 07:37 . 2013-08-21 02:05 2876928 ----a-w- c:\windows\system32\jscript9.dll
2013-09-19 07:37 . 2013-08-21 02:36 770648 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2013-09-19 07:37 . 2013-08-21 02:06 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-09-19 07:37 . 2013-08-21 02:06 817664 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-09-19 07:37 . 2013-08-21 02:06 661504 ----a-w- c:\windows\system32\uxtheme.dll
2013-09-19 07:37 . 2013-08-21 02:05 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-09-19 07:36 . 2013-08-21 02:06 44032 ----a-w- c:\windows\system32\UXInit.dll
2013-09-19 07:36 . 2013-08-21 02:05 108032 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-09-19 07:36 . 2013-08-21 02:05 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-09-19 07:36 . 2013-08-21 02:05 257536 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2013-09-19 07:36 . 2013-08-21 02:05 236032 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2013-09-19 07:36 . 2013-08-21 01:43 2706432 ----a-w- c:\windows\system32\mshtml.tlb
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-19 08:16 . 2013-05-06 11:41 65632 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-09-19 08:16 . 2013-03-17 09:29 88840 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-09-19 08:16 . 2013-03-17 09:29 136672 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-07-18 10:14 . 2013-07-18 10:14 74703 ----a-w- c:\windows\system32\mfc45.dat
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-06-29 08:49 594432 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-09-19 347192]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2013-03-14 373760]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2012-09-25 1163264]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SAOB Monitor"="c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-09-22 2571032]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-09-22 5587832]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-09-22 395344]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Internet.lnk - c:\program files\FRITZ!DSL\FritzDsl.exe [2009-7-27 987960]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
HotSync Manager.lnk - c:\programs~1\Palm\hotsync.exe [2013-4-21 263680]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-7-3 563416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableCursorSuppression"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /m /P \Device\HarddiskVolume8\0autocheck autochk *
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2013-04-21 752128]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-04-02 37352]
S1 NEOFLTR_730_22751;Juniper Networks TDI Filter Driver (NEOFLTR_730_22751);c:\windows\system32\Drivers\NEOFLTR_730_22751.SYS [2012-11-23 91824]
S2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2013-04-21 3246040]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-09-19 84024]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE [2009-07-28 73528]
S2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2013-03-27 167464]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2013-07-03 1228504]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2013-07-03 660184]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2013-04-21 167968]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_x86.sys [2013-07-03 16024]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-17 18:49]
.
2013-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-21 10:24]
.
2013-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-21 10:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://microsoft.com/update
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-DivXMediaServer - c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
HKU-Default-Run-FRITZ!protect - FwebProt.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{553891B7-A0D5-4526-BE18-D3CE461D6310}"=hex:51,66,7a,6c,4c,1d,3b,1b,a7,8e,2b,
4a,e3,f1,4a,08,a1,14,96,8e,4e,5d,2f,0e
"{449D0D6E-2412-4E61-B68F-1CB625CD9E52}"=hex:51,66,7a,6c,4c,1d,3b,1b,7e,12,8e,
5b,24,75,0d,03,a9,83,59,f6,2d,8d,d2,4c
"{EA801577-E6AD-4BD5-8F71-4BE0154331A4}"=hex:51,66,7a,6c,4c,1d,3b,1b,67,0a,93,
f5,9b,b7,b9,06,90,7d,0e,a0,1d,03,7d,ba
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,88,07,
69,c6,87,40,0b,a9,e7,91,9a,f9,99,61,5d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,db,
c4,73,f5,37,0e,a3,78,d9,65,c9,85,c4,b7
"{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}"=hex:51,66,7a,6c,4c,1d,3b,1b,65,f2,5b,
b1,60,0b,33,01,a4,c2,2a,5a,cb,c7,13,78
"{C728ECCB-7A57-4AFF-AB17-6434AFF18F49}"=hex:51,66,7a,6c,4c,1d,3b,1b,db,f3,3b,
d8,61,2b,93,07,b4,1b,21,74,a7,b1,c3,57
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:39,25,67,d4,aa,a4,ce,01
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,76,96,85,6e,34,d1,41,91,9c,50,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,76,96,85,6e,34,d1,41,91,9c,50,\
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Hash"="6toF4FqZ9CI="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Hash"="PENBi4/633I="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Hash"="Gbx0bTR0BVs="
"ProgId"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Hash"="GYrmpQMOP+Y="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (Administrator)
"Hash"="sNfaFMPswMg="
"ProgId"="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adt\UserChoice]
@Denied: (2) (Administrator)
"Hash"="lOS1kV0iZc8="
"ProgId"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adts\UserChoice]
@Denied: (2) (Administrator)
"Hash"="tWuP4W8cuzA="
"ProgId"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Hash"="Y+GYvvzmVtg="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (Administrator)
"Hash"="3zw++lE9gfk="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (Administrator)
"Hash"="nNB/hESlJqA="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (Administrator)
"Hash"="Mjd93FQyJuE="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (Administrator)
"Hash"="Qsqw9+lB7+c="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (Administrator)
"Hash"="XimINgjzheE="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (Administrator)
"Hash"="jVkV5N4flkc="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Hash"="Q43d//z4GJE="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Hash"="T4kVKaqD2TY="
"ProgId"="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Hash"="zFTOpjCdRe0="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Hash"="ygc12GkfUyM="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP2\UserChoice]
@Denied: (2) (Administrator)
"Hash"="BoCc9hSnf6g="
"ProgId"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Hash"="tIs40EPTE/E="
"ProgId"="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Hash"="SAuo/NMMfkE="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Hash"="E8Xf3VahEQg="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Hash"="y3Xlbm4G4A0="
"ProgId"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPE\UserChoice]
@Denied: (2) (Administrator)
"Hash"="Z9Pg95vE0+4="
"ProgId"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Hash"="ZsBXokkrRz4="
"ProgId"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Hash"="aGYz+ivP88g="
"ProgId"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Hash"="WtXPuo2Uo8g="
"ProgId"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oxps\UserChoice]
@Denied: (2) (Administrator)
"Hash"="t7DSZYJcJ0g="
"ProgId"="AppX86746z2101ayy2ygv3g96e4eqdf8r99j"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice]
@Denied: (2) (Administrator)
"Hash"="9ee2/uL+6GA="
"ProgId"="AppX86746z2101ayy2ygv3g96e4eqdf8r99j"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (Administrator)
"Hash"="EKznZ39alrU="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (Administrator)
"Hash"="xh0oADlMDRk="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (Administrator)
"Hash"="K3TC5Hcup7g="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Hash"="Vnjwt420kPE="
"ProgId"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Hash"="PR1n3VYLG3U="
"ProgId"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\UserChoice]
@Denied: (2) (Administrator)
"Hash"="FEGYwgFYcwA="
"ProgId"="txtfile"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Hash"="bal60haK06g="
"ProgId"="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\UserChoice]
@Denied: (2) (Administrator)
"Hash"="5LWAzGMYi50="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Hash"="t+tPu5hmIvM="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Hash"="WbCGh8AwleU="
"ProgId"="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Hash"="fc7eDj1nWBM="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WPL\UserChoice]
@Denied: (2) (Administrator)
"Hash"="SLtgDthwfK0="
"ProgId"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-1161230377-839233791-2051609808-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xps\UserChoice]
@Denied: (2) (Administrator)
"Hash"="aw3DZsPuq5Y="
"ProgId"="AppX86746z2101ayy2ygv3g96e4eqdf8r99j"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2013-10-11 11:05:24
ComboFix-quarantined-files.txt 2013-10-11 09:05
.
Vor Suchlauf: 15 Verzeichnis(se), 49.872.261.120 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 49.847.197.696 Bytes frei
.
