![]() |
|
Log-Analyse und Auswertung: Rechner viel langsamer, stürzt häufig abWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Rechner viel langsamer, stürzt häufig ab hallo, - habe ws vista, avast antivirus und google chrome - rechner ist letzte tage viel langsamer geworden und chrome friert bald den cursor ein, dann ist jede taste ohne reaktion, habe eindruck, das bald nix mehr geht - bei anwendung von GMER ist mehrmals das gleiche passiert - defogger hat auf schwarzer fläche nix angezeigt - frst 32bit ergebnisse sende ich hier - avast ergebisse lassen kein kopieren zu; da steht: einige dateien können nicht überprüft werden; bei status: fehler: archiv ist kennwortgeschützt vielen dank , bis bald Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-07-2014 Ran by tm (administrator) on TM-PC on 20-07-2014 20:45:29 Running from C:\Users\tm\Downloads Platform: Microsoft® Windows Vista™ Home Premium (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 7 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\System32\audiodg.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Agere Systems) C:\Windows\System32\agrsmsvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files\CyberLink\Shared Files\RichVideo.exe () C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe () C:\Program Files\Samsung\Samsung Recovery Solution II\WCScheduler.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe (Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe () C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (FUJIFILM Corporation) C:\Program Files\FinePixViewer\QuickDCF2.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe () C:\Users\tm\Downloads\Defogger (6).exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Farbar) C:\Users\tm\Downloads\FRST (4).exe ==================== Registry (Whitelisted) ================== HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.de/de.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMk (the data entry has 177 more characters). HKU\.DEFAULT\...\Run: [Samsung.PCSync] => C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe [1294336 2008-09-18] (Time Information Services Ltd.) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-3037083410-1282845951-3713001464-1003\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-3037083410-1282845951-3713001464-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125440 2006-11-02] (Microsoft Corporation) HKU\S-1-5-21-3037083410-1282845951-3713001464-1003\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\S-1-5-21-3037083410-1282845951-3713001464-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-26] (Google Inc.) HKU\S-1-5-21-3037083410-1282845951-3713001464-1003\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\tm\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=7dd42 (the data entry has 82 more characters). HKU\S-1-5-21-3037083410-1282845951-3713001464-1003\...\Run: [S60 PC Suite Tray] => C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe [699392 2008-12-06] () HKU\S-1-5-21-3037083410-1282845951-3713001464-1003\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-3037083410-1282845951-3713001464-1003\...\MountPoints2: {18cd0e19-9393-11e1-94c8-0013776453a9} - F:\AutoRun.exe HKU\S-1-5-21-3037083410-1282845951-3713001464-1003\...\MountPoints2: {28fd0733-d443-11e1-9967-0013776453a9} - H:\Menu.exe HKU\S-1-5-21-3037083410-1282845951-3713001464-1003\...\MountPoints2: {461fa564-22c4-11e1-90b4-0013776453a9} - F:\AutoRun.exe HKU\S-1-5-21-3037083410-1282845951-3713001464-1003\...\MountPoints2: {461fa566-22c4-11e1-90b4-0013776453a9} - F:\AutoRun.exe HKU\S-1-5-21-3037083410-1282845951-3713001464-1003\...\MountPoints2: {48a8bbfd-560a-11df-9857-0013776453a9} - F:\LaunchU3.exe -a HKU\S-1-5-21-3037083410-1282845951-3713001464-1003\...\MountPoints2: {9b7a5ae1-d13f-11dd-aae1-0013776453a9} - F:\AutoRun.exe HKU\S-1-5-21-3037083410-1282845951-3713001464-1003\...\MountPoints2: {9b7a5b06-d13f-11dd-aae1-0013776453a9} - G:\AutoRun.exe HKU\S-1-5-21-3037083410-1282845951-3713001464-1003\...\MountPoints2: {ddab0c5a-e9c0-11e0-837a-0013776453a9} - F:\AutoRun.exe HKU\S-1-5-21-3037083410-1282845951-3713001464-1003\...