|
Log-Analyse und Auswertung: Langsamer PC und (kurzer) Log - für Schädlings-Noob... Was davon muss weg?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.02.2014, 10:32 | #1 | |
| Langsamer PC und (kurzer) Log - für Schädlings-Noob... Was davon muss weg? Guten Tag. Um die Klischees zu Beginn zu bestätigen: Ich bin weiblich, 24 Jahre alt, und habe leider keine Ahnung von digitalen Schädlingen (beschäftige mich mehr mit dem biologischen Korrelat derselben^^). Ich wäre unheimlich dankbar, wenn jemand diese(n/s) "LOG" durchsehen könnte und mir sagen, was davon ich löschen muss... Zumindest den Nero Wave Editor würde ich gerne behalten, wenn er nicht schadet? Herzlichen Dank für jede Hilfe. <3 Zitat:
|
02.02.2014, 11:26 | #2 |
Ruhe in Frieden † 2019 | Langsamer PC und (kurzer) Log - für Schädlings-Noob... Was davon muss weg?Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst. Ich bedanke mich für deine Geduld Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke. Dazu:
Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
02.02.2014, 12:37 | #3 |
| Langsamer PC und (kurzer) Log - für Schädlings-Noob... Was davon muss weg? Danke, Sandra.
__________________Ich weiß nicht, wie eine "Formatierung" funktioniert... Würde das nicht alle Dateien löschen? Eigentlich bin ich nur schockiert über die "vielen" gefundenen schädlichen Dateien... und der Laptop war auch mal deutlich schneller... Also, ich hoffe, ich mache das jetzt richtig: (Habe alles in eine Antwort getan... Wie lang ist denn "zu lang"?) FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04 Ran by D (administrator) on D-HP on 02-02-2014 11:37:46 Running from C:\Users\D\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\stacsv64.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Adobe Systems Incorporated) C:\Users\D\Photoshop\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe () C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe () C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Users\D\Photoshop\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (Dropbox, Inc.) C:\Users\D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe () C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Adobe Sytems Incorporated) C:\Users\D\Photoshop\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Nike) C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated) HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-17] (IDT, Inc.) HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-03-01] (Hewlett-Packard Company) HKLM-x32\...\Run: [Guard.Mail.ru.gui] - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-06-16] () HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [Adobe Version Cue CS2] - c:\Users\D\Photoshop\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated) HKLM-x32\...\Run: [Nike+ Connect] - C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe [70656 2013-12-11] (Nike) HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-14] (Hewlett-Packard) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKU\S-1-5-21-2056859972-708226903-381187822-1001\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3478336 2012-01-24] (DT Soft Ltd) Startup: C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046} URLSearchHook: HKCU - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: ICQ Sparberater - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\gng2rvvs.default-1383406463183 FF SelectedSearchEngine: Google FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1))%20%7B%20return%20'PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF SearchPlugin: C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\gng2rvvs.default-1383406463183\searchplugins\11-suche.xml FF SearchPlugin: C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\gng2rvvs.default-1383406463183\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\gng2rvvs.default-1383406463183\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\gng2rvvs.default-1383406463183\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\gng2rvvs.default-1383406463183\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ProxMate - Proxy on steroids! - C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\gng2rvvs.default-1383406463183\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-11-02] FF Extension: Adblock Plus - C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\gng2rvvs.default-1383406463183\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-02] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-11] FF HKCU\...\Firefox\Extensions: [firejump@firejump.net] - C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\bcsu571q.default\extensions\firejump@firejump.net FF HKCU\...\Firefox\Extensions: [mail@gutscheinrausch.de] - C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\bcsu571q.default\extensions\mail@gutscheinrausch.de FF HKCU\...\Firefox\Extensions: [happylyrics@hpyproductions.net] - C:\Program Files (x86)\HappyLyrics\FF\ ==================== Services (Whitelisted) ================= S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-02-04] (Adobe Systems) R2 Adobe Version Cue CS2; c:\Users\D\Photoshop\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated) R2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-29] (Avira Operations GmbH & Co. KG) R2 Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-06-16] () R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [264248 2010-03-01] (Hewlett-Packard Company) R2 ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [247872 2012-03-20] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2010-03-06] (PDF Complete Inc) R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [244736 2010-03-17] (IDT, Inc.) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-29] (Avira Operations GmbH & Co. KG) S2 DgiVecp; C:\windows\system32\Drivers\DgiVecp.sys [53816 2009-03-25] (Samsung Electronics Co., Ltd.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-14] (DT Soft Ltd) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-06-22] () R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564792 2012-02-04] (Duplex Secure Ltd.) U3 ag6ljam3; C:\Windows\System32\Drivers\ag6ljam3.sys [0 ] (Advanced Micro Devices) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-02 11:37 - 2014-02-02 11:38 - 00018179 _____ () C:\Users\D\Downloads\FRST.txt 2014-02-02 11:37 - 2014-02-02 11:37 - 00000000 ____D () C:\FRST 2014-02-02 11:36 - 2014-02-02 11:36 - 02080256 _____ (Farbar) C:\Users\D\Downloads\FRST64.exe 2014-02-02 08:17 - 2014-02-02 08:17 - 00000000 ____D () C:\Users\D\AppData\Roaming\Malwarebytes 2014-02-02 08:16 - 2014-02-02 08:16 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-02 08:16 - 2014-02-02 08:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-02 08:16 - 2014-02-02 08:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-02-02 08:16 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-02-02 08:06 - 2014-02-02 08:07 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\D\Downloads\mbam-setup-1.75.0.1300.exe 2014-02-01 10:31 - 2014-02-01 