- - End Of File - - 2EC61E2F5F652385E37C255637136B07
72B8CE41AF0DE751C946802B3ED844B4
Gruß Carsten |
|
12.10.2013, 14:24
| #6 |
| /// the machine /// TB-Ausbilder | Windows 8: Rechner langsam, CPU fast immer 100%, Laufwerkfehler (lassen sich nicht korrigieren), Windowsupdates werden nicht installiert Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows 8: Rechner langsam, CPU fast immer 100%, Laufwerkfehler (lassen sich nicht korrigieren), Windowsupdates werden nicht installiert |
|
12.10.2013, 20:00
| #7 |
| | Windows 8: Rechner langsam, CPU fast immer 100%, Laufwerkfehler (lassen sich nicht korrigieren), Windowsupdates werden nicht installiert Malwarebytes lief laut Anleitung (Quick-Scan) bereits ohne Befund (Scan anbei). Der ausführliche Scan läuft noch (bereits ein Fund). Restliche Logs folgen. Gruß Carsten Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.10.12.03 Windows 8 x86 NTFS Internet Explorer 10.0.9200.16688 Administrator :: CARSTEN_SIEMENS [Administrator] 12.10.2013 13:58:06 mbam-log-2013-10-12 (13-58-06).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 271583 Laufzeit: 16 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) 1.) mbam Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.10.12.03 Windows 8 x86 NTFS Internet Explorer 10.0.9200.16688 Administrator :: CARSTEN_SIEMENS [Administrator] 12.10.2013 13:58:06 mbam-log-2013-10-12 (13-58-06).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 271583 Laufzeit: 16 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) 2.) AdwCleaner: Code:
ATTFilter # AdwCleaner v3.007 - Bericht erstellt am 12/10/2013 um 20:02:04
# Updated 09/10/2013 von Xplode
# Betriebssystem : Windows 8 Pro (32 bits)
# Benutzername : Administrator - CARSTEN_SIEMENS
# Gestartet von : C:\Users\Administrator\Desktop\adwcleaner.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16688
*************************
AdwCleaner[R0].txt - [3857 octets] - [03/10/2013 09:43:17]
AdwCleaner[R1].txt - [766 octets] - [03/10/2013 09:49:40]
AdwCleaner[R2].txt - [1286 octets] - [10/10/2013 17:19:19]
AdwCleaner[R3].txt - [1010 octets] - [10/10/2013 18:02:57]
AdwCleaner[R4].txt - [1024 octets] - [12/10/2013 19:51:05]
AdwCleaner[R5].txt - [826 octets] - [12/10/2013 20:02:04]
AdwCleaner[S0].txt - [4048 octets] - [03/10/2013 09:44:42]
AdwCleaner[S1].txt - [1347 octets] - [10/10/2013 17:24:45]
AdwCleaner[S2].txt - [1086 octets] - [12/10/2013 19:57:41]
########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [1065 octets] ##########
3.) JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 8 Pro x86
Ran by Administrator on 12.10.2013 at 20:10:37,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.10.2013 at 20:16:55,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
4.) FRST: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Administrator (administrator) on CARSTEN_SIEMENS on 12-10-2013 20:18:15
Running from C:\Users\Administrator\Desktop
Microsoft Windows 8 Pro (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Juniper Networks, Inc.) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
() C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\FritzDsl.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\WINDOWS\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\TiWorker.exe
(Farbar) C:\Users\Administrator\Desktop\2. FRST.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SoundMan] - C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-19] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [VirtualCloneDrive] - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [SAOB Monitor] - C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2571032 2011-09-22] (Acronis)
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5587832 2011-09-22] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [395344 2011-09-22] (Acronis)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Carsten\...\Run: [icebear] - c:\program files\bayer vital gmbh\aspirin® complex screenmate\icebear.exe [ 2005-08-03] (Bayer Vital GmbH )
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk
ShortcutTarget: FRITZ!DSL Internet.lnk -> C:\Program Files\FRITZ!DSL\FritzDsl.exe (AVM Berlin)
Startup: C:\Users\Carsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk
ShortcutTarget: FRITZ!DSL Internet.lnk -> C:\Program Files\FRITZ!DSL\FritzDsl.exe (AVM Berlin)
Startup: C:\Users\Carsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk
ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
BootExecute: autocheck autochk /m /P \Device\HarddiskVolume8autocheck autochk *
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://microsoft.com/update
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF60AC7F6CB2FCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
========================== Services (Whitelisted) =================
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [805032 2011-09-22] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2013-04-21] (Acronis)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-19] (Avira Operations GmbH & Co. KG)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft)
S3 EFS; C:\Windows\system32\efssvc.dll [27136 2012-07-26] ()
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [73528 2009-07-28] (AVM Berlin)
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [167464 2013-03-27] (Juniper Networks, Inc.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S3 StorSvc; C:\Windows\system32\storsvc.dll [18432 2012-07-26] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14480 2013-07-02] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R3 ALCXWDM; C:\Windows\system32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [136672 2013-09-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [37352 2013-04-02] (Avira Operations GmbH & Co. KG)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
R3 FETNDIS; C:\Windows\system32\DRIVERS\fetn63.sys [54928 2012-07-06] (VIA Technologies, Inc. )
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-10-12] (Malwarebytes Corporation)
R1 NEOFLTR_730_22751; C:\WINDOWS\system32\Drivers\NEOFLTR_730_22751.SYS [91824 2012-11-23] (Juniper Networks)
S3 OM518P; C:\Windows\System32\Drivers\om518vid.sys [183080 2001-10-09] (OmniVision Technologies, Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
R1 ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [28520 2013-03-17] (Avira GmbH)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 catchme; \??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys [x]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [x]
S3 usbbus; \SystemRoot\System32\drivers\lgusbbus.sys [x]
S3 UsbDiag; \SystemRoot\system32\DRIVERS\lgusbdiag.sys [x]
S3 USBModem; \SystemRoot\system32\DRIVERS\lgusbmodem.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-12 20:16 - 2013-10-12 20:16 - 00000624 _____ C:\Users\Administrator\Desktop\JRT.txt
2013-10-12 20:10 - 2013-10-12 20:10 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-12 20:04 - 2013-10-12 20:10 - 00001145 _____ C:\Users\Administrator\Desktop\AdwCleaner.txt
2013-10-12 13:54 - 2013-10-12 13:54 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2013-10-12 13:54 - 2013-10-12 13:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-10-12 13:53 - 2013-10-12 13:53 - 00001073 _____ C:\Users\Public\Desktop\5. Malwarebytes Anti-Malware .lnk
2013-10-12 13:53 - 2013-10-12 13:53 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-12 13:53 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-10-12 10:48 - 2013-10-12 10:48 - 01032220 _____ (Thisisu) C:\Users\Administrator\Desktop\7. JRT.exe
2013-10-12 10:47 - 2013-10-12 10:47 - 01048960 _____ C:\Users\Administrator\Desktop\adwcleaner.exe
2013-10-11 13:55 - 2013-10-11 13:55 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Brother
2013-10-11 11:05 - 2013-10-11 11:05 - 00024728 _____ C:\ComboFix.txt
2013-10-11 10:38 - 2013-10-11 11:05 - 00000000 ____D C:\Qoobox
2013-10-11 10:38 - 2011-06-26 08:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-10-11 10:38 - 2010-11-07 19:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-10-11 10:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-10-11 10:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-10-11 10:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-10-11 10:38 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-10-11 10:38 - 2000-08-31 02:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-10-11 10:38 - 2000-08-31 02:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-10-11 10:38 - 2000-08-31 02:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-10-11 10:37 - 2013-10-11 11:03 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-11 10:37 - 2013-10-11 10:37 - 05131844 ____R (Swearware) C:\Users\Administrator\Desktop\4. ComboFix.exe
2013-10-11 00:07 - 2013-10-11 00:07 - 00004327 _____ C:\Users\Administrator\Desktop\GMER.txt
2013-10-10 18:55 - 2013-10-10 18:55 - 00000488 _____ C:\Users\Administrator\Desktop\defogger_disable.log
2013-10-10 18:55 - 2013-10-10 18:55 - 00000000 _____ C:\Users\Administrator\defogger_reenable
2013-10-10 18:54 - 2013-10-10 18:54 - 00000000 ____D C:\FRST
2013-10-10 18:47 - 2013-10-10 18:47 - 00377856 _____ C:\Users\Administrator\Desktop\3. gmer_2.1.19163.exe
2013-10-10 18:45 - 2013-10-10 18:45 - 01087213 _____ (Farbar) C:\Users\Administrator\Desktop\2. FRST.exe
2013-10-10 18:36 - 2013-10-10 18:36 - 00050477 _____ C:\Users\Administrator\Desktop\1. Defogger.exe
2013-10-10 18:18 - 2013-10-12 20:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\FreePDF_XP
2013-10-10 18:01 - 2013-10-10 18:01 - 00031557 _____ C:\Users\Administrator\Desktop\RKreport[0]_S_10102013_180157.txt
2013-10-10 17:57 - 2013-10-10 18:43 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
2013-10-10 17:41 - 2013-10-11 15:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2013-10-10 17:41 - 2013-10-10 17:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\OpenOffice
2013-10-10 10:00 - 2013-10-10 10:00 - 00000493 _____ C:\Users\Administrator\Desktop\Windows Update.lnk
