| |
| |||||||
Log-Analyse und Auswertung: Rechner langsamer, insb. Firefox startet langsamWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
01.10.2013, 21:35
| #1 |
 |  Rechner langsamer, insb. Firefox startet langsam Moinmoin, ich hatte vor einiger Zeit mal einen Fund auf dem PC, den ich mit Malwarebytes auch erfolgreich bekämpft habe. Nur habe ich die log.Datei davon leider nicht mehr (wo werden die denn eigtl. gespeichert?). Damals war der PC langsamer und besonders die Startseite bei FF öffnete sich sehr langsam. Mittlerweile ist er auch wieder nicht der schnellste und auch bei eigentlich nicht so leistungsfordernden Aktionen stockt er teilweise. Ich weiß aber leider nicht, ob noch etwas auf dem PC sein könnte, was ich nicht entdecken kann. Vielleicht könnte mal wer schauen, ob alles damals entfernt wurde? Das wär super... Gruß Folgende Vorabinfos: DEFOGGER Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:56 on 01/10/2013 (XXX)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2013 01
Ran by XXX (administrator) on PC on 01-10-2013 22:03:51
Running from C:\Users\XXX\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Bao_Nguyen) C:\Program Files\Switcher\Switcher.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [321080 2009-07-27] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKCU\...\Run: [Switcher] - C:\Program Files\Switcher\Switcher.exe [425984 2007-10-28] (Bao_Nguyen)
HKCU\...\Run: [] - [x]
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x15A32CCEE7ECCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
Toolbar: HKCU - No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
ShellExecuteHooks: - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File [ ]
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\nlsgw1ek.default
FF user.js: detected! => C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\nlsgw1ek.default\user.js
FF DefaultSearchEngine: Google
FF Homepage: google.de
FF NetworkProxy: "backup.ftp", "65.125.155.90"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "65.125.155.90"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "65.125.155.90"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "168.61.33.21"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "168.61.33.21"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "168.61.33.21"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "168.61.33.21"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\nlsgw1ek.default\searchplugins\google-germany.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flashblock - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\nlsgw1ek.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF Extension: WOT - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\nlsgw1ek.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: No Name - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\nlsgw1ek.default\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi
FF Extension: No Name - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\nlsgw1ek.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
========================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [683696 2012-08-24] (Juniper Networks)
S3 npggsvc; C:\Windows\system32\GameMon.des [3969336 2012-04-05] (INCA Internet Co., Ltd.)
S3 Samsung UPD Service; C:\Windows\System32\SUPDSvc.exe [131888 2010-08-09] (Samsung Electronics CO., LTD.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe [229458 2010-03-23] (IDT, Inc.)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [828944 2011-08-03] (GlavSoft LLC.)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2012-08-24] (Juniper Networks)
S3 iscFlash; C:\SwSetup\sp45138\iscflash.sys [13312 2009-06-16] (Insyde Software)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [59776 2011-09-07] (SCM Microsystems Inc.)
S3 catchme; \??\C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-01 22:03 - 2013-10-01 22:03 - 00000000 ____D C:\FRST
2013-10-01 21:59 - 2013-10-01 21:59 - 04369632 _____ (Piriform Ltd) C:\Users\XXX\Desktop\ccsetup406.exe
2013-10-01 21:58 - 2013-10-01 21:58 - 01086873 _____ (Farbar) C:\Users\XXX\Desktop\FRST.exe
2013-10-01 21:56 - 2013-10-01 21:57 - 00000470 _____ C:\Users\XXX\Desktop\defogger_disable.log
2013-10-01 21:56 - 2013-10-01 21:56 - 00050477 _____ C:\Users\XXX\Desktop\Defogger.exe
2013-10-01 21:53 - 2013-10-01 21:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-21 19:58 - 2013-09-21 21:04 - 00000000 ____D C:\Users\XXX\Desktop\Frankreich2013
2013-09-18 22:08 - 2013-09-18 22:08 - 00094208 _____ (DivX, Inc.) C:\Windows\system32\dpl100.dll
2013-09-16 20:11 - 2013-09-16 20:11 - 00000000 ____D C:\Windows\system32\Adobe
2013-09-16 20:09 - 2013-10-01 22:03 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-16 20:09 - 2013-09-16 20:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-16 20:09 - 2013-09-16 20:09 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-12 23:07 - 2011-11-10 00:59 - 1458176000 _____ C:\Users\XXX\Desktop\Die.Frau.die.singt.avi
2013-09-11 21:29 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 21:29 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 21:28 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 21:28 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 21:28 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 21:28 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 21:28 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 21:28 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 21:28 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 21:28 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 21:28 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 21:28 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 21:28 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 21:28 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 21:28 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 21:28 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 21:17 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 21:16 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 21:16 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 21:16 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 21:16 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 21:16 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 21:16 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 21:16 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-10 00:33 - 2013-08-29 12:18 - 00000000 ____D C:\Users\XXX\Desktop\Sommer, Sonne, Kaktus! (Special Version)
2013-09-06 22:11 - 2013-09-06 22:39 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-02 12:49 - 2013-10-01 21:24 - 00000000 ____D C:\Users\XXX\Desktop\S-Block
==================== One Month Modified Files and Folders =======
2013-10-01 22:03 - 2013-10-01 22:03 - 00000000 ____D C:\FRST
2013-10-01 22:03 - 2013-09-16 20:09 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-01 22:00 - 2009-10-14 05:07 - 00000000 ____D C:\Windows\Panther
2013-10-01 21:59 - 2013-10-01 21:59 - 04369632 _____ (Piriform Ltd) C:\Users\XXX\Desktop\ccsetup406.exe
2013-10-01 21:59 - 2012-02-19 21:44 - 00000000 ____D C:\Program Files\CCleaner
2013-10-01 21:58 - 2013-10-01 21:58 - 01086873 _____ (Farbar) C:\Users\XXX\Desktop\FRST.exe
2013-10-01 21:57 - 2013-10-01 21:56 - 00000470 _____ C:\Users\XXX\Desktop\defogger_disable.log
2013-10-01 21:56 - 2013-10-01 21:56 - 00050477 _____ C:\Users\XXX\Desktop\Defogger.exe
2013-10-01 21:53 - 2013-10-01 21:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-01 21:53 - 2012-07-11 23:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-01 21:53 - 2012-02-16 23:33 - 00000000 ____D C:\Users\XXX\AppData\Local\Mozilla
2013-10-01 21:52 - 2012-01-19 00:25 - 01233435 ____N C:\Windows\WindowsUpdate.log
2013-10-01 21:24 - 2013-09-02 12:49 - 00000000 ____D C:\Users\XXX\Desktop\S-Block
2013-10-01 20:14 - 2009-07-14 06:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-01 20:14 - 2009-07-14 06:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-01 09:32 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-26 18:21 - 2012-03-01 16:20 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2013-09-26 18:21 - 2012-02-18 23:25 - 00000000 ____D C:\Program Files\DivX
2013-09-26 18:21 - 2012-02-18 23:24 - 00000000 ____D C:\ProgramData\DivX
2013-09-25 21:28 - 2012-12-30 16:44 - 00000000 ____D C:\Users\XXX\AppData\Roaming\ICQ
2013-09-25 09:03 - 2012-02-16 23:28 - 00653540 _____ C:\Windows\system32\perfh01D.dat
2013-09-25 09:03 - 2012-02-16 23:28 - 00141360 _____ C:\Windows\system32\perfc01D.dat