\MountPoints2: {f8940028-8263-11e0-ba62-db1fa4e62d98} - F:\Menu.exe AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-10] (Google) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ExifLauncher2.lnk ShortcutTarget: ExifLauncher2.lnk -> C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/?LinkId=69157 URLSearchHook: HKCU - (No Name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File SearchScopes: HKLM - DefaultScope {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=FbRkhSNyuC927LohHs6Uav7tIHA?q={searchTerms} SearchScopes: HKCU - {A8221FCE-87F0-4F05-AFFC-6F4672A6D922} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://search.avg.com/route/?d=0&v=6.103.18.1&i=&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll No File BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) BHO: No Name -> {B922D405-6D13-4A2B-AE89-08A030DA4402} -> No File Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\tm\AppData\Roaming\Mozilla\Firefox\Profiles\4774widz.default FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml FF DefaultSearchEngine: WEB.DE Suche FF SelectedSearchEngine: WEB.DE Suche FF Homepage: hxxp://go.web.de/tb/mff_startpage FF Keyword.URL: user_pref("keyword.URL", ""); FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Users\tm\AppData\Roaming\Mozilla\Firefox\Profiles\4774widz.default\searchplugins\11-suche.xml FF SearchPlugin: C:\Users\tm\AppData\Roaming\Mozilla\Firefox\Profiles\4774widz.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\tm\AppData\Roaming\Mozilla\Firefox\Profiles\4774widz.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\tm\AppData\Roaming\Mozilla\Firefox\Profiles\4774widz.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\tm\AppData\Roaming\Mozilla\Firefox\Profiles\4774widz.default\searchplugins\webde-suche.xml FF Extension: WEB.DE MailCheck - C:\Users\tm\AppData\Roaming\Mozilla\Firefox\Profiles\4774widz.default\Extensions\toolbar@web.de.xpi [2012-12-14] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-09] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-07-20] Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR StartupUrls: "hxxp://www.google.com/" CHR DefaultSearchKeyword: web.de CHR DefaultNewTabURL: CHR Extension: (Google Docs) - C:\Users\tm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-09] CHR Extension: (Google Drive) - C:\Users\tm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-09] CHR Extension: (YouTube) - C:\Users\tm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-09] CHR Extension: (Google-Suche) - C:\Users\tm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-09] CHR Extension: (avast! Online Security) - C:\Users\tm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-09] CHR Extension: (Google Wallet) - C:\Users\tm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-09] CHR Extension: (Google Mail) - C:\Users\tm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-09] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-11-09] ========================== Services (Whitelisted) ================= R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [116040 2008-09-10] (Apple Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-06] (AVAST Software) S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-10] (Google) S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45408 2008-11-24] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed] R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [171040 2007-01-08] () [File not signed] S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [73728 2007-06-28] () [File not signed] R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) S3 TDslMgrService; C:\Program Files\DSL-Manager\DslMgrSvc.exe [307200 2008-10-23] (T-Systems Enterprise Services GmbH) [File not signed] S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-01-06] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-01-06] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-11-09] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-01-06] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410528 2014-01-06] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-01-06] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-01-06] () R1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [16448 2007-08-01] (T-Systems Enterprise Services GmbH) S3 dsltestSp5; C:\Windows\System32\Drivers\dsltestSp5.sys [26816 2007-09-12] (Printing Communications Assoc., Inc. (PCAUSA)) R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2007-07-11] (SAMSUNG ELECTRONICS CO., LTD.) S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation) S3 NPF; C:\Windows\System32\drivers\npf.sys [34064 2007-11-06] (CACE Technologies) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [113664 2009-12-08] (Huawei Technologies Co., Ltd.) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-20 20:45 - 2014-07-20 20:45 - 01080320 _____ (Farbar) C:\Users\tm\Downloads\FRST (4).exe 2014-07-20 20:44 - 2014-07-20 20:44 - 00050477 _____ () C:\Users\tm\Downloads\Defogger (6).exe 2014-07-20 20:26 - 2014-07-20 20:26 - 00380416 _____ () C:\Users\tm\Downloads\Gmer-19357 (4).exe 2014-07-20 20:16 - 2014-07-20 20:17 - 01080320 _____ (Farbar) C:\Users\tm\Downloads\FRST (3).exe 2014-07-20 20:16 - 2014-07-20 20:16 - 00050477 _____ () C:\Users\tm\Downloads\Defogger (5).exe 2014-07-20 19:45 - 2014-07-20 19:45 - 00380416 _____ () C:\Users\tm\Downloads\Gmer-19357 (3).exe 2014-07-20 19:41 - 2014-07-20 19:41 - 01080320 _____ (Farbar) C:\Users\tm\Downloads\FRST (2).exe 2014-07-20 19:40 - 2014-07-20 19:40 - 00050477 _____ () C:\Users\tm\Downloads\Defogger (4).exe 2014-07-20 19:27 - 2014-07-20 19:27 - 00380416 _____ () C:\Users\tm\Downloads\Gmer-19357 (2).exe 2014-07-20 19:25 - 2014-07-20 19:25 - 00380416 _____ () C:\Users\tm\Downloads\Gmer-19357 (1).exe 2014-07-20 19:13 - 2014-07-20 19:14 - 01080320 _____ (Farbar) C:\Users\tm\Downloads\FRST (1).exe 2014-07-20 19:10 - 2014-07-20 19:11 - 00050477 _____ () C:\Users\tm\Downloads\Defogger (3).exe 2014-07-20 04:33 - 2014-07-20 04:33 - 00380416 _____ () C:\Users\tm\Downloads\Gmer-19357.exe 2014-07-20 04:14 - 2014-07-20 20:20 - 00035689 _____ () C:\Users\tm\Downloads\Addition.txt 2014-07-20 04:10 - 2014-07-20 20:45 - 00019297 _____ () C:\Users\tm\Downloads\FRST.txt 2014-07-20 04:09 - 2014-07-20 20:45 - 00000000 ____D () C:\FRST 2014-07-20 04:08 - 2014-07-20 04:08 - 01079808 _____ (Farbar) C:\Users\tm\Downloads\FRST.exe 2014-07-20 04:04 - 2014-07-20 20:44 - 00000466 _____ () C:\Users\tm\Downloads\defogger_disable.log 2014-07-20 04:04 - 2014-07-20 04:04 - 00000000 _____ () C:\Users\tm\defogger_reenable 2014-07-20 04:02 - 2014-07-20 04:02 - 00050477 _____ () C:\Users\tm\Downloads\Defogger.exe 2014-07-20 04:02 - 2014-07-20 04:02 - 00050477 _____ () C:\Users\tm\Downloads\Defogger (2).exe 2014-07-20 04:02 - 2014-07-20 04:02 - 00050477 _____ () C:\Users\tm\Downloads\Defogger (1).exe 2014-07-20 03:48 - 2014-07-20 04:02 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-20 03:45 - 2014-07-20 03:45 - 00000000 ____D () C:\Windows\SQL9_KB970892_ENU 2014-07-20 03:27 - 2008-06-20 03:18 - 00781344 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll 2014-07-20 03:27 - 2008-06-20 03:18 - 00326160 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe 2014-07-20 03:27 - 2008-06-20 03:18 - 00105016 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2014-07-20 03:27 - 2008-06-20 03:18 - 00043544 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll 2014-07-20 03:27 - 2008-06-20 03:17 - 00622080 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-07-20 03:27 - 2008-06-20 03:17 - 00097800 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-07-20 03:27 - 2008-06-20 03:17 - 00037384 _____ (Microsoft Corporation) C:\Windows\system32\infocardcpl.cpl 2014-07-20 03:27 - 2008-06-20 03:17 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-07-20 03:19 - 2014-07-20 03:26 - 00196608 _____ () C:\Windows\ocsetup_cbs_install_NetFx3.perf 2014-07-20 03:19 - 2014-07-20 03:26 - 00065536 _____ () C:\Windows\ocsetup_cbs_install_NetFx3.dpx 2014-07-20 03:06 - 2008-07-27 20:00 - 00096760 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-07-20 03:05 - 2008-07-27 20:00 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll 2014-07-20 03:05 - 2008-07-27 20:00 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-07-20 03:05 - 2008-07-27 20:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll 2014-07-20 03:04 - 2008-07-27 20:00 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-07-20 03:02 - 2010-02-21 01:54 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\nshhttp.dll 2014-07-20 03:01 - 2010-02-21 01:51 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\httpapi.dll 2014-07-20 03:01 - 2010-02-20 23:30 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys 2014-07-12 20:56 - 2014-07-12 20:56 - 00031744 _____ () C:\Users\tm\Downloads\Firmenlauf_Bielefeld_Anmeldung2014.xls 2014-07-06 19:07 - 2006-12-14 13:42 - 00069120 ____R (AVM Berlin) C:\Windows\system32\avmadd32.dll ==================== One Month Modified Files and Folders ======= 2014-07-20 20:45 - 2014-07-20 20:45 - 01080320 _____ (Farbar) C:\Users\tm\Downloads\FRST (4).exe 2014-07-20 20:45 - 2014-07-20 04:10 - 00019297 _____ () C:\Users\tm\Downloads\FRST.txt 2014-07-20 20:45 - 2014-07-20 04:09 - 00000000 ____D () C:\FRST 2014-07-20 20:45 - 2008-03-30 15:28 - 00000412 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{7DE789EB-2CEE-4FAA-A54E-B1DE1CF3B6DF}.job 2014-07-20 20:45 - 2008-01-25 05:31 - 00000434 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job 2014-07-20 20:44 - 2014-07-20 20:44 - 00050477 _____ () C:\Users\tm\Downloads\Defogger (6).exe 2014-07-20 20:44 - 2014-07-20 04:04 - 00000466 _____ () C:\Users\tm\Downloads\defogger_disable.log 2014-07-20 20:40 - 2011-05-29 04:42 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-20 20:40 - 2008-03-30 14:59 - 00000000 ____D () C:\Users\tm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2014-07-20 20:40 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-20 20:40 - 2006-11-02 14:47 - 