2013-10-09 19:43 - 2013-10-09 19:43 - 00310416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-09 18:59 - 2013-09-14 00:58 - 00052656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-10-09 18:59 - 2013-09-14 00:36 - 02600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2013-10-09 18:59 - 2013-08-30 02:44 - 00054104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2013-10-09 18:59 - 2013-08-30 01:48 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2013-10-09 18:59 - 2013-08-21 06:28 - 00407384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2013-10-09 18:59 - 2013-08-10 07:24 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2013-10-09 18:59 - 2013-08-10 05:58 - 00656896 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2013-10-09 18:59 - 2013-07-25 01:10 - 10799104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2013-10-09 18:59 - 2013-07-12 03:30 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2013-10-09 18:10 - 2013-07-09 04:50 - 00085760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys
2013-10-09 18:09 - 2013-07-20 00:13 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 18:09 - 2013-07-02 00:15 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbscan.sys
2013-10-09 18:09 - 2013-07-02 00:15 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys
2013-10-09 18:09 - 2013-06-29 04:32 - 00026496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2013-10-09 18:09 - 2013-06-29 04:31 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2013-10-05 13:50 - 2013-10-05 13:50 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\AVG
2013-10-05 13:42 - 2013-10-05 13:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVG
2013-10-05 13:41 - 2013-10-05 13:43 - 00000000 ____D C:\ProgramData\AVG
2013-10-05 13:41 - 2013-10-05 13:41 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-10-03 23:44 - 2013-10-05 13:43 - 00000285 _____ C:\Users\Carsten\AppData\Roaming\GPU MeterV2_Settings.ini
2013-10-03 23:43 - 2013-10-03 23:45 - 00000579 _____ C:\Users\Carsten\AppData\Roaming\All CPU MeterV3_Settings.ini
2013-10-03 23:01 - 2013-10-03 23:01 - 00000000 ____D C:\Users\Carsten\AppData\Local\Clipboarder
2013-10-03 22:59 - 2013-10-03 23:02 - 00000000 ____D C:\Users\Carsten\AppData\Local\Sidebar7
2013-10-03 10:58 - 2012-07-26 06:17 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20131003-105802.backup
2013-10-03 10:02 - 2013-10-03 10:02 - 98878632 _____ C:\WINDOWS\system32\쏮Lī
2013-10-03 09:54 - 2013-10-03 09:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-03 09:53 - 2013-10-03 11:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-03 09:43 - 2013-10-12 20:09 - 00000000 ____D C:\AdwCleaner
2013-09-28 10:06 - 2013-09-28 10:06 - 98372650 _____ C:\WINDOWS\system32\걕ⱅL„
2013-09-25 10:34 - 2012-07-26 06:17 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20130925-103431.backup
2013-09-25 10:18 - 2013-09-25 10:18 - 97673008 _____ C:\WINDOWS\system32\堷Lp
2013-09-25 09:30 - 2013-09-25 09:30 - 00001151 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk
2013-09-25 09:30 - 2013-09-25 09:30 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\FreeFLVConverter
2013-09-25 08:56 - 2013-09-25 23:27 - 00000000 ____D C:\Users\Carsten\AppData\Local\CrashDumps
2013-09-25 08:55 - 2013-09-25 08:55 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\DivX
2013-09-24 21:32 - 2013-09-25 10:26 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2013-09-24 14:37 - 2013-10-09 19:20 - 00004525 _____ C:\WINDOWS\wininit.ini
2013-09-23 22:38 - 2013-09-23 22:48 - 00001030 _____ C:\LGITK.LOG
2013-09-22 09:41 - 2013-09-22 09:41 - 98547399 _____ C:\WINDOWS\system32\鬖銈LĖ
2013-09-21 12:24 - 2013-10-12 20:00 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-21 12:24 - 2013-10-12 19:29 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-21 12:24 - 2013-09-21 12:25 - 00000000 ____D C:\Program Files\Google
2013-09-21 09:38 - 2013-09-21 09:38 - 98498750 _____ C:\WINDOWS\system32\狗ᵙLŒ
2013-09-20 12:31 - 2013-09-20 12:31 - 98467286 _____ C:\WINDOWS\system32\≭ᶴLĬ
2013-09-19 10:10 - 2013-09-19 01:26 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-19 10:10 - 2013-09-19 01:26 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-19 09:38 - 2013-08-16 01:59 - 02156392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2013-09-19 09:38 - 2013-08-16 01:21 - 00051544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2013-09-19 09:38 - 2013-08-16 01:08 - 00199872 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
2013-09-19 09:38 - 2013-08-16 00:43 - 03831808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2013-09-19 09:38 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00083968 _____ C:\WINDOWS\system32\OEMLicense.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2013-09-19 09:38 - 2013-08-16 00:42 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2013-09-19 09:38 - 2013-08-16 00:42 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2013-09-19 09:38 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2013-09-19 09:38 - 2013-08-16 00:42 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2013-09-19 09:38 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcln.dll
2013-09-19 09:37 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-09-19 09:37 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-09-19 09:37 - 2013-08-21 04:06 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2013-09-19 09:37 - 2013-08-03 06:17 - 03390464 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-09-19 09:36 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2013-09-19 09:36 - 2013-08-21 04:06 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-09-19 09:36 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2013-09-19 09:36 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-09-19 09:36 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2013-09-19 09:36 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
==================== One Month Modified Files and Folders =======
2013-10-12 20:20 - 2013-03-17 17:46 - 05486456 _____ C:\Users\Administrator\DesktopStCenter.txt
2013-10-12 20:16 - 2013-10-12 20:16 - 00000624 _____ C:\Users\Administrator\Desktop\JRT.txt
2013-10-12 20:10 - 2013-10-12 20:10 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-12 20:10 - 2013-10-12 20:04 - 00001145 _____ C:\Users\Administrator\Desktop\AdwCleaner.txt
2013-10-12 20:09 - 2013-10-03 09:43 - 00000000 ____D C:\AdwCleaner
2013-10-12 20:07 - 2013-03-17 09:43 - 01745416 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-12 20:04 - 2013-03-17 09:41 - 02080749 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-12 20:03 - 2013-10-10 18:18 - 00000000 ____D C:\Users\Administrator\AppData\Local\FreePDF_XP
2013-10-12 20:00 - 2013-09-21 12:24 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-12 19:59 - 2012-07-26 08:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-12 19:50 - 2013-03-17 19:56 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-12 19:44 - 2013-03-17 09:23 - 00031638 _____ C:\WINDOWS\PFRO.log
2013-10-12 19:44 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-12 19:29 - 2013-09-21 12:24 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-12 19:00 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\sru
2013-10-12 13:54 - 2013-10-12 13:54 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2013-10-12 13:54 - 2013-10-12 13:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-10-12 13:53 - 2013-10-12 13:53 - 00001073 _____ C:\Users\Public\Desktop\5. Malwarebytes Anti-Malware .lnk
2013-10-12 13:53 - 2013-10-12 13:53 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-12 13:36 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-10-12 10:56 - 2013-03-17 17:46 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\FRITZ!
2013-10-12 10:48 - 2013-10-12 10:48 - 01032220 _____ (Thisisu) C:\Users\Administrator\Desktop\7. JRT.exe
2013-10-12 10:47 - 2013-10-12 10:47 - 01048960 _____ C:\Users\Administrator\Desktop\adwcleaner.exe
2013-10-11 15:14 - 2013-10-10 17:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2013-10-11 13:55 - 2013-10-11 13:55 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Brother
2013-10-11 11:05 - 2013-10-11 11:05 - 00024728 _____ C:\ComboFix.txt
2013-10-11 11:05 - 2013-10-11 10:38 - 00000000 ____D C:\Qoobox
2013-10-11 11:05 - 2013-03-17 09:31 - 00000000 ____D C:\Users\Admin
2013-10-11 11:05 - 2012-07-26 06:43 - 00000000 __RHD C:\Users\Default
2013-10-11 11:05 - 2012-07-26 06:43 - 00000000 ___RD C:\Users\Public
2013-10-11 11:03 - 2013-10-11 10:37 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-11 11:02 - 2012-07-26 06:17 - 00000215 _____ C:\WINDOWS\system.ini
2013-10-11 10:37 - 2013-10-11 10:37 - 05131844 ____R (Swearware) C:\Users\Administrator\Desktop\4. ComboFix.exe
2013-10-11 09:01 - 2012-07-26 06:17 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2013-10-11 00:07 - 2013-10-11 00:07 - 00004327 _____ C:\Users\Administrator\Desktop\GMER.txt
2013-10-10 19:11 - 2013-07-27 09:37 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-10-10 18:55 - 2013-10-10 18:55 - 00000488 _____ C:\Users\Administrator\Desktop\defogger_disable.log
2013-10-10 18:55 - 2013-10-10 18:55 - 00000000 _____ C:\Users\Administrator\defogger_reenable
2013-10-10 18:55 - 2013-03-17 16:47 - 00000000 ____D C:\Users\Administrator
2013-10-10 18:54 - 2013-10-10 18:54 - 00000000 ____D C:\FRST
2013-10-10 18:47 - 2013-10-10 18:47 - 00377856 _____ C:\Users\Administrator\Desktop\3. gmer_2.1.19163.exe
2013-10-10 18:45 - 2013-10-10 18:45 - 01087213 _____ (Farbar) C:\Users\Administrator\Desktop\2. FRST.exe
2013-10-10 18:43 - 2013-10-10 17:57 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
2013-10-10 18:36 - 2013-10-10 18:36 - 00050477 _____ C:\Users\Administrator\Desktop\1. Defogger.exe
2013-10-10 18:01 - 2013-10-10 18:01 - 00031557 _____ C:\Users\Administrator\Desktop\RKreport[0]_S_10102013_180157.txt
2013-10-10 17:59 - 2013-03-17 13:36 - 00000000 ____D C:\Program Files\Opera
2013-10-10 17:41 - 2013-10-10 17:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\OpenOffice