10:32 - 00000000 ____D () C:\Users\D\Desktop\carry on 2014-01-22 21:18 - 2014-01-22 21:25 - 00000000 ____D () C:\Users\D\Documents\Wohngeld 2014-01-20 21:19 - 2014-02-01 12:58 - 00003162 _____ () C:\windows\System32\Tasks\HPCeeScheduleForD 2014-01-15 21:45 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys 2014-01-15 21:45 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2014-01-15 21:45 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys 2014-01-15 21:45 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys 2014-01-15 21:45 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys 2014-01-15 21:45 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys 2014-01-15 21:45 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys 2014-01-15 21:45 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys 2014-01-15 21:45 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-01-10 23:15 - 2014-01-10 23:15 - 00000000 ____D () C:\ProgramData\Nike 2014-01-10 23:15 - 2014-01-10 23:15 - 00000000 ____D () C:\Program Files (x86)\Nike 2014-01-10 23:04 - 2014-01-10 23:04 - 17934352 _____ (Nike) C:\Users\D\Downloads\Nike+Connect_Installer.exe 2014-01-04 12:35 - 2014-01-09 18:50 - 00000000 ____D () C:\Users\D\Documents\LONDON ==================== One Month Modified Files and Folders ======= 2014-02-02 11:38 - 2014-02-02 11:37 - 00018179 _____ () C:\Users\D\Downloads\FRST.txt 2014-02-02 11:37 - 2014-02-02 11:37 - 00000000 ____D () C:\FRST 2014-02-02 11:36 - 2014-02-02 11:36 - 02080256 _____ (Farbar) C:\Users\D\Downloads\FRST64.exe 2014-02-02 11:16 - 2012-11-22 21:08 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-02-02 09:52 - 2011-03-18 18:12 - 01776585 _____ () C:\windows\WindowsUpdate.log 2014-02-02 08:17 - 2014-02-02 08:17 - 00000000 ____D () C:\Users\D\AppData\Roaming\Malwarebytes 2014-02-02 08:16 - 2014-02-02 08:16 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-02 08:16 - 2014-02-02 08:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-02 08:16 - 2014-02-02 08:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-02-02 08:07 - 2014-02-02 08:06 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\D\Downloads\mbam-setup-1.75.0.1300.exe 2014-02-02 08:00 - 2009-07-14 05:45 - 00019536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-02 08:00 - 2009-07-14 05:45 - 00019536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-02 07:59 - 2010-12-08 23:40 - 00654400 _____ () C:\windows\system32\perfh007.dat 2014-02-02 07:59 - 2010-12-08 23:40 - 00130240 _____ () C:\windows\system32\perfc007.dat 2014-02-02 07:59 - 2009-07-14 06:13 - 01498742 _____ () C:\windows\system32\PerfStringBackup.INI 2014-02-02 07:54 - 2011-09-05 19:06 - 00000000 ____D () C:\Users\D\AppData\Roaming\Dropbox 2014-02-02 07:53 - 2011-09-05 19:08 - 00000000 ___RD () C:\Users\D\Dropbox 2014-02-02 07:51 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-02-02 07:51 - 2009-07-14 05:51 - 00145967 _____ () C:\windows\setupact.log 2014-02-01 22:55 - 2013-11-12 23:31 - 00222351 _____ () C:\windows\IE11_main.log 2014-02-01 12:58 - 2014-01-20 21:19 - 00003162 _____ () C:\windows\System32\Tasks\HPCeeScheduleForD 2014-02-01 12:58 - 2013-10-14 23:07 - 00000316 _____ () C:\windows\Tasks\HPCeeScheduleForD.job 2014-02-01 10:32 - 2014-02-01 10:31 - 00000000 ____D () C:\Users\D\Desktop\carry on 2014-02-01 10:31 - 2012-05-28 14:43 - 01242112 ___SH () C:\Users\D\Desktop\Thumbs.db 2014-02-01 08:56 - 2009-07-14 06:08 - 00032632 _____ () C:\windows\Tasks\SCHEDLGU.TXT 2014-01-31 11:13 - 2013-03-02 12:16 - 00000000 ___HD () C:\jexepackres 2014-01-30 10:03 - 2013-10-28 01:28 - 00000000 ____D () C:\Users\D\Documents\Tom 2014-01-27 23:40 - 2011-12-05 22:45 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log 2014-01-22 21:25 - 2014-01-22 21:18 - 00000000 ____D () C:\Users\D\Documents\Wohngeld 2014-01-16 16:51 - 2009-07-14 05:45 - 05049568 _____ () C:\windows\system32\FNTCACHE.DAT 2014-01-16 00:03 - 2011-08-03 12:59 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-01-16 00:01 - 2013-07-13 00:01 - 00000000 ____D () C:\windows\system32\MRT 2014-01-15 23:57 - 2011-07-30 21:31 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-01-10 23:15 - 2014-01-10 23:15 - 00000000 ____D () C:\ProgramData\Nike 2014-01-10 23:15 - 2014-01-10 23:15 - 00000000 ____D () C:\Program Files (x86)\Nike 2014-01-10 23:04 - 2014-01-10 23:04 - 17934352 _____ (Nike) C:\Users\D\Downloads\Nike+Connect_Installer.exe 2014-01-09 23:16 - 2012-02-04 14:52 - 00000000 ____D () C:\Users\D\AppData\Local\CrashDumps 2014-01-09 18:50 - 2014-01-04 12:35 - 00000000 ____D () C:\Users\D\Documents\LONDON 2014-01-07 17:02 - 2011-07-30 19:46 - 00000000 ___RD () C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-07 17:01 - 2011-09-05 19:07 - 00000000 ____D () C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-05 13:30 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF Some content of TEMP: ==================== C:\Users\D\AppData\Local\Temp\AskSLib.dll C:\Users\D\AppData\Local\Temp\avgnt.exe C:\Users\D\AppData\Local\Temp\BunndleOfferManager.dll C:\Users\D\AppData\Local\Temp\CWPCUNLR.dll C:\Users\D\AppData\Local\Temp\Extract.exe C:\Users\D\AppData\Local\Temp\HPQSi.exe C:\Users\D\AppData\Local\Temp\IPx64_1031.exe C:\Users\D\AppData\Local\Temp\MSN2415.exe C:\Users\D\AppData\Local\Temp\SkypeSetup.exe C:\Users\D\AppData\Local\Temp\SpotifyUpgrader.exe C:\Users\D\AppData\Local\Temp\~SpUnin~.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-19 17:51 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2014 04 Ran by D at 2014-02-02 11:38:48 Running from C:\Users\D\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (x32 Version: - Microsoft) 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov) ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden Adobe AIR (x32 Version: 2.7.0.19530 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 2.7.0.19530 - Adobe Systems Incorporated) Hidden Adobe Bridge 1.0 (x32 Version: 001.000.001 - Adobe Systems) Hidden Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden Adobe Creative Suite 2 (x32 Version: - ) Adobe Download Assistant (x32 Version: 1.0.3 - Adobe Systems Incorporated) Adobe Download Assistant (x32 Version: 1.0.3 - Adobe Systems Incorporated) Hidden Adobe Flash Player 10 ActiveX (x32 Version: 10.0.32.18 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated) Adobe Help Center 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden Adobe Illustrator CS2 (x32 Version: 12.000.000 - Adobe Systems Inc.) Hidden Adobe InDesign CS2 (x32 Version: 004.000.000 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden Adobe Photoshop CS5.1 (x32 Version: 12.1 - Adobe Systems Incorporated) Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden Adobe SVG Viewer 3.0 (x32 Version: 3.0 - Adobe Systems, Inc.) Adobe Version Cue CS2 (x32 Version: 2.0 - Adobe Systems, Inc.) Hidden Amazon Kindle (HKCU Version: - Amazon) AstroViewer 3.1.6 (x32 Version: - Dirk Matussek) ATI Catalyst Install Manager (Version: 3.0.778.0 - ATI Technologies, Inc.) Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira) Broadcom 2070 Bluetooth 3.0 (Version: 6.3.0.6300 - Broadcom Corporation) Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.350.6 - Broadcom Corporation) calibre (x32 Version: 0.9.33 - Kovid Goyal) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2010.0805.358.5180 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2010.0805.358.5180 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2010.0805.0357.5180 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2010.0805.0357.5180 - ATI) Hidden CCC Help Czech (x32 Version: 2010.0805.0357.5180 - ATI) Hidden CCC Help Danish (x32 Version: 2010.0805.0357.5180 - ATI) Hidden CCC Help Dutch (x32 Version: 2010.0805.0357.5180 - ATI) Hidden CCC Help English (x32 Version: 2010.0805.0357.5180 - ATI) Hidden CCC Help Finnish (x32 Version: 2010.0805.0357.5180 - ATI) Hidden CCC Help French (x32 Version: 2010.0805.0357.5180 - ATI) Hidden CCC Help German (x32 Version: 2010.0805.0357.5180 - ATI) Hidden CCC Help Greek (x32 Version: 2010.0805.0357.5180 - ATI) Hidden CCC Help Hungarian (x32 Version: 2010.0805.0357.5180 - ATI) Hidden CCC Help Italian (x32 Version: 2010.0805.0357.5180 - ATI) Hidden CCC Help Japanese (x32 Version: 2010.0805.0357.5180 - ATI) Hidden CCC Help Korean (x32 Version: 2010.0805.0357.5180 - ATI) Hidden CCC Help Norwegian (x32 Version: 2010.0805.0357.5180 - ATI) Hidden CCC Help Polish (x32 Version: 2010.0805.0357.5180 - ATI) Hidden CCC Help Portuguese (x32 Version: 2010.0805.0357.5180 - ATI) Hidden CCC Help Russian (x32 Version: 2010.0805.0357.5180 - ATI) Hidden CCC Help Spanish (x32 Version: 2010.0805.0357.5180 - ATI) Hidden CCC Help Swedish (x32 Version: 2010.0805.0357.5180 - ATI) Hidden CCC Help Thai (x32 Version: 2010.0805.0357.5180 - ATI) Hidden CCC Help Turkish (x32 Version: 2010.0805.0357.5180 - ATI) Hidden ccc-core-static (x32 Version: 2010.0805.358.5180 - ATI) Hidden ccc-utility64 (Version: 2010.0805.358.5180 - ATI) Hidden DAEMON Tools Lite (x32 Version: 4.45.2.0287 - DT Soft Ltd) Desktop Icon für Amazon (Version: 1.0.1 (de) - ) Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.) DTL FontMaster Light 2.7.0 (x32 Version: 2.7.0.0 - Dutch Type Library & URW++ Design & Development GmbH) Energy Star Digital Logo (x32 Version: 1.0.1 - Hewlett-Packard) FireJump 1.0.1.8 (x32 Version: 1.0.1.8 - FireJump.net) FLV-Media-Player (x32 Version: 2.0.3.2532 - HYBRIDWEB.de) Free Pdf Perfect Prereq (x32 Version: 1.0.0.66 - Covus Freemium GmbH) Hidden Free YouTube to MP3 Converter version 3.12.2.422 (x32 Version: 3.12.2.422 - DVDVideoSoft Ltd.) Guard.ICQ (x32 Version: - Mail.ru) GutscheinRausch.de - AddOn für Firefox (x32 Version: 2.81 - GutscheinRausch.de) High-Logic FontCreator 6.5 (x32 Version: - High-Logic B.V.) HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden HP Documentation (x32 Version: 1.5.0.0 - Hewlett-Packard) HP ESU for Microsoft Windows 7 (x32 Version: 1.1.6.1 - Hewlett-Packard Company) HP HotKey Support (Version: 3.5.15.1 - Hewlett-Packard Company) HP Setup (x32 Version: 8.5.4371.3505 - Hewlett-Packard Company) HP SoftPaq Download Manager (x32 Version: 3.0.5.0 - Hewlett-Packard Company) HP Software Framework (x32 Version: 4.0.51.1 - Hewlett-Packard Company) HP Software Setup (x32 Version: 7.0.1.6 - Hewlett-Packard Company) HP Support Assistant (x32 Version: 5.0.14.2 - Hewlett-Packard Company) HP Web Camera (Version: 1.0.0 - Hewlett-Packard) Hidden HP Webcam (x32 Version: 1.0.19.6 - Roxio) HP Webcam Driver (x32 Version: 5.8.50015.0 - Sonix) HP Wireless Assistant (Version: 4.0.6.0 - Hewlett-Packard) HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden ICQ Sparberater (x32 Version: 1.3.671 - solute gmbh) ICQ Toolbar (x32 Version: 3.0.0 - ICQ) ICQ7M (x32 Version: 7.8 - ICQ) IDT Audio (x32 Version: 1.0.6275.0 - IDT) Java 7 Update 45 (x32 Version: 7.0.450 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 32 (x32 Version: 6.0.320 - Oracle) K-Lite Mega Codec Pack 7.2.0 (x32 Version: 7.2.0 - ) LightScribe System Software (x32 Version: 1.18.12.1 - LightScribe) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation) McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation) Microsoft Windows Media Video 9 VCM (x32 Version: - ) Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla) Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation) Nero ControlCenter (x32 Version: 11.0.15500 - Nero AG) Hidden Nero ControlCenter Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden Nero Core Components (x32 Version: 11.0.20200 - Nero AG) Hidden Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden Nero WaveEditor (x32 Version: 12.0.8000 - Nero AG) Hidden Nero WaveEditor (x32 Version: 12.5.00100 - Nero AG) Nero WaveEditor Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden Nike+ Connect (x32 Version: 6.2.4 - Nike) No23 Recorder (x32 Version: 2.1.0.3 - No23) PDF Complete Special Edition (x32 Version: 3.5.117 - PDF Complete, Inc) PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden Readiris Pro 10 (x32 Version: - ) Realtek Ethernet Controller All-In-One Windows Driver (x32 Version: 1.12.0011 - Realtek) Rossmann Fotowelt Software 4.12.1 (x32 Version: 4.12.1 - ORWO Net) Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden Roxio Creator Audio (x32 Version: 3.8.0 - Roxio) Hidden Roxio Creator Business (x32 Version: 10.3.56.21 - Roxio) Roxio Creator Business v10 (x32 Version: 3.8.0 - Roxio) Hidden Roxio Creator Copy (x32 Version: 3.8.0 - Roxio) Hidden Roxio Creator Data (x32 Version: 3.8.0 - Roxio) Hidden Roxio Creator Tools (x32 Version: 3.8.0 - Roxio) Hidden Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden Samsung CLX-3170 Series (x32 Version: - Samsung Electronics CO.,LTD) Skype Click to Call (x32 Version: 5.9.9216 - Skype Technologies S.A.) Skype™ 6.3 (x32 Version: 6.3.107 - Skype Technologies S.A.) SmarThru 4 (x32 Version: - ) SmarThru PC Fax (x32 Version: - ) Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) Hidden Synaptics Pointing Device Driver (Version: 15.0.24.0 - Synaptics Incorporated) System Checkup 3.4 (x32 Version: 3.4.5.9 - iolo technologies, LLC) Trillian (x32 Version: - Cerulean Studios, LLC) Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (x32 Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft) Winamp (x32 Version: 5.622 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1 - Nullsoft, Inc) Windows 7 Default Setting (x32 Version: 1.0.1.7 - Hewlett-Packard Company) Windows Live ID Sign-in Assistant (Version: 6.500.3165.0 - Microsoft Corporation) ==================== Restore Points ========================= 17-01-2014 22:53:45 Windows Update 18-01-2014 21:52:16 Windows Update 19-01-2014 23:11:28 Windows Update 20-01-2014 23:53:08 Windows Update 21-01-2014 23:16:35 Windows Update 22-01-2014 23:36:09 Windows Update 24-01-2014 00:07:03 Windows Update 24-01-2014 11:20:05 Windows Update 24-01-2014 23:07:25 Windows Update 25-01-2014 23:32:43 Windows Update 26-01-2014 22:31:45 Windows Update 28-01-2014 22:10:02 Windows Update 29-01-2014 22:21:32 Windows Update 30-01-2014 11:01:52 Windows Update 31-01-2014 21:55:03 Windows Update 01-02-2014 21:51:55 Windows Update ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {1F18A2F7-D1AA-49FB-843B-2C72B1A9F6CD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-01-14] (Microsoft) Task: {2282FD9D-F63F-405D-9595-CA18E284CD81} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated) Task: {C481551F-D2C5-4DB2-84C0-690B1744A08E} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation) Task: {DB1451B9-B8A2-42C1-ACAD-C814420FD47D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-07-01] (Hewlett-Packard Company) Task: {E8F1E4E6-C894-4206-AD5A-5643C6A63065} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-07-01] (Hewlett-Packard Company) Task: {FC6239C0-4DE2-4ADD-AF9E-028CE83F05CB} - System32\Tasks\HPCeeScheduleForD => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\HPCeeScheduleForD.