2013-09-25 09:03 - 2012-01-19 00:26 - 02406826 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-24 22:48 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-21 23:17 - 2012-03-01 20:09 - 00000000 ____D C:\Users\XXX\AppData\Roaming\vlc
2013-09-21 21:04 - 2013-09-21 19:58 - 00000000 ____D C:\Users\XXX\Desktop\Frankreich2013
2013-09-21 20:50 - 2012-02-21 23:48 - 00000000 ____D C:\Users\XXX\AppData\Roaming\Dropbox
2013-09-21 20:04 - 2012-02-21 23:50 - 00000000 ___RD C:\Users\XXX\Dropbox
2013-09-21 20:03 - 2012-02-21 23:49 - 00000000 ____D C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-09-20 00:04 - 2013-03-18 23:06 - 00000000 ____D C:\Users\XXX\Desktop\Pool
2013-09-18 22:08 - 2013-09-18 22:08 - 00094208 _____ (DivX, Inc.) C:\Windows\system32\dpl100.dll
2013-09-16 20:11 - 2013-09-16 20:11 - 00000000 ____D C:\Windows\system32\Adobe
2013-09-16 20:10 - 2012-02-18 22:52 - 00000000 ____D C:\Users\XXX\AppData\Local\Adobe
2013-09-16 20:09 - 2013-09-16 20:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-16 20:09 - 2013-09-16 20:09 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-16 20:02 - 2012-02-16 22:34 - 00000000 ____D C:\Windows\system32\Macromed
2013-09-13 11:52 - 2012-02-20 21:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 11:51 - 2012-02-20 21:47 - 00002685 _____ C:\Users\XXX\Desktop\Microsoft Office Excel 2007.lnk
2013-09-13 11:44 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-12 22:35 - 2009-07-14 06:33 - 03846296 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 00:22 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\sv-SE
2013-09-12 00:22 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-11 21:27 - 2013-07-11 09:40 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 21:19 - 2009-10-14 04:21 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-06 22:39 - 2013-09-06 22:11 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-06 22:02 - 2012-01-19 00:30 - 00000000 ____D C:\Users\XXX
2013-09-06 10:24 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
Files to move or delete:
====================
C:\Users\XXX\aswclear5.exe
C:\Users\XXX\ICQ 7.7 Build #6547 Banner Remover.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-21 20:35
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-09-2013 01
Ran by XXX at 2013-10-01 22:05:08
Running from C:\Users\XXX\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958)
AC3Filter 1.62b (Version: 1.62b)
Adobe AIR (Version: 3.7.0.2090)
Adobe Community Help (Version: 3.0.0)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Media Player (Version: 1.8)
Adobe Reader XI (11.0.04) - Deutsch (Version: 11.0.04)
Adobe Shockwave Player 12.0 (Version: 12.0.4.144)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
avast! Free Antivirus (Version: 8.0.1497.0)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 4.06)
DivX-Setup (Version: 2.6.1.84)
Dropbox (HKCU Version: 2.0.22)
FormatFactory 3.0.1 (Version: 3.0.1)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (Version: 1)
HP Quick Launch Buttons (Version: 6.50.4.2)
iCloud (Version: 2.0.2.187)
ICQ7.7 (Version: 7.7)
IDT Audio (Version: 1.0.6225.0)
iFunbox (v1.98.948.666), iFunbox DevTeam (Version: v1.98.948.666)
iTunes (Version: 10.6.3.25)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
JMicron JMB38X Flash Media Controller Driver (Version: 1.00.20.07)
Juniper Networks Network Connect 7.2.0 (Version: 7.2.0.21697)
Juniper Networks, Inc. Setup Client (HKCU Version: 7.2.4.25005)
Juniper Networks, Inc. Setup Client Activex Control (Version: 2.1.1.1)
KONICA MINOLTA Universal PS
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (Version: 9.0.30729)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nero 7 Essentials (Version: 7.03.1084)
Nokia Connectivity Cable Driver (Version: 7.1.172.0)
Nokia Suite (Version: 3.8.30.0)
NVIDIA Grafiktreiber 314.07 (Version: 314.07)
NVIDIA HD-Audiotreiber 1.3.23.1 (Version: 1.3.23.1)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Systemsteuerung 314.07 (Version: 314.07)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
Pando Media Booster (Version: 2.6.0.8)
PC Connectivity Solution (Version: 12.0.109.0)
PDF24 Creator 5.4.0
plist Editor for Windows 1.0.2 (Version: 1.0.2)
QLBCASL (Version: 6.40.17.2)
QuickTime (Version: 7.72.80.56)
RUBICon (Version: 2.0.25)
Samsung Universal Print Driver (Version: 2.02.05.00:24)
SopCast 3.5.0 (Version: 3.5.0)
Switcher 2.0.0 (Version: 2.0.0)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.3.29.0)
System Requirements Lab
TightVNC 2.0.4 (Version: 2.0.4)
Universal Extractor 1.6.1 (Version: 1.6.1)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VLC media player 2.0.7 (Version: 2.0.7)
Winamp (Version: 5.623 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0)
WinRAR 4.10 (32-Bit) (Version: 4.10.0)
WinSCP 5.1.6 (Version: 5.1.6)
==================== Restore Points =========================
28-08-2013 19:12:19 Geplanter Prüfpunkt
04-09-2013 20:35:12 Geplanter Prüfpunkt
11-09-2013 19:18:29 Windows Update
13-09-2013 09:49:35 Windows Update
24-09-2013 20:46:44 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2009-07-14 04:04 - 2013-05-06 17:39 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {158E2EF2-A4F9-4F5B-AA3C-F4653E92151B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {19FCE9A6-F7C9-4930-AD90-5BFBC8FE4253} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {28594FC9-22FC-45B7-BE2E-30B9037C60DC} - System32\Tasks\GoforFilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe
Task: {372E3BA9-559C-4B61-84A1-C0037E60A72F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-16] (Adobe Systems Incorporated)
Task: {97B36DCB-DBD1-4E90-805A-CA4BDDEF85DC} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {C20F0AE5-C83D-4644-AED0-3B59F53DADC4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2012-02-20 21:11 - 2012-01-09 20:44 - 00166912 _____ () C:\Program Files\WinRAR\rarext.dll
2009-02-26 14:46 - 2009-02-26 14:46 - 00064344 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 12:46 - 2011-06-22 12:46 - 00434016 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2011-05-26 21:18 - 2011-05-26 21:18 - 00136536 _____ () C:\Program Files\Microsoft Office\Office12\OUTLCTL.DLL
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2013-10-01 21:53 - 2013-10-01 21:53 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\XXX\Documents\Bild (16).jpg: 3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\XXX\Documents\Bild (16).jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\XXX\Documents\Bild (2).jpg: 3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\XXX\Documents\Bild (2).jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\XXX\Documents\Bild.jpg: 3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\XXX\Documents\Bild.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/30/2013 08:30:39 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/24/2013 10:41:13 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/24/2013 09:32:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19988564
Error: (09/24/2013 09:32:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19988564
Error: (09/24/2013 09:32:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/23/2013 02:46:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 580464
Error: (09/23/2013 02:46:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 580464
Error: (09/23/2013 02:46:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/23/2013 02:36:34 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4103
Error: (09/23/2013 02:36:34 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4103
System errors:
=============
Error: (10/01/2013 09:35:07 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (10/01/2013 09:35:07 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (09/30/2013 09:55:05 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (09/30/2013 09:55:03 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (09/27/2013 01:53:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (09/27/2013 01:53:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (09/25/2013 09:02:27 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (09/25/2013 09:02:27 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (09/23/2013 01:16:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (09/23/2013 01:16:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Microsoft Office Sessions:
=========================
Error: (03/14/2013 10:41:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 221 seconds with 180 seconds of active time. This session ended with a crash.