2013-10-10 16:06 - 2011-01-30 21:32 - 21702718 _____ C:\Users\Carsten\DesktopStCenter.txt
2013-10-10 13:54 - 2013-04-03 14:36 - 00000000 ____D C:\Users\Carsten\AppData\Local\FreePDF_XP
2013-10-10 10:00 - 2013-10-10 10:00 - 00000493 _____ C:\Users\Administrator\Desktop\Windows Update.lnk
2013-10-09 20:19 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\rescache
2013-10-09 19:43 - 2013-10-09 19:43 - 00310416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-09 19:43 - 2013-07-15 15:38 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-10-09 19:20 - 2013-09-24 14:37 - 00004525 _____ C:\WINDOWS\wininit.ini
2013-10-09 19:03 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\WinStore
2013-10-09 18:15 - 2013-07-11 16:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-09 18:11 - 2013-03-17 15:10 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-06 23:01 - 2013-04-22 02:22 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\vlc
2013-10-05 13:50 - 2013-10-05 13:50 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\AVG
2013-10-05 13:43 - 2013-10-05 13:41 - 00000000 ____D C:\ProgramData\AVG
2013-10-05 13:43 - 2013-10-03 23:44 - 00000285 _____ C:\Users\Carsten\AppData\Roaming\GPU MeterV2_Settings.ini
2013-10-05 13:42 - 2013-10-05 13:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVG
2013-10-05 13:41 - 2013-10-05 13:41 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-10-04 02:10 - 2013-08-20 14:53 - 00000000 ____D C:\WINDOWS\Minidump
2013-10-04 02:01 - 2013-08-19 18:12 - 00000000 ____D C:\Program Files\SpeedFan
2013-10-03 23:45 - 2013-10-03 23:43 - 00000579 _____ C:\Users\Carsten\AppData\Roaming\All CPU MeterV3_Settings.ini
2013-10-03 23:02 - 2013-10-03 22:59 - 00000000 ____D C:\Users\Carsten\AppData\Local\Sidebar7
2013-10-03 23:01 - 2013-10-03 23:01 - 00000000 ____D C:\Users\Carsten\AppData\Local\Clipboarder
2013-10-03 22:57 - 2012-07-26 08:53 - 00000000 ___SD C:\Program Files\Windows Sidebar
2013-10-03 11:06 - 2013-10-03 09:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-03 10:53 - 2005-09-20 08:33 - 00000245 ___SH C:\boot.ini
2013-10-03 10:02 - 2013-10-03 10:02 - 98878632 _____ C:\WINDOWS\system32\쏮Lī
2013-10-03 09:54 - 2013-10-03 09:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-28 10:06 - 2013-09-28 10:06 - 98372650 _____ C:\WINDOWS\system32\걕ⱅL„
2013-09-26 19:22 - 2013-08-07 16:03 - 00000000 ____D C:\Program Files\iTunes
2013-09-26 19:20 - 2013-08-07 16:00 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-26 19:15 - 2013-08-18 11:49 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-25 23:27 - 2013-09-25 08:56 - 00000000 ____D C:\Users\Carsten\AppData\Local\CrashDumps
2013-09-25 10:26 - 2013-09-24 21:32 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2013-09-25 10:26 - 2013-08-20 14:27 - 00000000 ____D C:\ProgramData\DivX
2013-09-25 10:25 - 2013-08-04 14:30 - 00000000 ____D C:\Program Files\Free FLV Converter
2013-09-25 10:18 - 2013-09-25 10:18 - 97673008 _____ C:\WINDOWS\system32\堷Lp
2013-09-25 09:30 - 2013-09-25 09:30 - 00001151 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk
2013-09-25 09:30 - 2013-09-25 09:30 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\FreeFLVConverter
2013-09-25 09:21 - 2013-06-09 18:51 - 00009728 _____ C:\Users\Carsten\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-25 08:55 - 2013-09-25 08:55 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\DivX
2013-09-23 22:48 - 2013-09-23 22:38 - 00001030 _____ C:\LGITK.LOG
2013-09-22 09:41 - 2013-09-22 09:41 - 98547399 _____ C:\WINDOWS\system32\鬖銈LĖ
2013-09-21 18:44 - 2013-03-18 16:07 - 00000000 ____D C:\Program Files\GMX SMS-MMS-Manager
2013-09-21 12:25 - 2013-09-21 12:24 - 00000000 ____D C:\Program Files\Google
2013-09-21 12:23 - 2013-08-04 14:41 - 00000000 ____D C:\Users\Carsten\AppData\Local\Google
2013-09-21 09:38 - 2013-09-21 09:38 - 98498750 _____ C:\WINDOWS\system32\狗ᵙLŒ
2013-09-20 12:31 - 2013-09-20 12:31 - 98467286 _____ C:\WINDOWS\system32\≭ᶴLĬ
2013-09-19 16:07 - 2011-01-30 21:51 - 00000000 ____D C:\Users\Carsten\Documents\Daten und Korrespondenz
2013-09-19 10:50 - 2013-03-18 16:07 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-09-19 10:16 - 2013-05-06 13:41 - 00065632 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2013-09-19 10:16 - 2013-03-17 11:29 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-09-19 10:16 - 2013-03-17 11:29 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-09-19 10:04 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\de-DE
2013-09-19 01:26 - 2013-09-19 10:10 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-19 01:26 - 2013-09-19 10:10 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-14 00:58 - 2013-10-09 18:59 - 00052656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-09-14 00:36 - 2013-10-09 18:59 - 02600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\AskSLib.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-10 21:09
==================== End Of Log ============================
--- --- --- --- --- --- 5.) FRST Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by Administrator at 2013-10-12 20:21:07
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
7-Zip 9.20
8GadgetPack (Version: 6.0.0)
Acronis*True*Image*Home 2011 (Version: 14.0.6942)
Adobe AIR (Version: 3.8.0.1430)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Shockwave Player 12.0 (Version: 12.0.4.144)
Aspirin® Complex Screenmate (Version: 1.00.0004)
Avira Free Antivirus (Version: 13.0.0.4052)
AVM FRITZ!DSL (Version: 2.04.03)
Brother MFL-Pro Suite DCP-195C (Version: 2.0.0.0)
CDBurnerXP (Version: 4.5.2.4214)
Classic Shell (Version: 3.6.8)
ClipGrab 3.2.1.2
CPUID CPU-Z 1.63.0
DVD Flick 1.3.0.7 (Version: 1.3.0.7)
FreePDF (Remove only)
GMX ProfiFax (Version: 2.00.236)
GMX SMS-Manager (Version: 3.2.4)
Google Earth Plug-in (Version: 7.1.1.1888)
GPL Ghostscript (Version: 9.04)
ImgBurn (Version: 2.5.5.0)
IrfanView (remove only) (Version: 4.36)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Juniper Networks Junos Pulse Collaboration 7.4.0 (HKCU Version: 7.4.0.24401)
Juniper Networks Secure Application Manager (Version: 7.3.0.22751)
Juniper Networks, Inc. Setup Client (HKCU Version: 7.4.2.34169)
Junos Pulse Collaboration 7.4.0 (Version: 7.4.24401)
Junos Pulse Collaboration 7.4.0 Admin (Version: 7.4.24401)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
NVIDIA Grafiktreiber 307.74 (Version: 307.74)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Systemsteuerung 307.74 (Version: 307.74)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
OpenOffice 4.0.0 (Version: 4.00.9702)
Opera 12.16 (Version: 12.16.1860)
Pazera Free FLV to AVI Converter 1.7 (Version: 1.7)
PDF-Viewer (Version: 2.5.210.0)
Realtek AC'97 Audio
RedMon - Redirection Port Monitor
Secunia PSI (3.0.0.7011) (Version: 3.0.0.7011)
Skype™ 6.3 (Version: 6.3.105)
SpeedFan (remove only)
Steuer 2012 (Version: 20.00.8137)
swMSM (Version: 12.0.0.1)
TerraCam USB Pro (Version: 2.0.0.0000)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VirtualCloneDrive
VLC media player 2.1.0 (Version: 2.1.0)
WinDirStat 1.1.2
==================== Restore Points =========================
26-09-2013 17:08:54 Removed iTunes
03-10-2013 20:54:58 Installed 8GadgetPack
09-10-2013 15:36:43 AVG PC TuneUp wird entfernt
11-10-2013 08:38:57 ComboFix created restore point
==================== Hosts content: ==========================
2012-07-26 06:17 - 2013-10-11 11:02 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {5777FF50-C75D-4481-8459-F92A1D9E9092} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {71976875-B46F-46DA-A24E-89D46835231D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-21] (Google Inc.)
Task: {74E1D25E-042F-4B6E-B425-89D539C8377E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {ADD07284-0D43-42AB-BFCB-DF4633902ADE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-21] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-03-18 18:38 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2009-02-04 13:08 - 2009-02-04 13:08 - 00207872 _____ () C:\Program Files\FRITZ!DSL\C90dll.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: TerraCam USB Pro
Description: TerraCam USB Pro
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: OVT
Service: OM518P
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 57%
Total physical RAM: 1534.8 MB
Available physical RAM: 644.8 MB
Total Pagefile: 3068.8 MB
Available Pagefile: 1915.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.76 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:149.05 GB) (Free:45.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Sicherung Eigene Dokumente) (Fixed) (Total:76.33 GB) (Free:14.31 GB) NTFS
Drive y: (Systemauslagerung) (Fixed) (Total:14.33 GB) (Free:12.71 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 4494C9E0)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 76 GB) (Disk ID: B9974D25)
Partition 1: (Not Active) - (Size=76 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 14 GB) (Disk ID: 4C77EA61)
Partition 1: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Das Problem, dass die MS-Updates nicht konfiguriert werden, bestehen leider weiterhin... Gruß Carsten |
|
13.10.2013, 14:01
| #8 |
| /// the machine /// TB-Ausbilder | Windows 8: Rechner langsam, CPU fast immer 100%, Laufwerkfehler (lassen sich nicht korrigieren), Windowsupdates werden nicht installiertESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.10.2013, 23:15
| #9 |
| | Windows 8: Rechner langsam, CPU fast immer 100%, Laufwerkfehler (lassen sich nicht korrigieren), Windowsupdates werden nicht installiert Eset-Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=91274f7c18963946bf4f5d7027ce3b7d
# engine=15467
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-13 09:09:37
# local_time=2013-10-13 11:09:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=1799 16775165 100 97 115199 18189947 107928 0
# compatibility_mode=5893 16776574 100 94 5210092 41204682 0 0
# scanned=237187
# found=0
# cleaned=0
# scan_time=10797
SecurityCheck Log: Code:
ATTFilter Results of screen317's Security Check version 0.99.74 x86 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Secunia PSI (3.0.0.7011) Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 40 Adobe Flash Player 11.9.900.117 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: ````````````````````End of Log`````````````````````` FRST-LOG: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Administrator (administrator) on CARSTEN_SIEMENS on 14-10-2013 00:20:08
Running from C:\Users\Administrator\Desktop
Microsoft Windows 8 Pro (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Juniper Networks, Inc.) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Opera Software) C:\Program Files\Opera\opera.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
() C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\FritzDsl.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\WINDOWS\system32\srtasks.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Farbar) C:\Users\Administrator\Desktop\2. FRST.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SoundMan] - C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-19] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [VirtualCloneDrive] - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [SAOB Monitor] - C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2571032 2011-09-22] (Acronis)
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5587832 2011-09-22] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [395344 2011-09-22] (Acronis)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Carsten\...\Run: [icebear] - c:\program files\bayer vital gmbh\aspirin® complex screenmate\icebear.exe [ 2005-08-03] (Bayer Vital GmbH )
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk
ShortcutTarget: FRITZ!DSL Internet.lnk -> C:\Program Files\FRITZ!DSL\FritzDsl.exe (AVM Berlin)
Startup: C:\Users\Carsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk
ShortcutTarget: FRITZ!DSL Internet.lnk -> C:\Program Files\FRITZ!DSL\FritzDsl.exe (AVM Berlin)
Startup: C:\Users\Carsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk
ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
BootExecute: autocheck autochk /m /P \Device\HarddiskVolume8autocheck autochk *
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://microsoft.com/update
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF60AC7F6CB2FCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
========================== Services (Whitelisted) =================
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [805032 2011-09-22] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2013-04-21] (Acronis)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-19] (Avira Operations GmbH & Co. KG)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft)
S3 EFS; C:\Windows\system32\efssvc.dll [27136 2012-07-26] ()
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [73528 2009-07-28] (AVM Berlin)
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [167464 2013-03-27] (Juniper Networks, Inc.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S3 StorSvc; C:\Windows\system32\storsvc.dll [18432 2012-07-26] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14480 2013-07-02] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R3 ALCXWDM; C:\Windows\system32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [136672 2013-09-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [37352 2013-04-02] (Avira Operations GmbH & Co. KG)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
R3 FETNDIS; C:\Windows\system32\DRIVERS\fetn63.sys [54928 2012-07-06] (VIA Technologies, Inc. )
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-10-12] (Malwarebytes Corporation)
R1 NEOFLTR_730_22751; C:\WINDOWS\system32\Drivers\NEOFLTR_730_22751.SYS [91824 2012-11-23] (Juniper Networks)
S3 OM518P; C:\Windows\System32\Drivers\om518vid.sys [183080 2001-10-09] (OmniVision Technologies, Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
R1 ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [28520 2013-03-17] (Avira GmbH)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 catchme; \??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys [x]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [x]
S3 usbbus; \SystemRoot\System32\drivers\lgusbbus.sys [x]
S3 UsbDiag; \SystemRoot\system32\DRIVERS\lgusbdiag.sys [x]
S3 USBModem; \SystemRoot\system32\DRIVERS\lgusbmodem.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-14 00:17 - 2013-10-14 00:17 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-14 00:17 - 2013-10-14 00:17 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-14 00:17 - 2013-10-14 00:17 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-14 00:17 - 2013-10-14 00:17 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-14 00:17 - 2013-10-14 00:17 - 00000000 ____D C:\ProgramData\Oracle
2013-10-14 00:17 - 2013-10-14 00:17 - 00000000 ____D C:\Program Files\Java
2013-10-14 00:17 - 2013-10-14 00:17 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-13 23:59 - 2013-10-14 00:20 - 00000760 _____ C:\Users\Administrator\Desktop\SecurityCheck.txt
2013-10-13 23:19 - 2013-10-13 23:19 - 00891167 _____ C:\Users\Administrator\Desktop\9. SecurityCheck.exe
2013-10-13 23:13 - 2013-10-13 23:14 - 00000708 _____ C:\Users\Administrator\Desktop\ESET.txt
2013-10-13 19:56 - 2013-10-13 19:57 - 02347384 _____ (ESET) C:\Users\Administrator\Desktop\8. esetsmartinstaller_enu.exe
2013-10-12 21:41 - 2013-10-12 21:41 - 00060225 _____ C:\Users\Administrator\Desktop\RKreport[0]_D_10122013_214114.txt
2013-10-12 21:41 - 2013-10-12 21:41 - 00060153 _____ C:\Users\Administrator\Desktop\RKreport[0]_S_10122013_214101.txt
2013-10-12 21:41 - 2013-10-12 21:41 - 00001066 _____ C:\Users\Administrator\Desktop\RKreport[0]_H_10122013_214107.txt
2013-10-12 21:41 - 2013-10-12 21:41 - 00000969 _____ C:\Users\Administrator\Desktop\RKreport[0]_PR_10122013_214110.txt
2013-10-12 21:37 - 2013-10-12 21:37 - 00060501 _____ C:\Users\Administrator\Desktop\RKreport[0]_D_10122013_213737.txt
2013-10-12 21:37 - 2013-10-12 21:37 - 00060456 _____ C:\Users\Administrator\Desktop\RKreport[0]_S_10122013_213723.txt
2013-10-12 21:37 - 2013-10-12 21:37 - 00000978 _____ C:\Users\Administrator\Desktop\RKreport[0]_H_10122013_213743.txt
2013-10-12 21:37 - 2013-10-12 21:37 - 00000899 _____ C:\Users\Administrator\Desktop\RKreport[0]_PR_10122013_213747.txt
2013-10-12 21:32 - 2013-10-12 21:41 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
2013-10-12 21:32 - 2013-10-12 21:39 - 00000000 ____D C:\Users\Administrator\Desktop\RogueKiller_8.7.2
2013-10-12 20:21 - 2013-10-14 00:11 - 00015575 _____ C:\Users\Administrator\Desktop\Addition.txt
2013-10-12 20:16 - 2013-10-12 20:16 - 00000624 _____ C:\Users\Administrator\Desktop\JRT.txt
2013-10-12 20:10 - 2013-10-12 20:10 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-12 20:04 - 2013-10-12 20:10 - 00001145 _____ C:\Users\Administrator\Desktop\AdwCleaner.txt
2013-10-12 13:54 - 2013-10-12 13:54 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2013-10-12 13:54 - 2013-10-12 13:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-10-12 13:53 - 2013-10-12 13:53 - 00001073 _____ C:\Users\Public\Desktop\5. Malwarebytes Anti-Malware .lnk
2013-10-12 13:53 - 2013-10-12 13:53 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-12 13:53 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-10-12 10:48 - 2013-10-12 10:48 - 01032220 _____ (Thisisu) C:\Users\Administrator\Desktop\7. JRT.exe
2013-10-12 10:47 - 2013-10-12 10:47 - 01048960 _____ C:\Users\Administrator\Desktop\adwcleaner.exe
2013-10-11 13:55 - 2013-10-11 13:55 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Brother
2013-10-11 11:05 - 2013-10-11 11:05 - 00024728 _____ C:\ComboFix.txt
2013-10-11 10:38 - 2013-10-11 11:05 - 00000000 ____D C:\Qoobox
2013-10-11 10:38 - 2011-06-26 08:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-10-11 10:38 - 2010-11-07 19:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-10-11 10:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-10-11 10:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-10-11 10:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-10-11 10:38 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-10-11 10:38 - 2000-08-31 02:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-10-11 10:38 - 2000-08-31 02:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-10-11 10:38 - 2000-08-31 02:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-10-11 10:37 - 2013-10-11 11:03 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-11 10:37 - 2013-10-11 10:37 - 05131844 ____R (Swearware) C:\Users\Administrator\Desktop\4. ComboFix.exe
2013-10-11 00:07 - 2013-10-11 00:07 - 00004327 _____ C:\Users\Administrator\Desktop\GMER.txt
2013-10-10 18:55 - 2013-10-10 18:55 - 00000488 _____ C:\Users\Administrator\Desktop\defogger_disable.log
2013-10-10 18:55 - 2013-10-10 18:55 - 00000000 _____ C:\Users\Administrator\defogger_reenable
2013-10-10 18:54 - 2013-10-10 18:54 - 00000000 ____D C:\FRST
2013-10-10 18:47 - 2013-10-10 18:47 - 00377856 _____ C:\Users\Administrator\Desktop\3. gmer_2.1.19163.exe
2013-10-10 18:45 - 2013-10-10 18:45 - 01087213 _____ (Farbar) C:\Users\Administrator\Desktop\2. FRST.exe
2013-10-10 18:36 - 2013-10-10 18:36 - 00050477 _____ C:\Users\Administrator\Desktop\1. Defogger.exe
2013-10-10 18:18 - 2013-10-13 23:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\FreePDF_XP
2013-10-10 17:41 - 2013-10-11 15:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2013-10-10 17:41 - 2013-10-10 17:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\OpenOffice
2013-10-10 10:00 - 2013-10-10 10:00 - 00000493 _____ C:\Users\Administrator\Desktop\Windows Update.lnk