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2010-04-05 20:11 - 2010-04-05 20:11 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll 2010-04-05 20:12 - 2010-04-05 20:12 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll 2010-04-05 20:12 - 2010-04-05 20:12 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll 2013-03-03 10:26 - 2013-03-03 10:20 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2005-04-06 16:52 - 2005-04-06 16:52 - 00028791 _____ () c:\Users\D\Photoshop\Adobe Version Cue CS2\jre\bin\hpi.dll 2005-04-06 16:53 - 2005-04-06 16:53 - 00057453 _____ () c:\Users\D\Photoshop\Adobe Version Cue CS2\jre\bin\verify.dll 2005-04-06 16:53 - 2005-04-06 16:53 - 00102515 _____ () c:\Users\D\Photoshop\Adobe Version Cue CS2\jre\bin\java.dll 2005-04-06 16:53 - 2005-04-06 16:53 - 00053364 _____ () c:\Users\D\Photoshop\Adobe Version Cue CS2\jre\bin\zip.dll 2005-04-06 16:53 - 2005-04-06 16:53 - 00057455 _____ () C:\Users\D\Photoshop\Adobe Version Cue CS2\jre\bin\net.dll 2005-04-06 16:53 - 2005-04-06 16:53 - 00032880 _____ () C:\Users\D\Photoshop\Adobe Version Cue CS2\jre\bin\nio.dll 2005-04-06 16:53 - 2005-04-06 16:53 - 00434255 _____ () c:\Users\D\Photoshop\Adobe Version Cue CS2\bin\ps-rw-vc-v8_58.dll 2005-04-06 16:53 - 2005-04-06 16:53 - 01019904 _____ () c:\Users\D\Photoshop\Adobe Version Cue CS2\bin\ps-vc-v8_58.dll 2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\D\AppData\Roaming\Dropbox\bin\libcef.dll 2013-12-11 23:37 - 2013-12-11 23:37 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/02/2014 08:19:46 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: hpqwmiex.exe, Version: 4.0.51.1, Zeitstempel: 0x4c3b7c76 Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7601.17676, Zeitstempel: 0x4e58702a Ausnahmecode: 0xc0000005 Fehleroffset: 0x00004660 ID des fehlerhaften Prozesses: 0xa9c Startzeit der fehlerhaften Anwendung: 0xhpqwmiex.exe0 Pfad der fehlerhaften Anwendung: hpqwmiex.exe1 Pfad des fehlerhaften Moduls: hpqwmiex.exe2 Berichtskennung: hpqwmiex.exe3 Error: (01/24/2014 00:02:02 PM) (Source: Application Hang) (User: ) Description: Programm pdfvista.exe, Version 3.5.1.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 125c Startzeit: 01cf18f327ba9057 Endzeit: 21 Anwendungspfad: C:\Program Files (x86)\PDF Complete\pdfvista.exe Berichts-ID: e0bb683a-84e6-11e3-849c-cc52af1a8606 Error: (01/20/2014 09:17:21 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: hpasset.exe, Version: 3.0.2.2, Zeitstempel: 0x515303e6 Name des fehlerhaften Moduls: hpasset.exe, Version: 3.0.2.2, Zeitstempel: 0x515303e6 Ausnahmecode: 0x40000015 Fehleroffset: 0x0003b9a8 ID des fehlerhaften Prozesses: 0x1720 Startzeit der fehlerhaften Anwendung: 0xhpasset.exe0 Pfad der fehlerhaften Anwendung: hpasset.exe1 Pfad des fehlerhaften Moduls: hpasset.exe2 Berichtskennung: hpasset.exe3 Error: (01/20/2014 09:17:11 PM) (Source: .NET Runtime) (User: ) Description: .NET Runtime version 2.0.50727.5472 - Schwerwiegender Fehler im Ausführungsmodul (000007FEF3C16015) (800703e9). Error: (01/16/2014 00:02:36 AM) (Source: Windows Search Service) (User: ) Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut. Kontext: Anwendung, SystemIndex Katalog Error: (01/09/2014 11:16:43 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 26.0.0.5087, Zeitstempel: 0x52a0d273 Name des fehlerhaften Moduls: xul.dll, Version: 26.0.0.5087, Zeitstempel: 0x52a0d20a Ausnahmecode: 0xc0000005 Fehleroffset: 0x0014e1a8 ID des fehlerhaften Prozesses: 0x11f4 Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0 Pfad der fehlerhaften Anwendung: firefox.exe1 Pfad des fehlerhaften Moduls: firefox.exe2 Berichtskennung: firefox.exe3 Error: (01/08/2014 06:53:52 AM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {2b032e4a-a479-46ee-836b-00412b65fdd5} Error: (01/07/2014 04:53:38 PM) (Source: Microsoft-Windows-RestartManager) (User: NT-AUTORITÄT) Description: Die Anwendung oder der Dienst "Windows Defender" konnte nicht heruntergefahren werden. Error: (01/07/2014 04:53:25 PM) (Source: Microsoft-Windows-RestartManager) (User: NT-AUTORITÄT) Description: Die Anwendung oder der Dienst "Windows Defender" konnte nicht heruntergefahren werden. Error: (11/16/2013 09:30:22 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: jre-7u45-windows-i586.exe, Version: 7.0.450.18, Zeitstempel: 0x52542c5e Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x02418b40 ID des fehlerhaften Prozesses: 0x11bc Startzeit der fehlerhaften Anwendung: 0xjre-7u45-windows-i586.exe0 Pfad der fehlerhaften Anwendung: jre-7u45-windows-i586.exe1 Pfad des fehlerhaften Moduls: jre-7u45-windows-i586.exe2 Berichtskennung: jre-7u45-windows-i586.exe3 System errors: ============= Error: (02/02/2014 08:19:54 AM) (Source: Service Control Manager) (User: ) Description: Dienst "HP Software Framework Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (02/02/2014 07:51:46 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%20 Error: (02/01/2014 10:55:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 11 für Windows 7 für x64-basierte Systeme Error: (02/01/2014 08:56:10 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%20 Error: (01/31/2014 10:58:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 11 für Windows 7 für x64-basierte Systeme Error: (01/31/2014 08:47:31 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%20 Error: (01/30/2014 00:04:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 11 für Windows 7 für x64-basierte Systeme Error: (01/30/2014 08:51:11 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "HP Health Check Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (01/30/2014 08:51:11 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HP Health Check Service erreicht. Error: (01/30/2014 08:47:51 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%20 Microsoft Office Sessions: ========================= Error: (11/02/2012 02:40:42 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5320 seconds with 3900 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 72% Total physical RAM: 1788.56 MB Available physical RAM: 498.68 MB Total Pagefile: 3303.23 MB Available Pagefile: 552.32 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:215.59 GB) (Free:136 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.98 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 01A1A129) Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=216 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=2 GB) - (Type=0C) ==================== End Of Log ============================ Und... Vielleicht hilft das auch? Scheint ja hier Standard zu sein... Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 11:56 on 02/02/2014 (D) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. HKCU:DAEMON Tools Lite -> Removed Checking for services/drivers... SPTD -> Disabled (Service running -> reboot required) -=E.O.F=- Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-02-02 12:33:43 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545025B9A300 rev.PB2OCA1G 232,89GB Running: Gmer-19357.exe; Driver: C:\Users\D\AppData\Local\Temp\pxldapoc.sys ---- User code sections - GMER 2.1 ---- .text c:\Users\D\Photoshop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1868] C:\windows\syswow64\msvcrt.dll!free 0000000077339894 5 bytes JMP 000000010a90d2d0 .text c:\Users\D\Photoshop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1868] C:\windows\syswow64\msvcrt.dll!malloc 0000000077339cee 5 bytes JMP 000000010a90d230 .text c:\Users\D\Photoshop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1868] C:\windows\syswow64\msvcrt.dll!??3@YAXPAX@Z 000000007733b0b9 5 bytes JMP 000000010a90d2d0 .text c:\Users\D\Photoshop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1868] C:\windows\syswow64\msvcrt.dll!??2@YAPAXI@Z 000000007733b0c9 5 bytes JMP 000000010a90d480 .text c:\Users\D\Photoshop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1868] C:\windows\syswow64\msvcrt.dll!realloc 000000007733b10d 5 bytes JMP 000000010a90d2b0 .text c:\Users\D\Photoshop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1868] C:\windows\syswow64\msvcrt.dll!calloc 000000007733c456 5 bytes JMP 000000010a90d270 .text c:\Users\D\Photoshop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1868] C:\windows\syswow64\msvcrt.dll!_msize 000000007733f43b 5 bytes JMP 000000010a90d2e0 .text c:\Users\D\Photoshop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1868] C:\windows\syswow64\msvcrt.dll!_aligned_free 0000000077355942 5 bytes JMP 000000010a90d2d0 .text c:\Users\D\Photoshop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1868] C:\windows\syswow64\msvcrt.dll!_aligned_malloc 000000007736028d 5 bytes JMP 000000010a90d3c0 .text c:\Users\D\Photoshop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1868] C:\windows\syswow64\msvcrt.dll!_aligned_offset_malloc 00000000773602a9 5 bytes JMP 000000010a90d3e0 .text c:\Users\D\Photoshop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1868] C:\windows\syswow64\msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 000000007738bfd1 5 bytes JMP 000000010a90d500 .text c:\Users\D\Photoshop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1868] C:\windows\syswow64\msvcrt.dll!_aligned_offset_realloc 000000007738bfe1 5 bytes JMP 000000010a90d420 .text c:\Users\D\Photoshop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1868] C:\windows\syswow64\msvcrt.dll!_aligned_realloc 000000007738c16b 5 bytes JMP 000000010a90d400 .text c:\Users\D\Photoshop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1868] C:\windows\syswow64\msvcrt.dll!_expand 000000007738c18a 5 bytes JMP 000000010a90d3a0 .text c:\Users\D\Photoshop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1868] C:\windows\syswow64\msvcrt.dll!_heapadd 000000007738dd03 5 bytes JMP 000000010a90d550 .text c:\Users\D\Photoshop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1868] C:\windows\syswow64\msvcrt.dll!_heapchk 000000007738dd17 5 bytes JMP 000000010a90d560 .text c:\Users\D\Photoshop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1868] C:\windows\syswow64\msvcrt.dll!_heapset + 1 000000007738de16 4 bytes {JMP 0xffffffff9357f76b} .text c:\Users\D\Photoshop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1868] C:\windows\syswow64\msvcrt.dll!_heapmin 000000007738de1f 5 bytes JMP 000000010a90d650 .text c:\Users\D\Photoshop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1868] C:\windows\syswow64\msvcrt.dll!_heapused 000000007738df05 5 bytes JMP 000000010a90d620 .text c:\Users\D\Photoshop\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1868] C:\windows\syswow64\msvcrt.dll!_heapwalk 000000007738df18 5 bytes JMP 000000010a90d590 .text C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe[1168] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000774e1465 2 bytes [4E, 77] .text C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe[1168] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774e14bb 2 bytes [4E, 77] .text ... * 2 .text C:\Users\D\AppData\Roaming\Dropbox\bin\Dropbox.exe[3296] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 69 00000000774e1465 2 bytes [4E, 77] .text C:\Users\D\AppData\Roaming\Dropbox\bin\Dropbox.exe[3296] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000774e14bb 2 bytes [4E, 77] .text ... * 2 ---- Processes - GMER 2.1 ---- Library C:\Users\D\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\D\AppData\Roaming\Dropbox\bin\Dropbox.exe [3296](2014-01-03 00:45:04) 0000000003f40000 Library C:\Users\D\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\D\AppData\Roaming\Dropbox\bin\Dropbox.exe [3296] 000000006d370000 Library C:\Users\D\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\D\AppData\Roaming\Dropbox\bin\Dropbox.exe [3296] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 000000006fa60000 Library C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ED8F3613-98A3-4C3C-930C-D69C91C6E10C}\offreg.dll (*** suspicious ***) @ C:\windows\System32\svchost.exe [4156](2014-02-02 11:14:52) 000007fef9e90000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\cc52af1a8606 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x32 0x71 0x16 0x9C ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x34 0x95 0x5B 0x57 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6D 0x77 0x13 0xAE ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\cc52af1a8606 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x32 0x71 0x16 0x9C ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x34 0x95 0x5B 0x57 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6D 0x77 0x13 0xAE ... ---- EOF - GMER 2.1 ---- |
02.02.2014, 14:10 | #4 | ||||
Ruhe in Frieden † 2019 | Langsamer PC und (kurzer) Log - für Schädlings-Noob... Was davon muss weg? Hallo Luitha, Zitat:
Zitat:
Zitat:
Zitat:
Sagen dir die folgenden Programme etwas? FireJump ICQ Sparberater Falls du sie nicht kennst oder benötigst, dann deinstalliere sie auch nach der Anleitung unter nachfolgendem Schritt. Schritt 1 Bitte deinstalliere folgendes Programm (falls vorhanden) : System Checkup Dazu gehe auf: den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen Schritt 2 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 3 Lösche die Funde von Malwarebytes Schritt 4 Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Schritt 5 Starte noch einmal FRST.