Error: (07/01/2012 05:02:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15813 seconds with 3780 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2013-09-30 20:52:36.093
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-30 20:11:01.999
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-27 14:43:08.851
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-27 14:36:56.661
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-27 14:29:27.955
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-27 14:29:24.730
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-27 14:29:21.607
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-27 14:29:02.087
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-27 14:26:49.953
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-26 22:15:21.351
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 35%
Total physical RAM: 3069.21 MB
Available physical RAM: 1967.44 MB
Total Pagefile: 6136.7 MB
Available Pagefile: 4946.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.52 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.88 GB) (Free:119.21 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 97A197A1)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-01 22:24:42
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2250BH_G2 rev.8909 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\pxldapow.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x90A54610]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x9121D5FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x90A550E6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x90A60F18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x90A60F64]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x90A610FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x90A60E86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x9121D992]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x90A60ECE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x90A555E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x90A55800]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x90A610B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x90A55E9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x90A54676]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x90A59596]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x9121D6C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x9121BC12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x90A546DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x90A5998C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x90A5692C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x90A60F42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x90A60F86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x90A61122]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x90A60EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x90A58E78]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x90A61036]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x90A60EF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x90A5926E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x90A610DC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x9121D822]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x90A567F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x90A56506]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x90A54742]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x90A547A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x90A55D16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x90A542F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x90A544CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x90A5445C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x90A56066]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x90A561C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x90A54556]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x9121D8EA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x90A55CF6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x9121BC42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x90A5480E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x9121D76E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x91236E00]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82C82A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CBC212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82CC3460 4 Bytes [10, 46, A5, 90] {ADC [ESI-0x5b], AL; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82CC3488 4 Bytes [FA, D5, 21, 91] {CLI ; AAD 0x21; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82CC34E8 1 Byte [E6]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82CC34E8 4 Bytes [E6, 50, A5, 90] {OUT 0x50, AL; MOVSD ; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82CC353C 8 Bytes [18, 0F, A6, 90, 64, 0F, A6, ...]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E50D39 5 Bytes JMP 91233C9A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82E69370 5 Bytes JMP 912357CC \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82E7E4CF 4 Bytes CALL 90A56FEF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82E98323 4 Bytes CALL 90A57005 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82F2226E 7 Bytes JMP 91236E04 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text kernel32.dll!GetBinaryTypeW + 70 75D569E4 1 Byte [62]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\svchost.exe[344] kernel32.dll!GetBinaryTypeW + 70 75D569E4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[440] kernel32.dll!GetBinaryTypeW + 70 75D569E4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[496] kernel32.dll!GetBinaryTypeW + 70 75D569E4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[504] kernel32.dll!GetBinaryTypeW + 70 75D569E4 1 Byte [62]
.text ...
.text C:\Windows\system32\svchost.exe[1596] ntdll.dll!LdrUnloadDll 7725C8DE 5 Bytes JMP 000E03FC
.text C:\Windows\system32\svchost.exe[1596] ntdll.dll!LdrLoadDll 772622AE 5 Bytes JMP 000E01F8
.text C:\Windows\system32\svchost.exe[1596] KERNEL32.dll!GetBinaryTypeW + 70 75D569E4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1596] USER32.dll!UnhookWindowsHookEx 7602ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\svchost.exe[1596] USER32.dll!UnhookWinEvent 7602B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\svchost.exe[1596] USER32.dll!SetWindowsHookExW 7602E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\svchost.exe[1596] USER32.dll!SetWinEventHook 760324DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\svchost.exe[1596] USER32.dll!SetWindowsHookExA 76056D0C 5 Bytes JMP 00100600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1612] kernel32.dll!GetBinaryTypeW + 70 75D569E4 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1616] kernel32.dll!GetBinaryTypeW + 70 75D569E4 1 Byte [62]
.text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1648] kernel32.dll!GetBinaryTypeW + 70 75D569E4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1732] kernel32.dll!GetBinaryTypeW + 70 75D569E4 1 Byte [62]
.text C:\Windows\Explorer.EXE[1800] kernel32.dll!GetBinaryTypeW + 70 75D569E4 1 Byte [62]
.text ...
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2372] ntdll.dll!LdrUnloadDll 7725C8DE 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2372] ntdll.dll!LdrLoadDll 772622AE 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2372] KERNEL32.dll!GetBinaryTypeW + 70 75D569E4 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2372] USER32.dll!UnhookWindowsHookEx 7602ADF9 5 Bytes JMP 001A0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2372] USER32.dll!UnhookWinEvent 7602B750 5 Bytes JMP 001A03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2372] USER32.dll!SetWindowsHookExW 7602E30C 5 Bytes JMP 001A0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2372] USER32.dll!SetWinEventHook 760324DC 5 Bytes JMP 001A01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2372] USER32.dll!SetWindowsHookExA 76056D0C 5 Bytes JMP 001A0600
.text C:\Program Files\Windows Sidebar\sidebar.exe[2512] ntdll.dll!LdrUnloadDll 7725C8DE 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[2512] ntdll.dll!LdrLoadDll 772622AE 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2512] KERNEL32.dll!GetBinaryTypeW + 70 75D569E4 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2512] USER32.dll!UnhookWindowsHookEx 7602ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[2512] USER32.dll!UnhookWinEvent 7602B750 5 Bytes JMP 002003FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[2512] USER32.dll!SetWindowsHookExW 7602E30C 5 Bytes JMP 00200804
.text C:\Program Files\Windows Sidebar\sidebar.exe[2512] USER32.dll!SetWinEventHook 760324DC 5 Bytes JMP 002001F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2512] USER32.dll!SetWindowsHookExA 76056D0C 5 Bytes JMP 00200600
.text C:\Windows\system32\AUDIODG.EXE[2772] kernel32.dll!GetBinaryTypeW + 70 75D569E4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2924] ntdll.dll!LdrUnloadDll 7725C8DE 5 Bytes JMP 000E03FC
.text C:\Windows\system32\svchost.exe[2924] ntdll.dll!LdrLoadDll 772622AE 5 Bytes JMP 000E01F8
.text C:\Windows\system32\svchost.exe[2924] KERNEL32.dll!GetBinaryTypeW + 70 75D569E4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2924] USER32.dll!UnhookWindowsHookEx 7602ADF9 5 Bytes JMP 00180A08
.text C:\Windows\system32\svchost.exe[2924] USER32.dll!UnhookWinEvent 7602B750 5 Bytes JMP 001803FC
.text C:\Windows\system32\svchost.exe[2924] USER32.dll!SetWindowsHookExW 7602E30C 5 Bytes JMP 00180804
.text C:\Windows\system32\svchost.exe[2924] USER32.dll!SetWinEventHook 760324DC 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[2924] USER32.dll!SetWindowsHookExA 76056D0C 5 Bytes JMP 00180600
.text C:\Program Files\Switcher\Switcher.exe[3240] ntdll.dll!LdrUnloadDll 7725C8DE 5 Bytes JMP 000D03FC
.text C:\Program Files\Switcher\Switcher.exe[3240] ntdll.dll!LdrLoadDll 772622AE 5 Bytes JMP 000D01F8
.text C:\Program Files\Switcher\Switcher.exe[3240] KERNEL32.dll!GetBinaryTypeW + 70 75D569E4 1 Byte [62]
.text C:\Program Files\Switcher\Switcher.exe[3240] USER32.dll!UnhookWindowsHookEx 7602ADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\Switcher\Switcher.exe[3240] USER32.dll!UnhookWinEvent 7602B750 5 Bytes JMP 000F03FC
.text C:\Program Files\Switcher\Switcher.exe[3240] USER32.dll!SetWindowsHookExW 7602E30C 5 Bytes JMP 000F0804