2013-10-09 19:43 - 2013-10-09 19:43 - 00310416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-09 18:59 - 2013-09-14 00:58 - 00052656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-10-09 18:59 - 2013-09-14 00:36 - 02600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2013-10-09 18:59 - 2013-09-14 00:36 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2013-10-09 18:59 - 2013-08-30 02:44 - 00054104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2013-10-09 18:59 - 2013-08-30 01:48 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2013-10-09 18:59 - 2013-08-21 06:28 - 00407384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2013-10-09 18:59 - 2013-08-10 07:24 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2013-10-09 18:59 - 2013-08-10 05:58 - 00656896 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2013-10-09 18:59 - 2013-07-25 01:10 - 10799104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2013-10-09 18:59 - 2013-07-12 03:30 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2013-10-09 18:10 - 2013-07-09 04:50 - 00085760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys
2013-10-09 18:09 - 2013-07-20 00:13 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 18:09 - 2013-07-02 00:15 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbscan.sys
2013-10-09 18:09 - 2013-07-02 00:15 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys
2013-10-09 18:09 - 2013-06-29 04:32 - 00026496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2013-10-09 18:09 - 2013-06-29 04:31 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2013-10-05 13:50 - 2013-10-05 13:50 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\AVG
2013-10-05 13:42 - 2013-10-05 13:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVG
2013-10-05 13:41 - 2013-10-05 13:43 - 00000000 ____D C:\ProgramData\AVG
2013-10-05 13:41 - 2013-10-05 13:41 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-10-03 23:44 - 2013-10-05 13:43 - 00000285 _____ C:\Users\Carsten\AppData\Roaming\GPU MeterV2_Settings.ini
2013-10-03 23:43 - 2013-10-03 23:45 - 00000579 _____ C:\Users\Carsten\AppData\Roaming\All CPU MeterV3_Settings.ini
2013-10-03 23:01 - 2013-10-03 23:01 - 00000000 ____D C:\Users\Carsten\AppData\Local\Clipboarder
2013-10-03 22:59 - 2013-10-03 23:02 - 00000000 ____D C:\Users\Carsten\AppData\Local\Sidebar7
2013-10-03 10:58 - 2012-07-26 06:17 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20131003-105802.backup
2013-10-03 10:02 - 2013-10-03 10:02 - 98878632 _____ C:\WINDOWS\system32\쏮Lī
2013-10-03 09:54 - 2013-10-03 09:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-03 09:53 - 2013-10-03 11:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-03 09:43 - 2013-10-12 20:09 - 00000000 ____D C:\AdwCleaner
2013-09-28 10:06 - 2013-09-28 10:06 - 98372650 _____ C:\WINDOWS\system32\걕ⱅL„
2013-09-25 10:34 - 2012-07-26 06:17 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20130925-103431.backup
2013-09-25 10:18 - 2013-09-25 10:18 - 97673008 _____ C:\WINDOWS\system32\堷Lp
2013-09-25 09:30 - 2013-09-25 09:30 - 00001151 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk
2013-09-25 09:30 - 2013-09-25 09:30 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\FreeFLVConverter
2013-09-25 08:56 - 2013-09-25 23:27 - 00000000 ____D C:\Users\Carsten\AppData\Local\CrashDumps
2013-09-25 08:55 - 2013-09-25 08:55 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\DivX
2013-09-24 21:32 - 2013-09-25 10:26 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2013-09-24 14:37 - 2013-10-09 19:20 - 00004525 _____ C:\WINDOWS\wininit.ini
2013-09-23 22:38 - 2013-09-23 22:48 - 00001030 _____ C:\LGITK.LOG
2013-09-22 09:41 - 2013-09-22 09:41 - 98547399 _____ C:\WINDOWS\system32\鬖銈LĖ
2013-09-21 12:24 - 2013-10-13 23:41 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-21 12:24 - 2013-10-13 23:29 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-21 12:24 - 2013-09-21 12:25 - 00000000 ____D C:\Program Files\Google
2013-09-21 09:38 - 2013-09-21 09:38 - 98498750 _____ C:\WINDOWS\system32\狗ᵙLŒ
2013-09-20 12:31 - 2013-09-20 12:31 - 98467286 _____ C:\WINDOWS\system32\≭ᶴLĬ
2013-09-19 10:10 - 2013-09-19 01:26 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-19 10:10 - 2013-09-19 01:26 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-19 09:38 - 2013-08-16 01:59 - 02156392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2013-09-19 09:38 - 2013-08-16 01:21 - 00051544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2013-09-19 09:38 - 2013-08-16 01:08 - 00199872 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
2013-09-19 09:38 - 2013-08-16 00:43 - 03831808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2013-09-19 09:38 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00083968 _____ C:\WINDOWS\system32\OEMLicense.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2013-09-19 09:38 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2013-09-19 09:38 - 2013-08-16 00:42 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2013-09-19 09:38 - 2013-08-16 00:42 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2013-09-19 09:38 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2013-09-19 09:38 - 2013-08-16 00:42 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2013-09-19 09:38 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcln.dll
2013-09-19 09:37 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-09-19 09:37 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-09-19 09:37 - 2013-08-21 04:06 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-09-19 09:37 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2013-09-19 09:37 - 2013-08-03 06:17 - 03390464 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-09-19 09:36 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2013-09-19 09:36 - 2013-08-21 04:06 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-09-19 09:36 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2013-09-19 09:36 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-09-19 09:36 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2013-09-19 09:36 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
==================== One Month Modified Files and Folders =======
2013-10-14 00:22 - 2013-03-17 17:46 - 06811296 _____ C:\Users\Administrator\DesktopStCenter.txt
2013-10-14 00:20 - 2013-10-13 23:59 - 00000760 _____ C:\Users\Administrator\Desktop\SecurityCheck.txt
2013-10-14 00:20 - 2013-03-17 09:41 - 01366241 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-14 00:17 - 2013-10-14 00:17 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-14 00:17 - 2013-10-14 00:17 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-14 00:17 - 2013-10-14 00:17 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-14 00:17 - 2013-10-14 00:17 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-14 00:17 - 2013-10-14 00:17 - 00000000 ____D C:\ProgramData\Oracle
2013-10-14 00:17 - 2013-10-14 00:17 - 00000000 ____D C:\Program Files\Java
2013-10-14 00:17 - 2013-10-14 00:17 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-14 00:17 - 2013-03-18 15:31 - 00868264 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll
2013-10-14 00:17 - 2013-03-18 15:31 - 00790440 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2013-10-14 00:11 - 2013-10-12 20:21 - 00015575 _____ C:\Users\Administrator\Desktop\Addition.txt
2013-10-14 00:03 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\sru
2013-10-13 23:50 - 2013-03-17 19:56 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-13 23:45 - 2013-03-17 09:43 - 01745416 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-13 23:41 - 2013-10-10 18:18 - 00000000 ____D C:\Users\Administrator\AppData\Local\FreePDF_XP
2013-10-13 23:41 - 2013-09-21 12:24 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-13 23:36 - 2012-07-26 08:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-13 23:31 - 2013-03-17 09:23 - 00032436 _____ C:\WINDOWS\PFRO.log
2013-10-13 23:29 - 2013-09-21 12:24 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-13 23:19 - 2013-10-13 23:19 - 00891167 _____ C:\Users\Administrator\Desktop\9. SecurityCheck.exe
2013-10-13 23:14 - 2013-10-13 23:13 - 00000708 _____ C:\Users\Administrator\Desktop\ESET.txt
2013-10-13 19:57 - 2013-10-13 19:56 - 02347384 _____ (ESET) C:\Users\Administrator\Desktop\8. esetsmartinstaller_enu.exe
2013-10-13 09:03 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-10-12 21:41 - 2013-10-12 21:41 - 00060225 _____ C:\Users\Administrator\Desktop\RKreport[0]_D_10122013_214114.txt
2013-10-12 21:41 - 2013-10-12 21:41 - 00060153 _____ C:\Users\Administrator\Desktop\RKreport[0]_S_10122013_214101.txt
2013-10-12 21:41 - 2013-10-12 21:41 - 00001066 _____ C:\Users\Administrator\Desktop\RKreport[0]_H_10122013_214107.txt
2013-10-12 21:41 - 2013-10-12 21:41 - 00000969 _____ C:\Users\Administrator\Desktop\RKreport[0]_PR_10122013_214110.txt
2013-10-12 21:41 - 2013-10-12 21:32 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
2013-10-12 21:39 - 2013-10-12 21:32 - 00000000 ____D C:\Users\Administrator\Desktop\RogueKiller_8.7.2
2013-10-12 21:37 - 2013-10-12 21:37 - 00060501 _____ C:\Users\Administrator\Desktop\RKreport[0]_D_10122013_213737.txt
2013-10-12 21:37 - 2013-10-12 21:37 - 00060456 _____ C:\Users\Administrator\Desktop\RKreport[0]_S_10122013_213723.txt
2013-10-12 21:37 - 2013-10-12 21:37 - 00000978 _____ C:\Users\Administrator\Desktop\RKreport[0]_H_10122013_213743.txt
2013-10-12 21:37 - 2013-10-12 21:37 - 00000899 _____ C:\Users\Administrator\Desktop\RKreport[0]_PR_10122013_213747.txt
2013-10-12 20:16 - 2013-10-12 20:16 - 00000624 _____ C:\Users\Administrator\Desktop\JRT.txt
2013-10-12 20:10 - 2013-10-12 20:10 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-12 20:10 - 2013-10-12 20:04 - 00001145 _____ C:\Users\Administrator\Desktop\AdwCleaner.txt
2013-10-12 20:09 - 2013-10-03 09:43 - 00000000 ____D C:\AdwCleaner
2013-10-12 19:44 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-12 13:54 - 2013-10-12 13:54 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2013-10-12 13:54 - 2013-10-12 13:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-10-12 13:53 - 2013-10-12 13:53 - 00001073 _____ C:\Users\Public\Desktop\5. Malwarebytes Anti-Malware .lnk
2013-10-12 13:53 - 2013-10-12 13:53 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-12 10:56 - 2013-03-17 17:46 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\FRITZ!