00003072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-20 20:40 - 2006-11-02 14:47 - 00003072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-20 20:26 - 2014-07-20 20:26 - 00380416 _____ () C:\Users\tm\Downloads\Gmer-19357 (4).exe 2014-07-20 20:20 - 2014-07-20 04:14 - 00035689 _____ () C:\Users\tm\Downloads\Addition.txt 2014-07-20 20:18 - 2011-05-29 04:42 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-20 20:17 - 2014-07-20 20:16 - 01080320 _____ (Farbar) C:\Users\tm\Downloads\FRST (3).exe 2014-07-20 20:16 - 2014-07-20 20:16 - 00050477 _____ () C:\Users\tm\Downloads\Defogger (5).exe 2014-07-20 20:13 - 2008-01-25 06:20 - 01084991 _____ () C:\Windows\WindowsUpdate.log 2014-07-20 19:45 - 2014-07-20 19:45 - 00380416 _____ () C:\Users\tm\Downloads\Gmer-19357 (3).exe 2014-07-20 19:41 - 2014-07-20 19:41 - 01080320 _____ (Farbar) C:\Users\tm\Downloads\FRST (2).exe 2014-07-20 19:40 - 2014-07-20 19:40 - 00050477 _____ () C:\Users\tm\Downloads\Defogger (4).exe 2014-07-20 19:27 - 2014-07-20 19:27 - 00380416 _____ () C:\Users\tm\Downloads\Gmer-19357 (2).exe 2014-07-20 19:25 - 2014-07-20 19:25 - 00380416 _____ () C:\Users\tm\Downloads\Gmer-19357 (1).exe 2014-07-20 19:14 - 2014-07-20 19:13 - 01080320 _____ (Farbar) C:\Users\tm\Downloads\FRST (1).exe 2014-07-20 19:11 - 2014-07-20 19:10 - 00050477 _____ () C:\Users\tm\Downloads\Defogger (3).exe 2014-07-20 18:54 - 2012-12-27 20:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-20 17:25 - 2009-08-26 12:57 - 00000000 ____D () C:\Program Files\PC Connectivity Solution 2014-07-20 12:54 - 2007-07-11 00:17 - 00000012 _____ () C:\Windows\bthservsdp.dat 2014-07-20 12:54 - 2006-11-02 15:01 - 00032538 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-07-20 12:53 - 2014-05-01 20:12 - 00035328 _____ () C:\Users\tm\Documents\infobook.xls 2014-07-20 11:22 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-07-20 11:17 - 2007-07-10 07:07 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE 2014-07-20 11:17 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\system32\XPSViewer 2014-07-20 11:17 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE 2014-07-20 11:16 - 2008-08-23 19:22 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-20 11:16 - 2007-07-11 01:28 - 00034152 _____ () C:\Windows\PFRO.log 2014-07-20 04:33 - 2014-07-20 04:33 - 00380416 _____ () C:\Users\tm\Downloads\Gmer-19357.exe 2014-07-20 04:08 - 2014-07-20 04:08 - 01079808 _____ (Farbar) C:\Users\tm\Downloads\FRST.exe 2014-07-20 04:04 - 2014-07-20 04:04 - 00000000 _____ () C:\Users\tm\defogger_reenable 2014-07-20 04:04 - 2008-03-30 14:58 - 00000000 ____D () C:\Users\tm 2014-07-20 04:02 - 2014-07-20 04:02 - 00050477 _____ () C:\Users\tm\Downloads\Defogger.exe 2014-07-20 04:02 - 2014-07-20 04:02 - 00050477 _____ () C:\Users\tm\Downloads\Defogger (2).exe 2014-07-20 04:02 - 2014-07-20 04:02 - 00050477 _____ () C:\Users\tm\Downloads\Defogger (1).exe 2014-07-20 04:02 - 2014-07-20 03:48 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-20 03:46 - 2006-11-02 12:33 - 01492226 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-20 03:45 - 2014-07-20 03:45 - 00000000 ____D () C:\Windows\SQL9_KB970892_ENU 2014-07-20 03:45 - 2007-07-11 01:13 - 00000000 ____D () C:\Program Files\Microsoft SQL Server 2014-07-20 03:26 - 2014-07-20 03:19 - 00196608 _____ () C:\Windows\ocsetup_cbs_install_NetFx3.perf 2014-07-20 03:26 - 2014-07-20 03:19 - 00065536 _____ () C:\Windows\ocsetup_cbs_install_NetFx3.dpx 2014-07-20 03:26 - 2010-05-29 15:47 - 58916864 _____ () C:\Windows\ocsetup_install_NetFx3.etl 2014-07-20 03:01 - 2011-01-14 02:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-20 02:58 - 2010-05-29 15:35 - 00284204 _____ () C:\Windows\msxml4-KB954430-enu.LOG 2014-07-20 02:56 - 2010-05-29 15:34 - 00288290 _____ () C:\Windows\msxml4-KB973688-enu.LOG 2014-07-18 16:04 - 2013-11-09 06:07 - 00001963 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-07-12 20:56 - 2014-07-12 20:56 - 00031744 _____ () C:\Users\tm\Downloads\Firmenlauf_Bielefeld_Anmeldung2014.xls 2014-07-10 22:04 - 2008-04-15 23:06 - 00066048 _____ () C:\Users\tm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-08 22:59 - 2012-12-27 20:40 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-07-08 22:59 - 2011-06-27 23:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-07-06 19:08 - 2013-02-09 20:46 - 00002963 _____ () C:\Windows\avmadd32.log 2014-07-06 19:07 - 2013-02-09 20:46 - 00000000 ____D () C:\Program Files\FRITZ!Box 2014-06-26 17:38 - 2006-11-02 12:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe Some content of TEMP: ==================== C:\Users\tm\AppData\Local\Temp\DataCard_Setup.exe C:\Users\tm\AppData\Local\Temp\ResetDevice.exe C:\Users\tm\AppData\Local\Temp\UNINSTALL.EXE C:\Users\tm\AppData\Local\Temp\_is227F.exe C:\Users\tm\AppData\Local\Temp\_is4847.