.text C:\Program Files\Switcher\Switcher.exe[3240] USER32.dll!SetWinEventHook 760324DC 5 Bytes JMP 000F01F8
.text C:\Program Files\Switcher\Switcher.exe[3240] USER32.dll!SetWindowsHookExA 76056D0C 5 Bytes JMP 000F0600
.text C:\Windows\system32\SearchIndexer.exe[3252] ntdll.dll!LdrUnloadDll 7725C8DE 5 Bytes JMP 000E03FC
.text C:\Windows\system32\SearchIndexer.exe[3252] ntdll.dll!LdrLoadDll 772622AE 5 Bytes JMP 000E01F8
.text C:\Windows\system32\SearchIndexer.exe[3252] KERNEL32.dll!GetBinaryTypeW + 70 75D569E4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3252] USER32.dll!UnhookWindowsHookEx 7602ADF9 5 Bytes JMP 00140A08
.text C:\Windows\system32\SearchIndexer.exe[3252] USER32.dll!UnhookWinEvent 7602B750 5 Bytes JMP 001403FC
.text C:\Windows\system32\SearchIndexer.exe[3252] USER32.dll!SetWindowsHookExW 7602E30C 5 Bytes JMP 00140804
.text C:\Windows\system32\SearchIndexer.exe[3252] USER32.dll!SetWinEventHook 760324DC 5 Bytes JMP 001401F8
.text C:\Windows\system32\SearchIndexer.exe[3252] USER32.dll!SetWindowsHookExA 76056D0C 5 Bytes JMP 00140600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3400] ntdll.dll!LdrUnloadDll 7725C8DE 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3400] ntdll.dll!LdrLoadDll 772622AE 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3400] KERNEL32.dll!GetBinaryTypeW + 70 75D569E4 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3400] USER32.dll!UnhookWindowsHookEx 7602ADF9 5 Bytes JMP 000D0A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3400] USER32.dll!UnhookWinEvent 7602B750 5 Bytes JMP 000D03FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3400] USER32.dll!SetWindowsHookExW 7602E30C 5 Bytes JMP 000D0804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3400] USER32.dll!SetWinEventHook 760324DC 5 Bytes JMP 000D01F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3400] USER32.dll!SetWindowsHookExA 76056D0C 5 Bytes JMP 000D0600
.text C:\Program Files\IDT\WDM\sttray.exe[3508] ntdll.dll!LdrUnloadDll 7725C8DE 5 Bytes JMP 001E03FC
.text C:\Program Files\IDT\WDM\sttray.exe[3508] ntdll.dll!LdrLoadDll 772622AE 5 Bytes JMP 001E01F8
.text C:\Program Files\IDT\WDM\sttray.exe[3508] KERNEL32.dll!GetBinaryTypeW + 70 75D569E4 1 Byte [62]
.text C:\Program Files\IDT\WDM\sttray.exe[3508] USER32.dll!UnhookWindowsHookEx 7602ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\IDT\WDM\sttray.exe[3508] USER32.dll!UnhookWinEvent 7602B750 5 Bytes JMP 001F03FC
.text C:\Program Files\IDT\WDM\sttray.exe[3508] USER32.dll!SetWindowsHookExW 7602E30C 5 Bytes JMP 001F0804
.text C:\Program Files\IDT\WDM\sttray.exe[3508] USER32.dll!SetWinEventHook 760324DC 5 Bytes JMP 001F01F8
.text C:\Program Files\IDT\WDM\sttray.exe[3508] USER32.dll!SetWindowsHookExA 76056D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3524] ntdll.dll!LdrUnloadDll 7725C8DE 5 Bytes JMP 002E03FC
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3524] ntdll.dll!LdrLoadDll 772622AE 5 Bytes JMP 002E01F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3524] KERNEL32.dll!GetBinaryTypeW + 70 75D569E4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3524] USER32.dll!UnhookWindowsHookEx 7602ADF9 5 Bytes JMP 00300A08
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3524] USER32.dll!UnhookWinEvent 7602B750 5 Bytes JMP 003003FC
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3524] USER32.dll!SetWindowsHookExW 7602E30C 5 Bytes JMP 00300804
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3524] USER32.dll!SetWinEventHook 760324DC 5 Bytes JMP 003001F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3524] USER32.dll!SetWindowsHookExA 76056D0C 5 Bytes JMP 00300600
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3532] ntdll.dll!LdrUnloadDll 7725C8DE 5 Bytes JMP 001E03FC
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3532] ntdll.dll!LdrLoadDll 772622AE 5 Bytes JMP 001E01F8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3532] KERNEL32.dll!GetBinaryTypeW + 70 75D569E4 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3532] USER32.dll!UnhookWindowsHookEx 7602ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3532] USER32.dll!UnhookWinEvent 7602B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3532] USER32.dll!SetWindowsHookExW 7602E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3532] USER32.dll!SetWinEventHook 760324DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3532] USER32.dll!SetWindowsHookExA 76056D0C 5 Bytes JMP 001F0600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3540] kernel32.dll!GetBinaryTypeW + 70 75D569E4 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3684] ntdll.dll!LdrUnloadDll 7725C8DE 5 Bytes JMP 001E03FC
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3684] ntdll.dll!LdrLoadDll 772622AE 5 Bytes JMP 001E01F8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3684] KERNEL32.dll!GetBinaryTypeW + 70 75D569E4 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3684] USER32.dll!UnhookWindowsHookEx 7602ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3684] USER32.dll!UnhookWinEvent 7602B750 5 Bytes JMP 002003FC
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3684] USER32.dll!SetWindowsHookExW 7602E30C 5 Bytes JMP 00200804
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3684] USER32.dll!SetWinEventHook 760324DC 5 Bytes JMP 002001F8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3684] USER32.dll!SetWindowsHookExA 76056D0C 5 Bytes JMP 00200600
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3816] ntdll.dll!LdrUnloadDll 7725C8DE 5 Bytes JMP 001E03FC
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3816] ntdll.dll!LdrLoadDll 772622AE 5 Bytes JMP 001E01F8
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3816] KERNEL32.dll!GetBinaryTypeW + 70 75D569E4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3816] USER32.dll!UnhookWindowsHookEx 7602ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3816] USER32.dll!UnhookWinEvent 7602B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3816] USER32.dll!SetWindowsHookExW 7602E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3816] USER32.dll!SetWinEventHook 760324DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3816] USER32.dll!SetWindowsHookExA 76056D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\wbem\wmiprvse.exe[3848] ntdll.dll!LdrUnloadDll 7725C8DE 5 Bytes JMP 001203FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3848] ntdll.dll!LdrLoadDll 772622AE 5 Bytes JMP 001201F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3848] KERNEL32.dll!GetBinaryTypeW + 70 75D569E4 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[3848] USER32.dll!UnhookWindowsHookEx 7602ADF9 5 Bytes JMP 00130A08
.text C:\Windows\system32\wbem\wmiprvse.exe[3848] USER32.dll!UnhookWinEvent 7602B750 5 Bytes JMP 001303FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3848] USER32.dll!SetWindowsHookExW 7602E30C 5 Bytes JMP 00130804
.text C:\Windows\system32\wbem\wmiprvse.exe[3848] USER32.dll!SetWinEventHook 760324DC 5 Bytes JMP 001301F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3848] USER32.dll!SetWindowsHookExA 76056D0C 5 Bytes JMP 00130600
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3988] ntdll.dll!LdrUnloadDll 7725C8DE 5 Bytes JMP 001E03FC
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3988] ntdll.dll!LdrLoadDll 772622AE 5 Bytes JMP 001E01F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3988] KERNEL32.dll!GetBinaryTypeW + 70 75D569E4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3988] USER32.dll!UnhookWindowsHookEx 7602ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3988] USER32.dll!UnhookWinEvent 7602B750 5 Bytes JMP 002003FC
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3988] USER32.dll!SetWindowsHookExW 7602E30C 5 Bytes JMP 00200804
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3988] USER32.dll!SetWinEventHook 760324DC 5 Bytes JMP 002001F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3988] USER32.dll!SetWindowsHookExA 76056D0C 5 Bytes JMP 00200600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4076] ntdll.dll!LdrUnloadDll 7725C8DE 5 Bytes JMP 001E03FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4076] ntdll.dll!LdrLoadDll 772622AE 5 Bytes JMP 001E01F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4076] KERNEL32.dll!GetBinaryTypeW + 70 75D569E4 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4076] USER32.dll!UnhookWindowsHookEx 7602ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4076] USER32.dll!UnhookWinEvent 7602B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4076] USER32.dll!SetWindowsHookExW 7602E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4076] USER32.dll!SetWinEventHook 760324DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4076] USER32.dll!SetWindowsHookExA 76056D0C 5 Bytes JMP 001F0600
.text C:\Windows\System32\svchost.exe[4248] ntdll.dll!LdrUnloadDll 7725C8DE 5 Bytes JMP 000E03FC
.text C:\Windows\System32\svchost.exe[4248] ntdll.dll!LdrLoadDll 772622AE 5 Bytes JMP 000E01F8
.text C:\Windows\System32\svchost.exe[4248] KERNEL32.dll!GetBinaryTypeW + 70 75D569E4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[4248] USER32.dll!UnhookWindowsHookEx 7602ADF9 5 Bytes JMP 00100A08
.text C:\Windows\System32\svchost.exe[4248] USER32.dll!UnhookWinEvent 7602B750 5 Bytes JMP 001003FC
.text C:\Windows\System32\svchost.exe[4248] USER32.dll!SetWindowsHookExW 7602E30C 5 Bytes JMP 00100804
.text C:\Windows\System32\svchost.exe[4248] USER32.dll!SetWinEventHook 760324DC 5 Bytes JMP 001001F8
.text C:\Windows\System32\svchost.exe[4248] USER32.dll!SetWindowsHookExA 76056D0C 5 Bytes JMP 00100600
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4584] ntdll.dll!LdrUnloadDll 7725C8DE 5 Bytes JMP 001E03FC
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4584] ntdll.dll!LdrLoadDll 772622AE 5 Bytes JMP 001E01F8
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4584] KERNEL32.dll!GetBinaryTypeW + 70 75D569E4 1 Byte [62]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4584] USER32.dll!UnhookWindowsHookEx 7602ADF9 5 Bytes JMP 001F0A08
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4584] USER32.dll!UnhookWinEvent 7602B750 5 Bytes JMP 001F03FC
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4584] USER32.dll!SetWindowsHookExW 7602E30C 5 Bytes JMP 001F0804
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4584] USER32.dll!SetWinEventHook 760324DC 5 Bytes JMP 001F01F8