2013-10-12 10:48 - 2013-10-12 10:48 - 01032220 _____ (Thisisu) C:\Users\Administrator\Desktop\7. JRT.exe
2013-10-12 10:47 - 2013-10-12 10:47 - 01048960 _____ C:\Users\Administrator\Desktop\adwcleaner.exe
2013-10-11 15:14 - 2013-10-10 17:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2013-10-11 13:55 - 2013-10-11 13:55 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Brother
2013-10-11 11:05 - 2013-10-11 11:05 - 00024728 _____ C:\ComboFix.txt
2013-10-11 11:05 - 2013-10-11 10:38 - 00000000 ____D C:\Qoobox
2013-10-11 11:05 - 2013-03-17 09:31 - 00000000 ____D C:\Users\Admin
2013-10-11 11:05 - 2012-07-26 06:43 - 00000000 __RHD C:\Users\Default
2013-10-11 11:05 - 2012-07-26 06:43 - 00000000 ___RD C:\Users\Public
2013-10-11 11:03 - 2013-10-11 10:37 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-11 11:02 - 2012-07-26 06:17 - 00000215 _____ C:\WINDOWS\system.ini
2013-10-11 10:37 - 2013-10-11 10:37 - 05131844 ____R (Swearware) C:\Users\Administrator\Desktop\4. ComboFix.exe
2013-10-11 09:01 - 2012-07-26 06:17 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2013-10-11 00:07 - 2013-10-11 00:07 - 00004327 _____ C:\Users\Administrator\Desktop\GMER.txt
2013-10-10 19:11 - 2013-07-27 09:37 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-10-10 18:55 - 2013-10-10 18:55 - 00000488 _____ C:\Users\Administrator\Desktop\defogger_disable.log
2013-10-10 18:55 - 2013-10-10 18:55 - 00000000 _____ C:\Users\Administrator\defogger_reenable
2013-10-10 18:55 - 2013-03-17 16:47 - 00000000 ____D C:\Users\Administrator
2013-10-10 18:54 - 2013-10-10 18:54 - 00000000 ____D C:\FRST
2013-10-10 18:47 - 2013-10-10 18:47 - 00377856 _____ C:\Users\Administrator\Desktop\3. gmer_2.1.19163.exe
2013-10-10 18:45 - 2013-10-10 18:45 - 01087213 _____ (Farbar) C:\Users\Administrator\Desktop\2. FRST.exe
2013-10-10 18:36 - 2013-10-10 18:36 - 00050477 _____ C:\Users\Administrator\Desktop\1. Defogger.exe
2013-10-10 17:59 - 2013-03-17 13:36 - 00000000 ____D C:\Program Files\Opera
2013-10-10 17:41 - 2013-10-10 17:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\OpenOffice
2013-10-10 16:06 - 2011-01-30 21:32 - 21702718 _____ C:\Users\Carsten\DesktopStCenter.txt
2013-10-10 13:54 - 2013-04-03 14:36 - 00000000 ____D C:\Users\Carsten\AppData\Local\FreePDF_XP
2013-10-10 10:00 - 2013-10-10 10:00 - 00000493 _____ C:\Users\Administrator\Desktop\Windows Update.lnk
2013-10-09 20:19 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\rescache
2013-10-09 19:43 - 2013-10-09 19:43 - 00310416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-09 19:43 - 2013-07-15 15:38 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-10-09 19:20 - 2013-09-24 14:37 - 00004525 _____ C:\WINDOWS\wininit.ini
2013-10-09 19:03 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\WinStore
2013-10-09 18:15 - 2013-07-11 16:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-09 18:11 - 2013-03-17 15:10 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-06 23:01 - 2013-04-22 02:22 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\vlc
2013-10-05 13:50 - 2013-10-05 13:50 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\AVG
2013-10-05 13:43 - 2013-10-05 13:41 - 00000000 ____D C:\ProgramData\AVG
2013-10-05 13:43 - 2013-10-03 23:44 - 00000285 _____ C:\Users\Carsten\AppData\Roaming\GPU MeterV2_Settings.ini
2013-10-05 13:42 - 2013-10-05 13:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVG
2013-10-05 13:41 - 2013-10-05 13:41 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-10-04 02:10 - 2013-08-20 14:53 - 00000000 ____D C:\WINDOWS\Minidump
2013-10-04 02:01 - 2013-08-19 18:12 - 00000000 ____D C:\Program Files\SpeedFan
2013-10-03 23:45 - 2013-10-03 23:43 - 00000579 _____ C:\Users\Carsten\AppData\Roaming\All CPU MeterV3_Settings.ini
2013-10-03 23:02 - 2013-10-03 22:59 - 00000000 ____D C:\Users\Carsten\AppData\Local\Sidebar7
2013-10-03 23:01 - 2013-10-03 23:01 - 00000000 ____D C:\Users\Carsten\AppData\Local\Clipboarder
2013-10-03 22:57 - 2012-07-26 08:53 - 00000000 ___SD C:\Program Files\Windows Sidebar
2013-10-03 11:06 - 2013-10-03 09:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-03 10:53 - 2005-09-20 08:33 - 00000245 ___SH C:\boot.ini
2013-10-03 10:02 - 2013-10-03 10:02 - 98878632 _____ C:\WINDOWS\system32\쏮Lī
2013-10-03 09:54 - 2013-10-03 09:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-28 10:06 - 2013-09-28 10:06 - 98372650 _____ C:\WINDOWS\system32\걕ⱅL„
2013-09-26 19:22 - 2013-08-07 16:03 - 00000000 ____D C:\Program Files\iTunes
2013-09-26 19:20 - 2013-08-07 16:00 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-26 19:15 - 2013-08-18 11:49 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-25 23:27 - 2013-09-25 08:56 - 00000000 ____D C:\Users\Carsten\AppData\Local\CrashDumps
2013-09-25 10:26 - 2013-09-24 21:32 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2013-09-25 10:26 - 2013-08-20 14:27 - 00000000 ____D C:\ProgramData\DivX
2013-09-25 10:25 - 2013-08-04 14:30 - 00000000 ____D C:\Program Files\Free FLV Converter
2013-09-25 10:18 - 2013-09-25 10:18 - 97673008 _____ C:\WINDOWS\system32\堷Lp
2013-09-25 09:30 - 2013-09-25 09:30 - 00001151 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk
2013-09-25 09:30 - 2013-09-25 09:30 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\FreeFLVConverter
2013-09-25 09:21 - 2013-06-09 18:51 - 00009728 _____ C:\Users\Carsten\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-25 08:55 - 2013-09-25 08:55 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\DivX
2013-09-23 22:48 - 2013-09-23 22:38 - 00001030 _____ C:\LGITK.LOG
2013-09-22 09:41 - 2013-09-22 09:41 - 98547399 _____ C:\WINDOWS\system32\鬖銈LĖ
2013-09-21 18:44 - 2013-03-18 16:07 - 00000000 ____D C:\Program Files\GMX SMS-MMS-Manager
2013-09-21 12:25 - 2013-09-21 12:24 - 00000000 ____D C:\Program Files\Google
2013-09-21 12:23 - 2013-08-04 14:41 - 00000000 ____D C:\Users\Carsten\AppData\Local\Google
2013-09-21 09:38 - 2013-09-21 09:38 - 98498750 _____ C:\WINDOWS\system32\狗ᵙLŒ
2013-09-20 12:31 - 2013-09-20 12:31 - 98467286 _____ C:\WINDOWS\system32\≭ᶴLĬ
2013-09-19 16:07 - 2011-01-30 21:51 - 00000000 ____D C:\Users\Carsten\Documents\Daten und Korrespondenz
2013-09-19 10:50 - 2013-03-18 16:07 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-09-19 10:16 - 2013-05-06 13:41 - 00065632 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2013-09-19 10:16 - 2013-03-17 11:29 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-09-19 10:16 - 2013-03-17 11:29 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-09-19 10:04 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\de-DE
2013-09-19 01:26 - 2013-09-19 10:10 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-19 01:26 - 2013-09-19 10:10 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-14 00:58 - 2013-10-09 18:59 - 00052656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-09-14 00:36 - 2013-10-09 18:59 - 02600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2013-09-14 00:36 - 2013-10-09 18:59 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\AskSLib.dll
C:\Users\Administrator\AppData\Local\Temp\ntdll_dump.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-10 21:09
==================== End Of Log ============================
FRST Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by Administrator at 2013-10-14 00:22:32
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
7-Zip 9.20
8GadgetPack (Version: 6.0.0)
Acronis*True*Image*Home 2011 (Version: 14.0.6942)
Adobe AIR (Version: 3.8.0.1430)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Shockwave Player 12.0 (Version: 12.0.4.144)
Aspirin® Complex Screenmate (Version: 1.00.0004)
Avira Free Antivirus (Version: 13.0.0.4052)
AVM FRITZ!DSL (Version: 2.04.03)
Brother MFL-Pro Suite DCP-195C (Version: 2.0.0.0)
CDBurnerXP (Version: 4.5.2.4214)
Classic Shell (Version: 3.6.8)
ClipGrab 3.2.1.2
CPUID CPU-Z 1.63.0
DVD Flick 1.3.0.7 (Version: 1.3.0.7)
FreePDF (Remove only)
GMX ProfiFax (Version: 2.00.236)
GMX SMS-Manager (Version: 3.2.4)
Google Earth Plug-in (Version: 7.1.1.1888)
GPL Ghostscript (Version: 9.04)
ImgBurn (Version: 2.5.5.0)
IrfanView (remove only) (Version: 4.36)
Java 7 Update 40 (Version: 7.0.400)
Java Auto Updater (Version: 2.1.9.8)
Juniper Networks Junos Pulse Collaboration 7.4.0 (HKCU Version: 7.4.0.24401)
Juniper Networks Secure Application Manager (Version: 7.3.0.22751)
Juniper Networks, Inc. Setup Client (HKCU Version: 7.4.2.34169)
Junos Pulse Collaboration 7.4.0 (Version: 7.4.24401)
Junos Pulse Collaboration 7.4.0 Admin (Version: 7.4.24401)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
NVIDIA Grafiktreiber 307.74 (Version: 307.74)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Systemsteuerung 307.74 (Version: 307.74)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
OpenOffice 4.0.0 (Version: 4.00.9702)
Opera 12.16 (Version: 12.16.1860)
Pazera Free FLV to AVI Converter 1.7 (Version: 1.7)
PDF-Viewer (Version: 2.5.210.0)
Realtek AC'97 Audio
RedMon - Redirection Port Monitor
Secunia PSI (3.0.0.7011) (Version: 3.0.0.7011)
Skype™ 6.3 (Version: 6.3.105)
SpeedFan (remove only)
Steuer 2012 (Version: 20.00.8137)
swMSM (Version: 12.0.0.1)
TerraCam USB Pro (Version: 2.0.0.0000)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VirtualCloneDrive
VLC media player 2.1.0 (Version: 2.1.0)
WinDirStat 1.1.2
==================== Restore Points =========================
26-09-2013 17:08:54 Removed iTunes
03-10-2013 20:54:58 Installed 8GadgetPack
09-10-2013 15:36:43 AVG PC TuneUp wird entfernt
11-10-2013 08:38:57 ComboFix created restore point
13-10-2013 21:54:52 Installed Java 7 Update 40
==================== Hosts content: ==========================
2012-07-26 06:17 - 2013-10-12 21:41 - 00000741 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {5777FF50-C75D-4481-8459-F92A1D9E9092} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {71976875-B46F-46DA-A24E-89D46835231D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-21] (Google Inc.)