|
03.02.2014, 17:41 | #5 | |
| Langsamer PC und (kurzer) Log - für Schädlings-Noob... Was davon muss weg? FireJump, ICQ Sparberater und System Checkup gelöscht. Code:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 02/02/2014 um 17:44:31 # Updated 28/01/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : D - D-HP # Gestartet von : C:\Users\D\Downloads\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\SoftwareUpdater Ordner Gelöscht : C:\ProgramData\~0 Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar Ordner Gelöscht : C:\Users\D\AppData\Local\DownloadGuide Ordner Gelöscht : C:\Users\D\AppData\Local\PackageAware Ordner Gelöscht : C:\Users\D\AppData\Local\Temp\boost_interprocess Ordner Gelöscht : C:\Users\D\AppData\Local\Temp\OCS Ordner Gelöscht : C:\Users\D\AppData\Roaming\DesktopIconForAmazon Datei Gelöscht : C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\gng2rvvs.default-1383406463183\searchplugins\11-suche.xml ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [happylyrics@hpyproductions.net] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} Schlüssel Gelöscht : HKCU\Software\Ciuvo Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\HappyLyrics Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon ***** [ Browser ] ***** -\\ Internet Explorer v10.0.9200.16750 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] -\\ Mozilla Firefox v26.0 (de) [ Datei : C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\gng2rvvs.default-1383406463183\prefs.js ] ************************* AdwCleaner[R0].txt - [3387 octets] - [02/02/2014 17:43:02] AdwCleaner[S0].txt - [3031 octets] - [02/02/2014 17:44:31] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3091 octets] ########## TempFileCleaner: Zitat:
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04 Ran by D (administrator) on D-HP on 02-02-2014 20:54:51 Running from C:\Users\D\Desktop\trojaner forum Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\stacsv64.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Adobe Systems Incorporated) C:\Users\D\Photoshop\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Users\D\Photoshop\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe (Microsoft Corporation) C:\Windows\splwow64.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated) HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-17] (IDT, Inc.) HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-03-01] (Hewlett-Packard Company) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe Version Cue CS2] - c:\Users\D\Photoshop\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated) HKLM-x32\...\Run: [Nike+ Connect] - C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe [70656 2013-12-11] (Nike) HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-14] (Hewlett-Packard) Startup: C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\gng2rvvs.default-1383406463183 FF SelectedSearchEngine: Google FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*'))%20%7B%20return%20'PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\windows\SysWOW64\npdeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF SearchPlugin: C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\gng2rvvs.default-1383406463183\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\gng2rvvs.default-1383406463183\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\gng2rvvs.default-1383406463183\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\gng2rvvs.default-1383406463183\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ProxMate - Proxy on steroids! - C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\gng2rvvs.default-1383406463183\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-11-02] FF Extension: Adblock Plus - C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\gng2rvvs.default-1383406463183\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-02] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-11] ==================== Services (Whitelisted) ================= S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-02-04] (Adobe Systems) R2 Adobe Version Cue CS2; c:\Users\D\Photoshop\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated) R2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-29] (Avira Operations GmbH & Co. KG) R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [264248 2010-03-01] (Hewlett-Packard Company) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2010-03-06] (PDF Complete Inc) R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [244736 2010-03-17] (IDT, Inc.) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-29] (Avira Operations GmbH & Co. KG) S2 DgiVecp; C:\windows\system32\Drivers\DgiVecp.sys [53816 2009-03-25] (Samsung Electronics Co., Ltd.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-14] (DT Soft Ltd) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-06-22] () S4 sptd; C:\Windows\System32\Drivers\sptd.sys [564792 2012-02-04] (Duplex Secure Ltd.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-02 20:44 - 2014-02-02 20:44 - 00448512 _____ (OldTimer Tools) C:\Users\D\Desktop\TFC.exe 2014-02-02 17:52 - 2014-02-02 20:54 - 00000000 ____D () C:\Users\D\Desktop\trojaner forum 2014-02-02 17:50 - 2014-02-02 17:50 - 00003175 _____ () C:\Users\D\Desktop\AdwCleaner[S0].txt 2014-02-02 17:42 - 2014-02-02 17:44 - 00000000 ____D () C:\AdwCleaner 2014-02-02 17:41 - 2014-02-02 17:41 - 01166132 _____ () C:\Users\D\Desktop\adwcleaner.exe 2014-02-02 17:36 - 2013-12-18 21:10 - 00877480 _____ (Oracle Corporation) C:\windows\SysWOW64\npdeployJava1.dll 2014-02-02 17:36 - 2013-12-18 21:10 - 00800168 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll 2014-02-02 12:13 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2014-02-02 12:13 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2014-02-02 12:13 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2014-02-02 12:13 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2014-02-02 12:11 - 2014-02-02 12:13 - 00005298 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-02-02 11:56 - 2014-02-02 11:56 - 00000188 _____ () C:\Users\D\defogger_reenable 2014-02-02 11:37 - 2014-02-02 20:54 - 00000000 ____D () C:\FRST 2014-02-02 08:17 - 2014-02-02 08:17 - 00000000 ____D () C:\Users\D\AppData\Roaming\Malwarebytes 2014-02-02 08:16 - 2014-02-02 08:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-02 08:16 - 2014-02-02 08:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-02-02 08:16 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-02-02 08:06 - 2014-02-02 08:07 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\D\Downloads\mbam-setup-1.75.0.1300.exe 2014-02-01 10:31 - 2014-02-01 10:32 - 00000000 ____D () C:\Users\D\Desktop\carry on 2014-01-22 21:18 - 2014-01-22 21:25 - 00000000 ____D () C:\Users\D\Documents\Wohngeld 2014-01-20 21:19 - 2014-02-01 12:58 - 00003162 _____ () C:\windows\System32\Tasks\HPCeeScheduleForD 2014-01-15 21:45 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys 2014-01-15 21:45 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2014-01-15 21:45 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys 2014-01-15 21:45 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys 2014-01-15 21:45 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys 2014-01-15 21:45 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys 2014-01-15 21:45 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys 2014-01-15 21:45 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys 2014-01-15 21:45 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-01-10 23:15 - 2014-01-10 23:15 - 00000000 ____D () C:\ProgramData\Nike 2014-01-10 23:15 - 2014-01-10 23:15 - 00000000 ____D () C:\Program Files (x86)\Nike 2014-01-10 23:04 - 2014-01-10 23:04 - 17934352 _____ (Nike) C:\Users\D\Downloads\Nike+Connect_Installer.exe 2014-01-04 12:35 - 2014-01-09 18:50 - 00000000 ____D () C:\Users\D\Documents\LONDON ==================== One Month Modified Files and Folders ======= 2014-02-02 20:54 - 2014-02-02 17:52 - 00000000 ____D () C:\Users\D\Desktop\trojaner forum 2014-02-02 20:54 - 2014-02-02 11:37 - 00000000 ____D () C:\FRST 2014-02-02 20:44 - 2014-02-02 20:44 - 00448512 _____ (OldTimer Tools) C:\Users\D\Desktop\TFC.exe 2014-02-02 20:37 - 2009-07-14 05:45 - 00019536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-02 20:37 - 2009-07-14 05:45 - 00019536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-02 