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4584] USER32.dll!SetWindowsHookExA 76056D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\taskhost.exe[5204] kernel32.dll!GetBinaryTypeW + 70 75D569E4 1 Byte [62]
.text C:\Users\XXX\Desktop\gmer_2.1.19163.exe[5524] kernel32.dll!GetBinaryTypeW + 70 75D569E4 1 Byte [62]
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{807F35C4-4221-11E1-B7FB-806E6F6E6963} 3982442784
---- EOF - GMER 2.1 ----
|
|
01.10.2013, 23:38
| #2 | |
| /// the machine /// TB-Ausbilder    | Rechner langsamer, insb. Firefox startet langsamCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
02.10.2013, 21:17
| #3 |
| | Rechner langsamer, insb. Firefox startet langsam Getan:
__________________Code:
ATTFilter ComboFix 13-10-01.03 - XXX 02.10.2013 22:06:55.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3069.1970 [GMT 2:00]
ausgeführt von:: c:\users\XXX\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-09-02 bis 2013-10-02 ))))))))))))))))))))))))))))))
.
.
2013-10-02 20:13 . 2013-10-02 20:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-10-02 20:13 . 2013-10-02 20:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-10-02 20:13 . 2013-10-02 20:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-01 20:03 . 2013-10-01 20:03 -------- d-----w- C:\FRST
2013-09-18 20:08 . 2013-09-18 20:08 94208 ----a-w- c:\windows\system32\dpl100.dll
2013-09-16 18:11 . 2013-09-16 18:11 -------- d-----w- c:\windows\system32\Adobe
2013-09-16 18:09 . 2013-09-16 18:09 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-16 18:09 . 2013-09-16 18:09 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-11 19:29 . 2013-08-10 03:07 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-06 20:11 . 2013-09-06 20:39 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-30 07:48 . 2013-03-03 20:40 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2012-02-28 13:55 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2012-02-28 13:55 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2013-03-03 20:40 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2012-02-28 13:55 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-08-30 07:48 . 2012-02-28 13:55 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2012-02-28 13:55 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2012-02-28 13:55 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2012-02-16 22:19 41664 ----a-w- c:\windows\avastSS.scr
2013-08-30 07:47 . 2012-02-28 13:55 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-07-25 08:57 . 2013-08-13 18:31 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-19 01:41 . 2013-08-13 18:31 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-09 05:03 . 2013-08-13 18:31 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-09 05:03 . 2013-08-13 18:31 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-09 04:53 . 2013-08-13 18:31 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-07-09 04:52 . 2013-08-13 18:31 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 04:50 . 2013-08-13 18:31 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 04:46 . 2013-08-13 18:31 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 04:46 . 2013-08-13 18:31 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 04:46 . 2013-08-13 18:31 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-06 05:05 . 2013-08-13 18:31 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Switcher"="c:\program files\Switcher\Switcher.exe" [2007-10-28 425984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-23 495708]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 321080]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^XXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^XXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OUTLOOK - Verknüpfung.lnk]
path=c:\users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OUTLOOK - Verknüpfung.lnk
backup=c:\windows\pss\OUTLOOK - Verknüpfung.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplePhotoStreams]
2012-09-10 14:58 59280 ----a-w- c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-27 19:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 17:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2013-04-15 15:53 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-02-13 02:37 1263952 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices]
2012-08-29 12:00 59280 ----a-w- c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 17:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2013-04-18 23:45 1090912 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2013-03-20 12:38 162856 ----a-w- c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol]
2011-08-03 13:23 828944 ----a-w- c:\program files\TightVNC\tvnserver.exe
.
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 iscFlash;iscFlash;c:\swsetup\sp45138\iscflash.sys [2009-06-16 13312]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2012-04-05 3969336]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 131888]
R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [2011-09-07 59776]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [2009-03-02 81920]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-08-30 66336]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [2011-08-03 828944]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-22 107360]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-16 18:09]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\nlsgw1ek.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: network.proxy.ftp - 168.61.33.21
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 168.61.33.21
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 168.61.33.21
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 168.61.33.21
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
MSConfigStartUp-ThreatFire - c:\program files\ThreatFire\TFTray.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2368)
c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
Zeit der Fertigstellung: 2013-10-02 22:15:59
ComboFix-quarantined-files.txt 2013-10-02 20:15
.
Vor Suchlauf: 16 Verzeichnis(se), 137.856.114.688 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 137.770.029.056 Bytes frei
.
- - End Of File - - AEA2BA587D2286B3050293B6DFCCD8F2
A36C5E4F47E84449FF07ED3517B43A31
|
|
03.10.2013, 07:52
| #4 |
| /// the machine /// TB-Ausbilder | Rechner langsamer, insb. Firefox startet langsam Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.10.2013, 21:30
| #5 |
| | Rechner langsamer, insb. Firefox startet langsam Alles klärsche...Gruß Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.10.03.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16686 XXX:: PC [Administrator] 03.10.2013 16:31:15 mbam-log-2013-10-03 (16-31-15).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 227137 Laufzeit: 6 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v3.006 - Bericht erstellt am 03/10/2013 um 16:43:41
# Updated 01/10/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzername : XXX- PC
# Gestartet von : C:\UsersXXX\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\UsersXXX\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\UsersXXX\AppData\Roaming\OCS
Ordner Gelöscht : C:\UsersXXX\AppData\Roaming\software4u
Datei Gelöscht : C:\END
Datei Gelöscht : C:\UsersXXX\AppData\Roaming\Mozilla\Firefox\Profiles\nlsgw1ek.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_stickies[1]_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_stickies[1]_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\Software\Conduit
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16686
-\\ Mozilla Firefox v24.0 (de)
[ Datei : C:\UsersXXX\AppData\Roaming\Mozilla\Firefox\Profiles\nlsgw1ek.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [1864 octets] - [03/10/2013 16:40:47]
AdwCleaner[S0].txt - [1791 octets] - [03/10/2013 16:43:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1851 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 7 Ultimate x86
Ran by XXX on 03.10.2013 at 16:50:11,36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\XXX\AppData\Roaming\goforfiles"
~~~ FireFox
Emptied folder: C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\nlsgw1ek.default\minidumps [149 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.10.2013 at 16:52:38,77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by XXX (administrator) on PC on 03-10-2013 22:28:19
Running from C:\Users\XXX\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Bao_Nguyen) C:\Program Files\Switcher\Switcher.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [321080 2009-07-27] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKCU\...\Run: [Switcher] - C:\Program Files\Switcher\Switcher.exe [425984 2007-10-28] (Bao_Nguyen)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x15A32CCEE7ECCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
Toolbar: HKCU - No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\nlsgw1ek.default
FF DefaultSearchEngine: Google
FF Homepage: google.de
FF NetworkProxy: "backup.ftp", "65.125.155.90"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "65.125.155.90"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "65.125.155.90"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "168.61.33.21"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "168.61.33.21"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "168.61.33.21"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "168.61.33.21"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\nlsgw1ek.default\searchplugins\google-germany.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flashblock - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\nlsgw1ek.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF Extension: WOT - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\nlsgw1ek.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: No Name - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\nlsgw1ek.default\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi
FF Extension: No Name - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\nlsgw1ek.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
========================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [683696 2012-08-24] (Juniper Networks)
S3 npggsvc; C:\Windows\system32\GameMon.des [3969336 2012-04-05] (INCA Internet Co., Ltd.)