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-20 20:46 ==================== End Of Log ============================ Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-07-2014 Ran by tm (administrator) on TM-PC on 20-07-2014 20:46:39 Running from C:\Users\tm\Downloads Platform: Microsoft® Windows Vista™ Home Premium (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 7 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\System32\audiodg.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Agere Systems) C:\Windows\System32\agrsmsvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files\CyberLink\Shared Files\RichVideo.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe () C:\Program Files\Samsung\Samsung Recovery Solution II\WCScheduler.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe (Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe () C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (FUJIFILM Corporation) C:\Program Files\FinePixViewer\QuickDCF2.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe () C:\Users\tm\Downloads\Defogger (6).exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Farbar) C:\Users\tm\Downloads\FRST (4).exe () C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe ==================== Registry (Whitelisted) ================== HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.de/de.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMk (the data entry has 177 more characters). HKU\.DEFAULT\...\Run: [Samsung.PCSync] => C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe [1294336 2008-09-18] (Time Information Services Ltd.) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-3037083410-1282845951-3713001464-1003\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-3037083410-1282845951-3713001464-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125440 2006-11-02] (Microsoft Corporation) HKU\S-1-5-21-3037083410-1282845951-3713001464-1003\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\S-1-5-21-3037083410-1282845951-3713001464-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-26] (Google Inc.) HKU\S-1-5-21-3037083410-1282845951-3713001464-1003\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\tm\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=7dd42 (the data entry has 82 more characters). HKU\S-1-5-21-3037083410-1282845951-3713001464-1003\...\Run: [S60 PC Suite Tray] => C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe [699392 2008-12-06] () HKU\S-1-5-21-3037083410-1282845951-3713001464-1003\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-3037083410-1282845951-3713001464-1003\...\MountPoints2: {18cd0e19-9393-11e1-94c8-0013776453a9} - F:\AutoRun.exe HKU\S-1-5-21-3037083410-1282845951-3713001464-1003\...\MountPoints2: {28fd0733-d443-11e1-9967-0013776453a9} - H:\Menu.exe HKU\S-1-5-21-3037083410-1282845951-3713001464-1003\...\MountPoints2: {461fa564-22c4-11e1-90b4-0013776453a9} - F:\AutoRun.exe HKU\S-1-5-21-3037083410-1282845951-3713001464-1003\...\MountPoints2: {461fa566-22c4-11e1-90b4-0013776453a9} - F:\AutoRun.exe HKU\S-1-5-21-3037083410-1282845951-3713001464-1003\...\MountPoints2: {48a8bbfd-560a-11df-9857-0013776453a9} - F:\LaunchU3.exe -a HKU\S-1-5-21-3037083410-1282845951-3713001464-1003\...\MountPoints2: {9b7a5ae1-d13f-11dd-aae1-0013776453a9} - F:\AutoRun.exe HKU\S-1-5-21-3037083410-1282845951-3713001464-1003\...\MountPoints2: {9b7a5b06-d13f-11dd-aae1-0013776453a9} - G:\AutoRun.exe HKU\S-1-5-21-3037083410-1282845951-3713001464-1003\...\MountPoints2: {ddab0c5a-e9c0-11e0-837a-0013776453a9} - F:\AutoRun.exe HKU\S-1-5-21-3037083410-1282845951-3713001464-1003\...\MountPoints2: {f8940028-8263-11e0-ba62-db1fa4e62d98} - F:\Menu.exe AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-10] (Google) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ExifLauncher2.lnk ShortcutTarget: ExifLauncher2.lnk -> C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/?LinkId=69157 URLSearchHook: HKCU - (No Name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File SearchScopes: HKLM - DefaultScope {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=FbRkhSNyuC927LohHs6Uav7tIHA?q={searchTerms} SearchScopes: HKCU - {A8221FCE-87F0-4F05-AFFC-6F4672A6D922} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://search.avg.com/route/?d=0&v=6.103.18.1&i=&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll No File BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) BHO: No Name -> {B922D405-6D13-4A2B-AE89-08A030DA4402} -> No File Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\tm\AppData\Roaming\Mozilla\Firefox\Profiles\4774widz.default FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml FF DefaultSearchEngine: WEB.DE Suche FF SelectedSearchEngine: WEB.DE Suche FF Homepage: hxxp://go.web.de/tb/mff_startpage FF Keyword.URL: user_pref("keyword.URL", ""); FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Users\tm\AppData\Roaming\Mozilla\Firefox\Profiles\4774widz.default\searchplugins\11-suche.xml FF SearchPlugin: C:\Users\tm\AppData\Roaming\Mozilla\Firefox\Profiles\4774widz.