20:35 - 2010-12-08 23:40 - 00654400 _____ () C:\windows\system32\perfh007.dat 2014-02-02 20:35 - 2010-12-08 23:40 - 00130240 _____ () C:\windows\system32\perfc007.dat 2014-02-02 20:35 - 2009-07-14 06:13 - 01498742 _____ () C:\windows\system32\PerfStringBackup.INI 2014-02-02 20:31 - 2011-09-05 19:08 - 00000000 ___RD () C:\Users\D\Dropbox 2014-02-02 20:31 - 2011-09-05 19:06 - 00000000 ____D () C:\Users\D\AppData\Roaming\Dropbox 2014-02-02 20:28 - 2011-07-31 01:22 - 00321150 _____ () C:\windows\PFRO.log 2014-02-02 20:28 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-02-02 20:28 - 2009-07-14 05:51 - 00146135 _____ () C:\windows\setupact.log 2014-02-02 20:26 - 2011-03-18 18:12 - 01816600 _____ () C:\windows\WindowsUpdate.log 2014-02-02 20:16 - 2012-11-22 21:08 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-02-02 17:50 - 2014-02-02 17:50 - 00003175 _____ () C:\Users\D\Desktop\AdwCleaner[S0].txt 2014-02-02 17:44 - 2014-02-02 17:42 - 00000000 ____D () C:\AdwCleaner 2014-02-02 17:44 - 2012-06-16 16:37 - 00000000 ____D () C:\ProgramData\ICQ 2014-02-02 17:41 - 2014-02-02 17:41 - 01166132 _____ () C:\Users\D\Desktop\adwcleaner.exe 2014-02-02 17:40 - 2013-11-19 20:49 - 00000000 ____D () C:\ProgramData\iolo 2014-02-02 17:36 - 2012-05-06 15:29 - 00000000 ____D () C:\Program Files (x86)\Java 2014-02-02 17:33 - 2010-12-08 23:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-02-02 12:13 - 2014-02-02 12:11 - 00005298 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-02-02 12:13 - 2013-11-16 21:43 - 00000000 ____D () C:\ProgramData\Oracle 2014-02-02 11:56 - 2014-02-02 11:56 - 00000188 _____ () C:\Users\D\defogger_reenable 2014-02-02 11:56 - 2011-07-30 19:36 - 00000000 ____D () C:\Users\D 2014-02-02 08:17 - 2014-02-02 08:17 - 00000000 ____D () C:\Users\D\AppData\Roaming\Malwarebytes 2014-02-02 08:16 - 2014-02-02 08:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-02 08:16 - 2014-02-02 08:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-02-02 08:07 - 2014-02-02 08:06 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\D\Downloads\mbam-setup-1.75.0.1300.exe 2014-02-01 22:55 - 2013-11-12 23:31 - 00222351 _____ () C:\windows\IE11_main.log 2014-02-01 12:58 - 2014-01-20 21:19 - 00003162 _____ () C:\windows\System32\Tasks\HPCeeScheduleForD 2014-02-01 12:58 - 2013-10-14 23:07 - 00000316 _____ () C:\windows\Tasks\HPCeeScheduleForD.job 2014-02-01 10:32 - 2014-02-01 10:31 - 00000000 ____D () C:\Users\D\Desktop\carry on 2014-02-01 10:31 - 2012-05-28 14:43 - 01242112 ___SH () C:\Users\D\Desktop\Thumbs.db 2014-02-01 08:56 - 2009-07-14 06:08 - 00032632 _____ () C:\windows\Tasks\SCHEDLGU.TXT 2014-01-31 11:13 - 2013-03-02 12:16 - 00000000 ___HD () C:\jexepackres 2014-01-30 10:03 - 2013-10-28 01:28 - 00000000 ____D () C:\Users\D\Documents\Tom 2014-01-27 23:40 - 2011-12-05 22:45 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log 2014-01-22 21:25 - 2014-01-22 21:18 - 00000000 ____D () C:\Users\D\Documents\Wohngeld 2014-01-16 16:51 - 2009-07-14 05:45 - 05049568 _____ () C:\windows\system32\FNTCACHE.DAT 2014-01-16 00:03 - 2011-08-03 12:59 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-01-16 00:01 - 2013-07-13 00:01 - 00000000 ____D () C:\windows\system32\MRT 2014-01-15 23:57 - 2011-07-30 21:31 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-01-10 23:15 - 2014-01-10 23:15 - 00000000 ____D () C:\ProgramData\Nike 2014-01-10 23:15 - 2014-01-10 23:15 - 00000000 ____D () C:\Program Files (x86)\Nike 2014-01-10 23:04 - 2014-01-10 23:04 - 17934352 _____ (Nike) C:\Users\D\Downloads\Nike+Connect_Installer.exe 2014-01-09 23:16 - 2012-02-04 14:52 - 00000000 ____D () C:\Users\D\AppData\Local\CrashDumps 2014-01-09 18:50 - 2014-01-04 12:35 - 00000000 ____D () C:\Users\D\Documents\LONDON 2014-01-07 17:02 - 2011-07-30 19:46 - 00000000 ___RD () C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-07 17:01 - 2011-09-05 19:07 - 00000000 ____D () C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-05 13:30 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF Some content of TEMP: ==================== C:\Users\D\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-19 17:51 ==================== End Of Log ============================ Nun bin ich ja mal gespannt... Ich fühle mich schrecklich dumm, wenn ich den Inhalt dieser Logs zu lesen versuche.^^ Vielen Dank schonmal für die netten und klaren Anweisungen bisher. Falls ich jetzt "keimfrei" bin, hätte ich noch eine Frage: Macht es Sinn, den Avira Virenscanner zu löschen und stattdessen MBAM zu behalten? Oder muss ich "Viren" und "Malware" trennen? Und ich habe von MBAM jetzt nur eine Testversion, richtig? |
04.02.2014, 11:40 | #6 | ||
Ruhe in Frieden † 2019 | Langsamer PC und (kurzer) Log - für Schädlings-Noob... Was davon muss weg? Hallo Luitha, Zitat:
Zitat:
Macht der Rechner noch Probleme? Wir müssen noch ein paar Sachen fixen: Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe C:\Program Files\McAfee Security Scan BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*'))%20%7B%20return%20'PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern ESET Online Scanner
Schritt 3 Starte noch einmal FRST.
__________________ --> Langsamer PC und (kurzer) Log - für Schädlings-Noob... Was davon muss weg? |
04.02.2014, 20:55 | #7 |
| Langsamer PC und (kurzer) Log - für Schädlings-Noob... Was davon muss weg? Der Laptop macht deutlich weniger Probleme, aber nicht gar keine mehr... Pixelig verschwimmernder Text ist schon lange eines der Hauptprobleme und hat sich auch nicht geändert. Lässt sich durch "markieren" mit der Maus beheben. Und neuerdings (seit gestern) hat er beim Neu-Laden von Internetseiten kurzzeitig einen "Bildversatz". Nicht schlimm, aber seltsam... MBAM findet nichts mehr; habe ihn heute morgen nochmal vollständig durchlaufen lassen. FRST - Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2014 04 Ran by D at 2014-02-04 16:34:42 Run:1 Running from C:\Users\D\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe C:\Program Files\McAfee Security Scan BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*'))%20%7B%20return%20'PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" ***************** [900] C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe => Process closed successfully. C:\Program Files\McAfee Security Scan => Moved successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key deleted successfully. Firefox Proxy settings were reset. ==== End of Fixlog ==== -Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=f62dab11813c2e40ba150fa88c875aea # engine=16937 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-02-04 07:08:15 # local_time=2014-02-04 08:08:15 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 96 17708 162212200 10458 0 # compatibility_mode=5893 16776573 100 94 42151 143170745 0 0 # scanned=195497 # found=0 # cleaned=0 # scan_time=8679 FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04 Ran by D (administrator) on D-HP on 04-02-2014 20:57:07 Running from C:\Users\D\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\stacsv64.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Adobe Systems Incorporated) C:\Users\D\Photoshop\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Users\D\Photoshop\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Dropbox, Inc.) C:\Users\D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Adobe Sytems Incorporated) C:\Users\D\Photoshop\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Nike) C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfvista.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated) HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-17] (IDT, Inc.) HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-03-01] (Hewlett-Packard Company) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe Version Cue CS2] - c:\Users\D\Photoshop\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated) HKLM-x32\...