S3 Samsung UPD Service; C:\Windows\System32\SUPDSvc.exe [131888 2010-08-09] (Samsung Electronics CO., LTD.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe [229458 2010-03-23] (IDT, Inc.)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [828944 2011-08-03] (GlavSoft LLC.)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2012-08-24] (Juniper Networks)
S3 iscFlash; C:\SwSetup\sp45138\iscflash.sys [13312 2009-06-16] (Insyde Software)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [59776 2011-09-07] (SCM Microsystems Inc.)
S3 catchme; \??\C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-03 22:28 - 2013-10-03 22:28 - 01087213 _____ (Farbar) C:\Users\XXX\Desktop\FRST.exe
2013-10-03 16:50 - 2013-10-03 16:50 - 00000000 ____D C:\Windows\ERUNT
2013-10-03 16:49 - 2013-10-03 16:49 - 01030305 _____ (Thisisu) C:\Users\XXX\JRT.exe
2013-10-03 16:40 - 2013-10-03 16:43 - 00000000 ____D C:\AdwCleaner
2013-10-03 16:40 - 2013-10-03 16:40 - 01045226 _____ C:\Users\XXX\adwcleaner.exe
2013-10-02 22:18 - 2013-10-02 22:18 - 00000552 _____ C:\Windows\PFRO.log
2013-10-02 22:15 - 2013-10-02 22:15 - 00013924 _____ C:\ComboFix.txt
2013-10-02 21:59 - 2013-10-02 21:59 - 05132885 ____R (Swearware) C:\Users\XXX\ComboFix.exe
2013-10-02 21:54 - 2013-10-03 16:56 - 00000280 _____ C:\Windows\setupact.log
2013-10-02 21:54 - 2013-10-02 21:54 - 00000000 _____ C:\Windows\setuperr.log
2013-10-01 22:03 - 2013-10-01 22:03 - 00000000 ____D C:\FRST
2013-10-01 21:53 - 2013-10-01 21:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-21 19:58 - 2013-09-21 21:04 - 00000000 ____D C:\Users\XXX\Desktop\Frankreich2013
2013-09-18 22:08 - 2013-09-18 22:08 - 00094208 _____ (DivX, Inc.) C:\Windows\system32\dpl100.dll
2013-09-16 20:11 - 2013-09-16 20:11 - 00000000 ____D C:\Windows\system32\Adobe
2013-09-16 20:09 - 2013-10-03 20:03 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-16 20:09 - 2013-09-16 20:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-16 20:09 - 2013-09-16 20:09 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-12 23:07 - 2011-11-10 00:59 - 1458176000 _____ C:\Users\XXX\Desktop\Die.Frau.die.singt.avi
2013-09-11 21:29 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 21:29 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 21:28 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 21:28 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 21:28 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 21:28 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 21:28 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 21:28 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 21:28 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 21:28 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 21:28 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 21:28 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 21:28 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 21:28 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 21:28 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 21:28 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 21:17 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 21:16 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 21:16 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 21:16 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 21:16 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 21:16 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 21:16 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 21:16 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-10 00:33 - 2013-08-29 12:18 - 00000000 ____D C:\Users\XXX\Desktop\Sommer, Sonne, Kaktus! (Special Version)
2013-09-06 22:11 - 2013-09-06 22:39 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
==================== One Month Modified Files and Folders =======
2013-10-03 22:28 - 2013-10-03 22:28 - 01087213 _____ (Farbar) C:\Users\XXX\Desktop\FRST.exe
2013-10-03 22:11 - 2013-09-02 12:49 - 00000000 ____D C:\Users\XXX\Desktop\S-Block
2013-10-03 20:03 - 2013-09-16 20:09 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-03 19:11 - 2012-01-19 00:30 - 00000000 ____D C:\Users\XXX
2013-10-03 17:01 - 2009-07-14 06:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-03 17:01 - 2009-07-14 06:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-03 16:56 - 2013-10-02 21:54 - 00000280 _____ C:\Windows\setupact.log
2013-10-03 16:56 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-03 16:55 - 2012-01-19 00:25 - 01292360 _____ C:\Windows\WindowsUpdate.log
2013-10-03 16:50 - 2013-10-03 16:50 - 00000000 ____D C:\Windows\ERUNT
2013-10-03 16:49 - 2013-10-03 16:49 - 01030305 _____ (Thisisu) C:\Users\XXX\JRT.exe
2013-10-03 16:43 - 2013-10-03 16:40 - 00000000 ____D C:\AdwCleaner
2013-10-03 16:40 - 2013-10-03 16:40 - 01045226 _____ C:\Users\XXX\adwcleaner.exe
2013-10-02 22:18 - 2013-10-02 22:18 - 00000552 _____ C:\Windows\PFRO.log
2013-10-02 22:16 - 2012-12-21 16:18 - 00000000 ____D C:\Qoobox
2013-10-02 22:15 - 2013-10-02 22:15 - 00013924 _____ C:\ComboFix.txt
2013-10-02 22:14 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-10-02 21:59 - 2013-10-02 21:59 - 05132885 ____R (Swearware) C:\Users\XXX\ComboFix.exe
2013-10-02 21:54 - 2013-10-02 21:54 - 00000000 _____ C:\Windows\setuperr.log
2013-10-02 21:54 - 2012-07-11 23:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-01 22:03 - 2013-10-01 22:03 - 00000000 ____D C:\FRST
2013-10-01 22:00 - 2009-10-14 05:07 - 00000000 ____D C:\Windows\Panther
2013-10-01 21:59 - 2012-02-19 21:44 - 00000000 ____D C:\Program Files\CCleaner
2013-10-01 21:53 - 2013-10-01 21:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-01 21:53 - 2012-02-16 23:33 - 00000000 ____D C:\Users\XXX\AppData\Local\Mozilla
2013-09-26 18:21 - 2012-03-01 16:20 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2013-09-26 18:21 - 2012-02-18 23:25 - 00000000 ____D C:\Program Files\DivX
2013-09-26 18:21 - 2012-02-18 23:24 - 00000000 ____D C:\ProgramData\DivX
2013-09-25 21:28 - 2012-12-30 16:44 - 00000000 ____D C:\Users\XXX\AppData\Roaming\ICQ
2013-09-25 09:03 - 2012-02-16 23:28 - 00653540 _____ C:\Windows\system32\perfh01D.dat
2013-09-25 09:03 - 2012-02-16 23:28 - 00141360 _____ C:\Windows\system32\perfc01D.dat
2013-09-25 09:03 - 2012-01-19 00:26 - 02406826 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-24 22:48 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-21 23:17 - 2012-03-01 20:09 - 00000000 ____D C:\Users\XXX\AppData\Roaming\vlc
2013-09-21 21:04 - 2013-09-21 19:58 - 00000000 ____D C:\Users\XXX\Desktop\Frankreich2013
2013-09-21 20:50 - 2012-02-21 23:48 - 00000000 ____D C:\Users\XXX\AppData\Roaming\Dropbox
2013-09-21 20:04 - 2012-02-21 23:50 - 00000000 ___RD C:\Users\XXX\Dropbox
2013-09-21 20:03 - 2012-02-21 23:49 - 00000000 ____D C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-09-20 00:04 - 2013-03-18 23:06 - 00000000 ____D C:\Users\XXX\Desktop\Pool
2013-09-18 22:08 - 2013-09-18 22:08 - 00094208 _____ (DivX, Inc.) C:\Windows\system32\dpl100.dll
2013-09-16 20:11 - 2013-09-16 20:11 - 00000000 ____D C:\Windows\system32\Adobe
2013-09-16 20:10 - 2012-02-18 22:52 - 00000000 ____D C:\Users\XXX\AppData\Local\Adobe
2013-09-16 20:09 - 2013-09-16 20:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-16 20:09 - 2013-09-16 20:09 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-16 20:02 - 2012-02-16 22:34 - 00000000 ____D C:\Windows\system32\Macromed
2013-09-13 11:52 - 2012-02-20 21:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 11:51 - 2012-02-20 21:47 - 00002685 _____ C:\Users\XXX\Desktop\Microsoft Office Excel 2007.lnk
2013-09-13 11:44 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-12 22:35 - 2009-07-14 06:33 - 03846296 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 00:22 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\sv-SE