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\tm\AppData\Roaming\Mozilla\Firefox\Profiles\4774widz.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\tm\AppData\Roaming\Mozilla\Firefox\Profiles\4774widz.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\tm\AppData\Roaming\Mozilla\Firefox\Profiles\4774widz.default\searchplugins\webde-suche.xml FF Extension: WEB.DE MailCheck - C:\Users\tm\AppData\Roaming\Mozilla\Firefox\Profiles\4774widz.default\Extensions\toolbar@web.de.xpi [2012-12-14] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-09] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-07-20] Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR StartupUrls: "hxxp://www.google.com/" CHR DefaultSearchKeyword: web.de CHR DefaultNewTabURL: CHR Extension: (Google Docs) - C:\Users\tm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-09] CHR Extension: (Google Drive) - C:\Users\tm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-09] CHR Extension: (YouTube) - C:\Users\tm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-09] CHR Extension: (Google-Suche) - C:\Users\tm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-09] CHR Extension: (avast! Online Security) - C:\Users\tm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-09] CHR Extension: (Google Wallet) - C:\Users\tm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-09] CHR Extension: (Google Mail) - C:\Users\tm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-09] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-11-09] ========================== Services (Whitelisted) ================= R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [116040 2008-09-10] (Apple Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-06] (AVAST Software) S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-10] (Google) S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45408 2008-11-24] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed] R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [171040 2007-01-08] () [File not signed] S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [73728 2007-06-28] () [File not signed] R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) S3 TDslMgrService; C:\Program Files\DSL-Manager\DslMgrSvc.exe [307200 2008-10-23] (T-Systems Enterprise Services GmbH) [File not signed] S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-01-06] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-01-06] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-11-09] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-01-06] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410528 2014-01-06] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-01-06] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-01-06] () R1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [16448 2007-08-01] (T-Systems Enterprise Services GmbH) S3 dsltestSp5; C:\Windows\System32\Drivers\dsltestSp5.sys [26816 2007-09-12] (Printing Communications Assoc., Inc. (PCAUSA)) R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2007-07-11] (SAMSUNG ELECTRONICS CO., LTD.) S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation) S3 NPF; C:\Windows\System32\drivers\npf.sys [34064 2007-11-06] (CACE Technologies) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [113664 2009-12-08] (Huawei Technologies Co., Ltd.) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-20 20:45 - 2014-07-20 20:45 - 01080320 _____ (Farbar) C:\Users\tm\Downloads\FRST (4).exe 2014-07-20 20:44 - 2014-07-20 20:44 - 00050477 _____ () C:\Users\tm\Downloads\Defogger (6).exe 2014-07-20 20:26 - 2014-07-20 20:26 - 00380416 _____ () C:\Users\tm\Downloads\Gmer-19357 (4).exe 2014-07-20 20:16 - 2014-07-20 20:17 - 01080320 _____ (Farbar) C:\Users\tm\Downloads\FRST (3).exe 2014-07-20 20:16 - 2014-07-20 20:16 - 00050477 _____ () C:\Users\tm\Downloads\Defogger (5).exe 2014-07-20 19:45 - 2014-07-20 19:45 - 00380416 _____ () C:\Users\tm\Downloads\Gmer-19357 (3).exe 2014-07-20 19:41 - 2014-07-20 19:41 - 01080320 _____ (Farbar) C:\Users\tm\Downloads\FRST (2).exe 2014-07-20 19:40 - 2014-07-20 19:40 - 00050477 _____ () C:\Users\tm\Downloads\Defogger (4).exe 2014-07-20 19:27 - 2014-07-20 19:27 - 00380416 _____ () C:\Users\tm\Downloads\Gmer-19357 (2).exe 2014-07-20 19:25 - 2014-07-20 19:25 - 00380416 _____ () C:\Users\tm\Downloads\Gmer-19357 (1).exe 2014-07-20 19:13 - 