Task: {74E1D25E-042F-4B6E-B425-89D539C8377E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {ADD07284-0D43-42AB-BFCB-DF4633902ADE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-21] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-03-18 18:38 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2009-02-04 13:08 - 2009-02-04 13:08 - 00207872 _____ () C:\Program Files\FRITZ!DSL\C90dll.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: TerraCam USB Pro
Description: TerraCam USB Pro
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: OVT
Service: OM518P
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/13/2013 11:35:12 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IGDCTRL.EXE, Version: 3.9.11.2001, Zeitstempel: 0x4a6f013d
Name des fehlerhaften Moduls: upnpapicli.dll, Version: 4.0.104.2001, Zeitstempel: 0x4a6f0122
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018138
ID des fehlerhaften Prozesses: 0x714
Startzeit der fehlerhaften Anwendung: 0xIGDCTRL.EXE0
Pfad der fehlerhaften Anwendung: IGDCTRL.EXE1
Pfad des fehlerhaften Moduls: IGDCTRL.EXE2
Berichtskennung: IGDCTRL.EXE3
Vollständiger Name des fehlerhaften Pakets: IGDCTRL.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IGDCTRL.EXE5
Error: (10/13/2013 11:29:19 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi
Error: (10/13/2013 10:29:41 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi
Error: (10/13/2013 09:30:01 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi
Error: (10/13/2013 08:30:02 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi
Error: (10/13/2013 07:58:53 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: afcdpsrv.exe, Version: 1.0.0.3582, Zeitstempel: 0x4ce554b7
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x002d0064
ID des fehlerhaften Prozesses: 0x40c
Startzeit der fehlerhaften Anwendung: 0xafcdpsrv.exe0
Pfad der fehlerhaften Anwendung: afcdpsrv.exe1
Pfad des fehlerhaften Moduls: afcdpsrv.exe2
Berichtskennung: afcdpsrv.exe3
Vollständiger Name des fehlerhaften Pakets: afcdpsrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: afcdpsrv.exe5
Error: (10/12/2013 11:29:02 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi
Error: (10/12/2013 10:29:15 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi
Error: (10/12/2013 09:29:09 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi
Error: (10/12/2013 08:29:55 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi
System errors:
=============
Error: (10/13/2013 11:51:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0xe0000100 fehlgeschlagen: Sicherheitsupdate für Windows 8 (KB2862330)
Error: (10/13/2013 11:40:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1070
Error: (10/13/2013 11:40:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SSDP-Suche" wurde nicht richtig gestartet.
Error: (10/13/2013 11:39:54 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde nicht richtig gestartet.
Error: (10/13/2013 11:39:18 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
Error: (10/13/2013 11:36:42 PM) (Source: Microsoft-Windows-Ntfs) (User: NT-AUTORITÄT)
Description: G:\Device\HarddiskVolume43
Error: (10/13/2013 11:36:33 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT)
Description: Einige Features zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error: (10/13/2013 11:34:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1070
Error: (10/13/2013 11:34:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SSDP-Suche" wurde nicht richtig gestartet.
Error: (10/13/2013 11:34:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde nicht richtig gestartet.
Microsoft Office Sessions:
=========================
Error: (10/13/2013 11:35:12 PM) (Source: Application Error)(User: )
Description: IGDCTRL.EXE3.9.11.20014a6f013dupnpapicli.dll4.0.104.20014a6f0122c00000050001813871401cec85b939fa72eC:\Program Files\FRITZ!DSL\IGDCTRL.EXEC:\Program Files\FRITZ!DSL\upnpapicli.dll5706008c-344f-11e3-b03e-0011d8883bcc
Error: (10/13/2013 11:29:19 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (10/13/2013 10:29:41 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (10/13/2013 09:30:01 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (10/13/2013 08:30:02 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (10/13/2013 07:58:53 PM) (Source: Application Error)(User: )
Description: afcdpsrv.exe1.0.0.35824ce554b7unknown0.0.0.000000000c0000005002d006440c01cec7dea144e0fdC:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exeunknown1e7339d8-3431-11e3-b03d-0011d8883bcc
Error: (10/12/2013 11:29:02 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (10/12/2013 10:29:15 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (10/12/2013 09:29:09 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (10/12/2013 08:29:55 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)
==================== Memory info ===========================
Percentage of memory in use: 60%
Total physical RAM: 1534.8 MB
Available physical RAM: 600.34 MB
Total Pagefile: 3068.8 MB
Available Pagefile: 1809.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.76 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:149.05 GB) (Free:45.37 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Sicherung Eigene Dokumente) (Fixed) (Total:76.33 GB) (Free:14.31 GB) NTFS
Drive y: (Systemauslagerung) (Fixed) (Total:14.33 GB) (Free:12.71 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 4494C9E0)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 76 GB) (Disk ID: B9974D25)
Partition 1: (Not Active) - (Size=76 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 14 GB) (Disk ID: 4C77EA61)
Partition 1: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Probleme: 1.) MS-Updates werden nicht konfiguriert. 2.) Im Wartungscenter werden Laufwerksfehler angegeben, die nicht behoben werden können. 3.) Lw C kann nicht zur Fehlerüberprüfung oder Defragmentierung angezeigt werden. Gruß Carsten Geändert von Carsten1502 (13.10.2013 um 23:25 Uhr) |
|
14.10.2013, 13:52
| #10 |
| /// the machine /// TB-Ausbilder | Windows 8: Rechner langsam, CPU fast immer 100%, Laufwerkfehler (lassen sich nicht korrigieren), Windowsupdates werden nicht installiert Downloade dir bitte Windows Repair (All In One) von hier.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.10.2013, 17:20
| #11 |
| | Windows 8: Rechner langsam, CPU fast immer 100%, Laufwerkfehler (lassen sich nicht korrigieren), Windowsupdates werden nicht installiert So, hab, das Tool zweimal laufen lassen, die Logdatei soll unter windir\logs\CBS\CBS.log zu finden sein - kann den Pfad aber nicht finden :-/ Windowsupdates werden noch immer nicht konfiguriert... :-/ Gruß Carsten |
|
17.10.2013, 08:45
| #12 |
| /// the machine /// TB-Ausbilder | Windows 8: Rechner langsam, CPU fast immer 100%, Laufwerkfehler (lassen sich nicht korrigieren), Windowsupdates werden nicht installiert Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier. gibt es ne Fehlermeldung mit Code?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.10.2013, 14:04
| #13 |
| | Windows 8: Rechner langsam, CPU fast immer 100%, Laufwerkfehler (lassen sich nicht korrigieren), Windowsupdates werden nicht installiert Hier der FFS Scan-Log: Code:
ATTFilter Farbar Service Scanner Version: 13-09-2013
Ran by Administrator (administrator) on 18-10-2013 at 15:01:20
Running from "C:\Users\Administrator\Desktop"
Microsoft Windows 8 Pro (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuaueng.dll".
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\WINDOWS\system32\nsisvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\WINDOWS\system32\dhcpcore.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tdx.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys
[2013-10-09 17:37] - [2013-08-01 10:45] - 1800536 ____A (Microsoft Corporation) 215C4A9488DD9828891B4E61BD5EC247
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\mpssvc.dll => MD5 is legit
C:\WINDOWS\system32\bfe.dll
[2013-08-22 21:44] - [2013-06-10 21:10] - 0473600 ____A (Microsoft Corporation) 477B2727053EBB09082445AC53E59630
C:\WINDOWS\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\WINDOWS\system32\SDRSVC.dll => MD5 is legit
C:\WINDOWS\system32\vssvc.exe => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuaueng.dll
[2013-10-09 18:59] - [2013-09-14 00:36] - 2600448 ____A (Microsoft Corporation) 573BD441AEC2E65AED26D4F2F54DEB92
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\iphlpsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
**** End of log ****
Eine Fehlermeldung wird nicht angezeigt. |
|
18.10.2013, 18:28
| #14 |
| /// the machine /// TB-Ausbilder | Windows 8: Rechner langsam, CPU fast immer 100%, Laufwerkfehler (lassen sich nicht korrigieren), Windowsupdates werden nicht installiert http://download.bleepingcomputer.com...8/wuauserv.reg laden und auf dem Desktop speichern. Rechtsklick als Admin laufen lassen, erlauben. Frisches FSS log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.10.2013, 10:08
| #15 |
| | Windows 8: Rechner langsam, CPU fast immer 100%, Laufwerkfehler (lassen sich nicht korrigieren), Windowsupdates werden nicht installiert OK... FFS-Log: Code:
ATTFilter Farbar Service Scanner Version: 13-09-2013
Ran by Administrator (administrator) on 19-10-2013 at 11:06:21
Running from "C:\Users\Administrator\Desktop"
Microsoft Windows 8 Pro (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\WINDOWS\system32\nsisvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\WINDOWS\system32\dhcpcore.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tdx.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys
[2013-10-09 17:37] - [2013-08-01 10:45] - 1800536 ____A (Microsoft Corporation) 215C4A9488DD9828891B4E61BD5EC247
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\mpssvc.dll => MD5 is legit
C:\WINDOWS\system32\bfe.dll
[2013-08-22 21:44] - [2013-06-10 21:10] - 0473600 ____A (Microsoft Corporation) 477B2727053EBB09082445AC53E59630
C:\WINDOWS\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\WINDOWS\system32\SDRSVC.dll => MD5 is legit
C:\WINDOWS\system32\vssvc.exe => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuaueng.dll
[2013-10-09 18:59] - [2013-09-14 00:36] - 2600448 ____A (Microsoft Corporation) 573BD441AEC2E65AED26D4F2F54DEB92
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\iphlpsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
**** End of log ****
Gruß Carsten |
|
| Themen zu Windows 8: Rechner langsam, CPU fast immer 100%, Laufwerkfehler (lassen sich nicht korrigieren), Windowsupdates werden nicht installiert |
| 100%, angezeigt, anhang, anleitung, bedenklich, befolgt, beheben, bereits, board, cpu, darstellung, ellung, formatiere, formatieren, installier, installiert, langsam, laufwerk c, leitung, nicht installiert, probleme, rechner, rechner langsam, titel, updates, windows, windowsupdates |
Linear-Darstellung