2013-09-12 00:22 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-11 21:27 - 2013-07-11 09:40 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 21:19 - 2009-10-14 04:21 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-06 22:39 - 2013-09-06 22:11 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-06 10:24 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
Files to move or delete:
====================
C:\Users\XXX\adwcleaner.exe
C:\Users\XXX\aswclear5.exe
C:\Users\XXX\ComboFix.exe
C:\Users\XXX\ICQ 7.7 Build #6547 Banner Remover.exe
C:\Users\XXX\JRT.exe
Some content of TEMP:
====================
C:\Users\XXX\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-21 20:35
==================== End Of Log ============================
--- --- --- --- --- --- |
|
04.10.2013, 02:17
| #6 |
| /// the machine /// TB-Ausbilder | Rechner langsamer, insb. Firefox startet langsamESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Rechner langsamer, insb. Firefox startet langsam |
|
04.10.2013, 13:25
| #7 |
| | Rechner langsamer, insb. Firefox startet langsam ESET: Code:
ATTFilter C:\UsersXXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CCVPCU74\yontoosetup[1].exe multiple threats
C:\UsersXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5fcafb4a-735a99e2 Java/Exploit.Agent.OCD trojan
C:\UsersXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\529c0435-4200c645 Java/Exploit.Agent.OCF trojan
C:\UsersXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\3f09ba06-5a6dd7a8 multiple threats
C:\UsersXXX\AppData\Roaming\Apple Computer\MobileSync\Backup\fece9c9dae07c0378dea14bb31da1632161e557c\518279ed366a689e085b524e4822a5478c9757ad Win32/Trustezeb.E trojan
C:\UsersXXX\AppData\Roaming\Apple Computer\MobileSync\Backup\fece9c9dae07c0378dea14bb31da1632161e557c\ec62fa1a407b4d9c6fad6c71b92a04ddd74ea468 Win32/Trustezeb.E trojan
Code:
ATTFilter Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 CCleaner Java 7 Update 25 Adobe Flash Player 11.8.800.168 Adobe Reader XI Mozilla Firefox (24.0) ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by XXX (administrator) on PC on 04-10-2013 14:21:00
Running from C:\Users\XXX\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Bao_Nguyen) C:\Program Files\Switcher\Switcher.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [321080 2009-07-27] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKCU\...\Run: [Switcher] - C:\Program Files\Switcher\Switcher.exe [425984 2007-10-28] (Bao_Nguyen)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x15A32CCEE7ECCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
Toolbar: HKCU - No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\nlsgw1ek.default
FF DefaultSearchEngine: Google
FF Homepage: google.de
FF NetworkProxy: "backup.ftp", "65.125.155.90"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "65.125.155.90"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "65.125.155.90"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "168.61.33.21"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "168.61.33.21"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "168.61.33.21"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "168.61.33.21"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\nlsgw1ek.default\searchplugins\google-germany.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flashblock - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\nlsgw1ek.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF Extension: WOT - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\nlsgw1ek.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: No Name - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\nlsgw1ek.default\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi
FF Extension: No Name - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\nlsgw1ek.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
========================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [683696 2012-08-24] (Juniper Networks)
S3 npggsvc; C:\Windows\system32\GameMon.des [3969336 2012-04-05] (INCA Internet Co., Ltd.)
S3 Samsung UPD Service; C:\Windows\System32\SUPDSvc.exe [131888 2010-08-09] (Samsung Electronics CO., LTD.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe [229458 2010-03-23] (IDT, Inc.)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [828944 2011-08-03] (GlavSoft LLC.)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2012-08-24] (Juniper Networks)
S3 iscFlash; C:\SwSetup\sp45138\iscflash.sys [13312 2009-06-16] (Insyde Software)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [59776 2011-09-07] (SCM Microsystems Inc.)
S3 catchme; \??\C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-04 14:20 - 2013-10-04 14:20 - 01087213 _____ (Farbar) C:\Users\XXX\Desktop\FRST.exe
2013-10-04 14:19 - 2013-10-04 14:19 - 00000849 _____ C:\Users\XXX\Desktop\checkup.txt
2013-10-04 14:09 - 2013-10-04 14:09 - 00891144 _____ C:\Users\XXX\Desktop\SecurityCheck.exe
2013-10-04 14:07 - 2013-10-04 14:09 - 00000784 _____ C:\Users\XXX\Desktop\ESET.txt
2013-10-04 10:31 - 2013-10-04 10:31 - 00000000 ____D C:\Program Files\ESET
2013-10-04 10:30 - 2013-10-04 10:30 - 02347384 _____ (ESET) C:\Users\XXX\Desktop\esetsmartinstaller_enu.exe
2013-10-03 16:50 - 2013-10-03 16:50 - 00000000 ____D C:\Windows\ERUNT
2013-10-03 16:49 - 2013-10-03 16:49 - 01030305 _____ (Thisisu) C:\Users\XXX\JRT.exe
2013-10-03 16:40 - 2013-10-03 16:43 - 00000000 ____D C:\AdwCleaner
2013-10-03 16:40 - 2013-10-03 16:40 - 01045226 _____ C:\Users\XXX\adwcleaner.exe
2013-10-02 22:18 - 2013-10-02 22:18 - 00000552 _____ C:\Windows\PFRO.log
2013-10-02 22:15 - 2013-10-02 22:15 - 00013924 _____ C:\ComboFix.txt
2013-10-02 21:59 - 2013-10-02 21:59 - 05132885 ____R (Swearware) C:\Users\XXX\ComboFix.exe
2013-10-02 21:54 - 2013-10-04 10:03 - 00000336 _____ C:\Windows\setupact.log
2013-10-02 21:54 - 2013-10-02 21:54 - 00000000 _____ C:\Windows\setuperr.log
2013-10-01 22:03 - 2013-10-01 22:03 - 00000000 ____D C:\FRST
2013-10-01 21:53 - 2013-10-01 21:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-21 19:58 - 2013-09-21 21:04 - 00000000 ____D C:\Users\XXX\Desktop\Frankreich2013
2013-09-18 22:08 - 2013-09-18 22:08 - 00094208 _____ (DivX, Inc.) C:\Windows\system32\dpl100.dll
2013-09-16 20:11 - 2013-09-16 20:11 - 00000000 ____D C:\Windows\system32\Adobe
2013-09-16 20:09 - 2013-10-04 14:03 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-16 20:09 - 2013-09-16 20:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-16 20:09 - 2013-09-16 20:09 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-12 23:07 - 2011-11-10 00:59 - 1458176000 _____ C:\Users\XXX\Desktop\Die.Frau.die.singt.avi
2013-09-11 21:29 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 21:29 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 21:28 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 21:28 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 21:28 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 21:28 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 21:28 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 21:28 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 21:28 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 21:28 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 21:28 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 21:28 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 21:28 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 21:28 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 21:28 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 21:28 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 21:17 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 21:16 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 21:16 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 21:16 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 21:16 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 21:16 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 21:16 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 21:16 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 21:16 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-10 00:33 - 2013-08-29 12:18 - 00000000 ____D C:\Users\XXX\Desktop\Sommer, Sonne, Kaktus! (Special Version)