2014-07-20 19:14 - 01080320 _____ (Farbar) C:\Users\tm\Downloads\FRST (1).exe 2014-07-20 19:10 - 2014-07-20 19:11 - 00050477 _____ () C:\Users\tm\Downloads\Defogger (3).exe 2014-07-20 04:33 - 2014-07-20 04:33 - 00380416 _____ () C:\Users\tm\Downloads\Gmer-19357.exe 2014-07-20 04:14 - 2014-07-20 20:20 - 00035689 _____ () C:\Users\tm\Downloads\Addition.txt 2014-07-20 04:10 - 2014-07-20 20:46 - 00019207 _____ () C:\Users\tm\Downloads\FRST.txt 2014-07-20 04:09 - 2014-07-20 20:46 - 00000000 ____D () C:\FRST 2014-07-20 04:08 - 2014-07-20 04:08 - 01079808 _____ (Farbar) C:\Users\tm\Downloads\FRST.exe 2014-07-20 04:04 - 2014-07-20 20:44 - 00000466 _____ () C:\Users\tm\Downloads\defogger_disable.log 2014-07-20 04:04 - 2014-07-20 04:04 - 00000000 _____ () C:\Users\tm\defogger_reenable 2014-07-20 04:02 - 2014-07-20 04:02 - 00050477 _____ () C:\Users\tm\Downloads\Defogger.exe 2014-07-20 04:02 - 2014-07-20 04:02 - 00050477 _____ () C:\Users\tm\Downloads\Defogger (2).exe 2014-07-20 04:02 - 2014-07-20 04:02 - 00050477 _____ () C:\Users\tm\Downloads\Defogger (1).exe 2014-07-20 03:48 - 2014-07-20 04:02 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-20 03:45 - 2014-07-20 03:45 - 00000000 ____D () C:\Windows\SQL9_KB970892_ENU 2014-07-20 03:27 - 2008-06-20 03:18 - 00781344 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll 2014-07-20 03:27 - 2008-06-20 03:18 - 00326160 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe 2014-07-20 03:27 - 2008-06-20 03:18 - 00105016 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2014-07-20 03:27 - 2008-06-20 03:18 - 00043544 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll 2014-07-20 03:27 - 2008-06-20 03:17 - 00622080 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-07-20 03:27 - 2008-06-20 03:17 - 00097800 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-07-20 03:27 - 2008-06-20 03:17 - 00037384 _____ (Microsoft Corporation) C:\Windows\system32\infocardcpl.cpl 2014-07-20 03:27 - 2008-06-20 03:17 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-07-20 03:19 - 2014-07-20 03:26 - 00196608 _____ () C:\Windows\ocsetup_cbs_install_NetFx3.perf 2014-07-20 03:19 - 2014-07-20 03:26 - 00065536 _____ () C:\Windows\ocsetup_cbs_install_NetFx3.dpx 2014-07-20 03:06 - 2008-07-27 20:00 - 00096760 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-07-20 03:05 - 2008-07-27 20:00 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll 2014-07-20 03:05 - 2008-07-27 20:00 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-07-20 03:05 - 2008-07-27 20:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll 2014-07-20 03:04 - 2008-07-27 20:00 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-07-20 03:02 - 2010-02-21 01:54 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\nshhttp.dll 2014-07-20 03:01 - 2010-02-21 01:51 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\httpapi.dll 2014-07-20 03:01 - 2010-02-20 23:30 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys 2014-07-12 20:56 - 2014-07-12 20:56 - 00031744 _____ () C:\Users\tm\Downloads\Firmenlauf_Bielefeld_Anmeldung2014.xls 2014-07-06 19:07 - 2006-12-14 13:42 - 00069120 ____R (AVM Berlin) C:\Windows\system32\avmadd32.dll ==================== One Month Modified Files and Folders ======= 2014-07-20 20:46 - 2014-07-20 04:10 - 00019207 _____ () C:\Users\tm\Downloads\FRST.txt 2014-07-20 20:46 - 2014-07-20 04:09 - 00000000 ____D () C:\FRST 2014-07-20 20:45 - 2014-07-20 20:45 - 01080320 _____ (Farbar) C:\Users\tm\Downloads\FRST (4).exe 2014-07-20 20:45 - 2008-03-30 15:28 - 00000412 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{7DE789EB-2CEE-4FAA-A54E-B1DE1CF3B6DF}.job 2014-07-20 20:45 - 2008-01-25 05:31 - 00000434 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job 2014-07-20 20:44 - 2014-07-20 20:44 - 00050477 _____ () C:\Users\tm\Downloads\Defogger (6).exe 2014-07-20 20:44 - 2014-07-20 04:04 - 00000466 _____ () C:\Users\tm\Downloads\defogger_disable.log 2014-07-20 20:43 - 2008-01-25 06:20 - 01084991 _____ () C:\Windows\WindowsUpdate.log 2014-07-20 20:40 - 2011-05-29 04:42 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-20 20:40 - 2008-03-30 14:59 - 00000000 ____D () C:\Users\tm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2014-07-20 20:40 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-20 20:40 - 2006-11-02 14:47 - 00003072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-20 20:40 - 2006-11-02 14:47 - 00003072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-20 20:26 - 2014-07-20 20:26 - 00380416 _____ () C:\Users\tm\Downloads\Gmer-19357 (4).exe 2014-07-20 20:20 - 2014-07-20 04:14 - 00035689 _____ () C:\Users\tm\Downloads\Addition.txt 2014-07-20 20:18 - 2011-05-29 04:42 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-20 