2013-09-06 22:11 - 2013-09-06 22:39 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
==================== One Month Modified Files and Folders =======
2013-10-04 14:20 - 2013-10-04 14:20 - 01087213 _____ (Farbar) C:\Users\XXX\Desktop\FRST.exe
2013-10-04 14:19 - 2013-10-04 14:19 - 00000849 _____ C:\Users\XXX\Desktop\checkup.txt
2013-10-04 14:09 - 2013-10-04 14:09 - 00891144 _____ C:\Users\XXX\Desktop\SecurityCheck.exe
2013-10-04 14:09 - 2013-10-04 14:07 - 00000784 _____ C:\Users\XXX\Desktop\ESET.txt
2013-10-04 14:03 - 2013-09-16 20:09 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-04 12:10 - 2012-01-19 00:25 - 01296767 _____ C:\Windows\WindowsUpdate.log
2013-10-04 10:31 - 2013-10-04 10:31 - 00000000 ____D C:\Program Files\ESET
2013-10-04 10:30 - 2013-10-04 10:30 - 02347384 _____ (ESET) C:\Users\XXX\Desktop\esetsmartinstaller_enu.exe
2013-10-04 10:08 - 2009-07-14 06:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-04 10:08 - 2009-07-14 06:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-04 10:03 - 2013-10-02 21:54 - 00000336 _____ C:\Windows\setupact.log
2013-10-04 10:03 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-03 22:11 - 2013-09-02 12:49 - 00000000 ____D C:\Users\XXX\Desktop\S-Block
2013-10-03 19:11 - 2012-01-19 00:30 - 00000000 ____D C:\Users\XXX
2013-10-03 16:50 - 2013-10-03 16:50 - 00000000 ____D C:\Windows\ERUNT
2013-10-03 16:49 - 2013-10-03 16:49 - 01030305 _____ (Thisisu) C:\Users\XXX\JRT.exe
2013-10-03 16:43 - 2013-10-03 16:40 - 00000000 ____D C:\AdwCleaner
2013-10-03 16:40 - 2013-10-03 16:40 - 01045226 _____ C:\Users\XXX\adwcleaner.exe
2013-10-02 22:18 - 2013-10-02 22:18 - 00000552 _____ C:\Windows\PFRO.log
2013-10-02 22:16 - 2012-12-21 16:18 - 00000000 ____D C:\Qoobox
2013-10-02 22:15 - 2013-10-02 22:15 - 00013924 _____ C:\ComboFix.txt
2013-10-02 22:14 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-10-02 21:59 - 2013-10-02 21:59 - 05132885 ____R (Swearware) C:\Users\XXX\ComboFix.exe
2013-10-02 21:54 - 2013-10-02 21:54 - 00000000 _____ C:\Windows\setuperr.log
2013-10-02 21:54 - 2012-07-11 23:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-01 22:03 - 2013-10-01 22:03 - 00000000 ____D C:\FRST
2013-10-01 22:00 - 2009-10-14 05:07 - 00000000 ____D C:\Windows\Panther
2013-10-01 21:59 - 2012-02-19 21:44 - 00000000 ____D C:\Program Files\CCleaner
2013-10-01 21:53 - 2013-10-01 21:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-01 21:53 - 2012-02-16 23:33 - 00000000 ____D C:\Users\XXX\AppData\Local\Mozilla
2013-09-26 18:21 - 2012-03-01 16:20 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2013-09-26 18:21 - 2012-02-18 23:25 - 00000000 ____D C:\Program Files\DivX
2013-09-26 18:21 - 2012-02-18 23:24 - 00000000 ____D C:\ProgramData\DivX
2013-09-25 21:28 - 2012-12-30 16:44 - 00000000 ____D C:\Users\XXX\AppData\Roaming\ICQ
2013-09-25 09:03 - 2012-02-16 23:28 - 00653540 _____ C:\Windows\system32\perfh01D.dat
2013-09-25 09:03 - 2012-02-16 23:28 - 00141360 _____ C:\Windows\system32\perfc01D.dat
2013-09-25 09:03 - 2012-01-19 00:26 - 02406826 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-24 22:48 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-21 23:17 - 2012-03-01 20:09 - 00000000 ____D C:\Users\XXX\AppData\Roaming\vlc
2013-09-21 21:04 - 2013-09-21 19:58 - 00000000 ____D C:\Users\XXX\Desktop\Frankreich2013
2013-09-21 20:50 - 2012-02-21 23:48 - 00000000 ____D C:\Users\XXX\AppData\Roaming\Dropbox
2013-09-21 20:04 - 2012-02-21 23:50 - 00000000 ___RD C:\Users\XXX\Dropbox
2013-09-21 20:03 - 2012-02-21 23:49 - 00000000 ____D C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-09-20 00:04 - 2013-03-18 23:06 - 00000000 ____D C:\Users\XXX\Desktop\Pool
2013-09-18 22:08 - 2013-09-18 22:08 - 00094208 _____ (DivX, Inc.) C:\Windows\system32\dpl100.dll
2013-09-16 20:11 - 2013-09-16 20:11 - 00000000 ____D C:\Windows\system32\Adobe
2013-09-16 20:10 - 2012-02-18 22:52 - 00000000 ____D C:\Users\XXX\AppData\Local\Adobe
2013-09-16 20:09 - 2013-09-16 20:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-16 20:09 - 2013-09-16 20:09 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-16 20:02 - 2012-02-16 22:34 - 00000000 ____D C:\Windows\system32\Macromed
2013-09-13 11:52 - 2012-02-20 21:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 11:51 - 2012-02-20 21:47 - 00002685 _____ C:\Users\XXX\Desktop\Microsoft Office Excel 2007.lnk
2013-09-13 11:44 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-12 22:35 - 2009-07-14 06:33 - 03846296 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 00:22 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\sv-SE
2013-09-12 00:22 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-11 21:27 - 2013-07-11 09:40 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 21:19 - 2009-10-14 04:21 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-06 22:39 - 2013-09-06 22:11 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-06 10:24 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
Files to move or delete:
====================
C:\Users\XXX\adwcleaner.exe
C:\Users\XXX\aswclear5.exe
C:\Users\XXX\ComboFix.exe
C:\Users\XXX\ICQ 7.7 Build #6547 Banner Remover.exe
C:\Users\XXX\JRT.exe
Some content of TEMP:
====================
C:\Users\XXX\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-04 12:14
==================== End Of Log ============================
|
|
05.10.2013, 09:58
| #8 |
| /// the machine /// TB-Ausbilder | Rechner langsamer, insb. Firefox startet langsam Handy Backup löschen. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter FF NetworkProxy: "backup.ftp", "65.125.155.90"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "65.125.155.90"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "65.125.155.90"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "168.61.33.21"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "168.61.33.21"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "168.61.33.21"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "168.61.33.21"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 4
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.10.2013, 21:05
| #9 |
| | Rechner langsamer, insb. Firefox startet langsam Fixlog-Datei wurde erstellt, jedoch durch DelFix gelöscht, bevor ichs dir posten konnte  Vergessen, dass die ja mit gelöscht wird...Alles andere ist getan! Zwei Fragen: 1.) Was war denn eigtl mit meinem System? 2.) Was ist mit den ESET-Funden? Ansonsten scheint soweit alles in Ordnung zu sein  |
|
06.10.2013, 16:16
| #10 |
| /// the machine /// TB-Ausbilder | Rechner langsamer, insb. Firefox startet langsam En Haufen Adware. Das war dein handy Backup, oben erwähnt, und Java Cache, dafür TFC
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Rechner langsamer, insb. Firefox startet langsam |
| adobe, bonjour, ccsetup, device driver, email, farbar, farbar recovery scan tool, fehler, firefox, homepage, java/exploit.agent.ocd, java/exploit.agent.ocf, launch, ntdll.dll, plug-in, registry, services.exe, software, svchost.exe, taskhost.exe, temp, udp, warnung, win32/trustezeb.e, windows |
Linear-Darstellung