20:17 - 2014-07-20 20:16 - 01080320 _____ (Farbar) C:\Users\tm\Downloads\FRST (3).exe 2014-07-20 20:16 - 2014-07-20 20:16 - 00050477 _____ () C:\Users\tm\Downloads\Defogger (5).exe 2014-07-20 19:45 - 2014-07-20 19:45 - 00380416 _____ () C:\Users\tm\Downloads\Gmer-19357 (3).exe 2014-07-20 19:41 - 2014-07-20 19:41 - 01080320 _____ (Farbar) C:\Users\tm\Downloads\FRST (2).exe 2014-07-20 19:40 - 2014-07-20 19:40 - 00050477 _____ () C:\Users\tm\Downloads\Defogger (4).exe 2014-07-20 19:27 - 2014-07-20 19:27 - 00380416 _____ () C:\Users\tm\Downloads\Gmer-19357 (2).exe 2014-07-20 19:25 - 2014-07-20 19:25 - 00380416 _____ () C:\Users\tm\Downloads\Gmer-19357 (1).exe 2014-07-20 19:14 - 2014-07-20 19:13 - 01080320 _____ (Farbar) C:\Users\tm\Downloads\FRST (1).exe 2014-07-20 19:11 - 2014-07-20 19:10 - 00050477 _____ () C:\Users\tm\Downloads\Defogger (3).exe 2014-07-20 18:54 - 2012-12-27 20:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-20 17:25 - 2009-08-26 12:57 - 00000000 ____D () C:\Program Files\PC Connectivity Solution 2014-07-20 12:54 - 2007-07-11 00:17 - 00000012 _____ () C:\Windows\bthservsdp.dat 2014-07-20 12:54 - 2006-11-02 15:01 - 00032538 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-07-20 12:53 - 2014-05-01 20:12 - 00035328 _____ () C:\Users\tm\Documents\infobook.xls 2014-07-20 11:22 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-07-20 11:17 - 2007-07-10 07:07 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE 2014-07-20 11:17 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\system32\XPSViewer 2014-07-20 11:17 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE 2014-07-20 11:16 - 2008-08-23 19:22 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-20 11:16 - 2007-07-11 01:28 - 00034152 _____ () C:\Windows\PFRO.log 2014-07-20 04:33 - 2014-07-20 04:33 - 00380416 _____ () C:\Users\tm\Downloads\Gmer-19357.exe 2014-07-20 04:08 - 2014-07-20 04:08 - 01079808 _____ (Farbar) C:\Users\tm\Downloads\FRST.exe 2014-07-20 04:04 - 2014-07-20 04:04 - 00000000 _____ () C:\Users\tm\defogger_reenable 2014-07-20 04:04 - 2008-03-30 14:58 - 00000000 ____D () C:\Users\tm 2014-07-20 04:02 - 2014-07-20 04:02 - 00050477 _____ () C:\Users\tm\Downloads\Defogger.exe 2014-07-20 04:02 - 2014-07-20 04:02 - 00050477 _____ () C:\Users\tm\Downloads\Defogger (2).exe 2014-07-20 04:02 - 2014-07-20 04:02 - 00050477 _____ () C:\Users\tm\Downloads\Defogger (1).exe 2014-07-20 04:02 - 2014-07-20 03:48 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-20 03:46 - 2006-11-02 12:33 - 01492226 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-20 03:45 - 2014-07-20 03:45 - 00000000 ____D () C:\Windows\SQL9_KB970892_ENU 2014-07-20 03:45 - 2007-07-11 01:13 - 00000000 ____D () C:\Program Files\Microsoft SQL Server 2014-07-20 03:26 - 2014-07-20 03:19 - 00196608 _____ () C:\Windows\ocsetup_cbs_install_NetFx3.perf 2014-07-20 03:26 - 2014-07-20 03:19 - 00065536 _____ () C:\Windows\ocsetup_cbs_install_NetFx3.dpx 2014-07-20 03:26 - 2010-05-29 15:47 - 58916864 _____ () C:\Windows\ocsetup_install_NetFx3.etl 2014-07-20 03:01 - 2011-01-14 02:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-20 02:58 - 2010-05-29 15:35 - 00284204 _____ () C:\Windows\msxml4-KB954430-enu.LOG 2014-07-20 02:56 - 2010-05-29 15:34 - 00288290 _____ () C:\Windows\msxml4-KB973688-enu.LOG 2014-07-18 16:04 - 2013-11-09 06:07 - 00001963 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-07-12 20:56 - 2014-07-12 20:56 - 00031744 _____ () C:\Users\tm\Downloads\Firmenlauf_Bielefeld_Anmeldung2014.xls 2014-07-10 22:04 - 2008-04-15 23:06 - 00066048 _____ () C:\Users\tm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-08 22:59 - 2012-12-27 20:40 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-07-08 22:59 - 2011-06-27 23:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-07-06 19:08 - 2013-02-09 20:46 - 00002963 _____ () C:\Windows\avmadd32.log 2014-07-06 19:07 - 2013-02-09 20:46 - 00000000 ____D () C:\Program Files\FRITZ!Box 2014-06-26 17:38 - 2006-11-02 12:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe Some content of TEMP: ==================== C:\Users\tm\AppData\Local\Temp\DataCard_Setup.exe C:\Users\tm\AppData\Local\Temp\ResetDevice.exe C:\Users\tm\AppData\Local\Temp\UNINSTALL.EXE C:\Users\tm\AppData\Local\Temp\_is227F.exe C:\Users\tm\AppData\Local\Temp\_is4847.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-20 20:46 ==================== End Of Log ============================ |
Themen zu Rechner viel langsamer, stürzt häufig ab |
antivirus, desktop, explorer, flash player, google, homepage, html/ransom.h, java/agent.du, java/trojandownloader.agent.new, mozilla, newtab, registry, safer networking, security, services.exe, software, svchost.exe, win32/riern.aa, win32/toolbar.widgi, windows |