\Run: [Nike+ Connect] - C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe [70656 2013-12-11] (Nike) HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard) Startup: C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\gng2rvvs.default-1383406463183 FF SelectedSearchEngine: Google FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*'))%20%7B%20return%20'PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\windows\SysWOW64\npdeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF SearchPlugin: C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\gng2rvvs.default-1383406463183\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\gng2rvvs.default-1383406463183\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\gng2rvvs.default-1383406463183\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\gng2rvvs.default-1383406463183\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ProxMate - Proxy on steroids! - C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\gng2rvvs.default-1383406463183\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-11-02] FF Extension: Adblock Plus - C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\gng2rvvs.default-1383406463183\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-02] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-11] ==================== Services (Whitelisted) ================= S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-02-04] (Adobe Systems) R2 Adobe Version Cue CS2; c:\Users\D\Photoshop\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated) R2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-29] (Avira Operations GmbH & Co. KG) R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [264248 2010-03-01] (Hewlett-Packard Company) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2010-03-06] (PDF Complete Inc) R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [244736 2010-03-17] (IDT, Inc.) S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe" [x] ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-29] (Avira Operations GmbH & Co. KG) S2 DgiVecp; C:\windows\system32\Drivers\DgiVecp.sys [53816 2009-03-25] (Samsung Electronics Co., Ltd.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-14] (DT Soft Ltd) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-06-22] () S4 sptd; C:\Windows\System32\Drivers\sptd.sys [564792 2012-02-04] (Duplex Secure Ltd.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-04 20:57 - 2014-02-04 20:57 - 00015010 _____ () C:\Users\D\Desktop\FRST.txt 2014-02-04 17:40 - 2014-02-04 17:40 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-02-04 16:37 - 2014-02-04 16:37 - 02347384 _____ (ESET) C:\Users\D\Downloads\esetsmartinstaller_enu.exe 2014-02-02 17:52 - 2014-02-04 20:58 - 00000000 ____D () C:\Users\D\Desktop\trojaner forum 2014-02-02 17:42 - 2014-02-02 17:44 - 00000000 ____D () C:\AdwCleaner 2014-02-02 17:36 - 2013-12-18 21:10 - 00877480 _____ (Oracle Corporation) C:\windows\SysWOW64\npdeployJava1.dll 2014-02-02 17:36 - 2013-12-18 21:10 - 00800168 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll 2014-02-02 12:13 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2014-02-02 12:13 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2014-02-02 12:13 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2014-02-02 12:13 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2014-02-02 12:11 - 2014-02-02 12:13 - 00005298 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-02-02 11:56 - 2014-02-02 11:56 - 00000188 _____ () C:\Users\D\defogger_reenable 2014-02-02 11:37 - 2014-02-04 20:57 - 00000000 ____D () C:\FRST 2014-02-02 11:36 - 2014-02-02 11:36 - 02080256 _____ (Farbar) C:\Users\D\Desktop\FRST64.exe 2014-02-02 08:17 - 2014-02-02 08:17 - 00000000 ____D () C:\Users\D\AppData\Roaming\Malwarebytes 2014-02-02 08:16 - 2014-02-02 08:16 - 00001109 _____ () C:\Users\D\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-02 08:16 - 2014-02-02 08:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-02 08:16 - 2014-02-02 08:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-02-02 08:16 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-02-02 08:06 - 2014-02-02 08:07 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\D\Downloads\mbam-setup-1.75.0.1300.exe 2014-02-01 10:31 - 2014-02-01 10:32 - 00000000 ____D () C:\Users\D\Desktop\carry on 2014-01-22 21:18 - 2014-01-22 21:25 - 00000000 ____D () C:\Users\D\Documents\Wohngeld 2014-01-20 21:19 - 2014-02-03 21:34 - 00003162 _____ () C:\windows\System32\Tasks\HPCeeScheduleForD 2014-01-15 21:45 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys 2014-01-15 21:45 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2014-01-15 21:45 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys 2014-01-15 21:45 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys 2014-01-15 21:45 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys 2014-01-15 21:45 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys 2014-01-15 21:45 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys 2014-01-15 21:45 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys 2014-01-15 21:45 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-01-10 23:15 - 2014-01-10 23:15 - 00000000 ____D () C:\ProgramData\Nike 2014-01-10 23:15 - 2014-01-10 23:15 - 00000000 ____D () C:\Program Files (x86)\Nike 2014-01-10 23:04 - 2014-01-10 23:04 - 17934352 _____ (Nike) C:\Users\D\Downloads\Nike+Connect_Installer.exe ==================== One Month Modified Files and Folders ======= 2014-02-04 20:58 - 2014-02-04 20:57 - 00015010 _____ () C:\Users\D\Desktop\FRST.txt 2014-02-04 20:58 - 2014-02-02 17:52 - 00000000 ____D () C:\Users\D\Desktop\trojaner forum 2014-02-04 20:57 - 2014-02-02 11:37 - 00000000 ____D () C:\FRST 2014-02-04 20:16 - 2012-11-22 21:08 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-02-04 19:49 - 2009-07-14 05:45 - 00019536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-04 19:49 - 2009-07-14 05:45 - 00019536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-04 18:43 - 2011-03-18 18:12 - 02048617 _____ () C:\windows\WindowsUpdate.log 2014-02-04 17:40 - 2014-02-04 17:40 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-02-04 17:37 - 2010-12-08 23:40 - 00654400 _____ () C:\windows\system32\perfh007.dat 2014-02-04 17:37 - 2010-12-08 23:40 - 00130240 _____ () C:\windows\system32\perfc007.dat 2014-02-04 17:37 - 2009-07-14 06:13 - 01498742 _____ () C:\windows\system32\PerfStringBackup.INI 2014-02-04 16:37 - 2014-02-04 16:37 - 02347384 _____ (ESET) C:\Users\D\Downloads\esetsmartinstaller_enu.exe 2014-02-04 16:11 - 2011-09-05 19:06 - 00000000 ____D () C:\Users\D\AppData\Roaming\Dropbox 2014-02-04 16:10 - 2011-09-05 19:08 - 00000000 ___RD () C:\Users\D\Dropbox 2014-02-04 16:07 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-02-04 16:07 - 2009-07-14 05:51 - 00146359 _____ () C:\windows\setupact.log 2014-02-04 08:16 - 2013-10-14 23:07 - 00000316 _____ () C:\windows\Tasks\HPCeeScheduleForD.job 2014-02-04 00:01 - 2013-11-12 23:31 - 00235569 _____ () C:\windows\IE11_main.log 2014-02-03 21:34 - 2014-01-20 21:19 - 00003162 _____ () C:\windows\System32\Tasks\HPCeeScheduleForD 2014-02-03 21:33 - 2011-12-05 22:45 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log 2014-02-03 20:34 - 2012-05-28 14:43 - 01253376 ___SH () C:\Users\D\Desktop\Thumbs.db 2014-02-02 20:28 - 2011-07-31 01:22 - 00321150 _____ () C:\windows\PFRO.log 2014-02-02 17:44 - 2014-02-02 17:42 - 00000000 ____D () C:\AdwCleaner 2014-02-02 17:44 - 2012-06-16 16:37 - 00000000 ____D () C:\ProgramData\ICQ 2014-02-02 17:40 - 2013-11-19 20:49 - 00000000 ____D () C:\ProgramData\iolo 2014-02-02 17:36 - 2012-05-06 15:29 - 00000000 ____D () C:\Program Files (x86)\Java 2014-02-02 17:33 - 2010-12-08 23:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-02-02 12:13 - 2014-02-02 12:11 - 00005298 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-02-02 12:13 - 2013-11-16 21:43 - 00000000 ____D () C:\ProgramData\Oracle 2014-02-02 11:56 - 2014-02-02 11:56 - 00000188 _____ () C:\Users\D\defogger_reenable 2014-02-02 11:56 - 2011-07-30 19:36 - 00000000 ____D () C:\Users\D 2014-02-02 11:36 - 2014-02-02 11:36 - 02080256 _____ (Farbar) C:\Users\D\Desktop\FRST64.exe 2014-02-02 08:17 - 2014-02-02 08:17 - 00000000 ____D () C:\Users\D\AppData\Roaming\Malwarebytes 2014-02-02 08:16 - 2014-02-02 08:16 - 00001109 _____ () C:\Users\D\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-02 08:16 - 2014-02-02 08:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-02 08:16 - 2014-02-02 08:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-02-02 08:07 - 2014-02-02 08:06 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\D\Downloads\mbam-setup-1.75.0.1300.exe 2014-02-01 10:32 - 2014-02-01 10:31 - 00000000 ____D () C:\Users\D\Desktop\carry on 2014-02-01 08:56 - 2009-07-14 06:08 - 00032632 _____ () C:\windows\Tasks\SCHEDLGU.TXT 2014-01-31 11:13 - 2013-03-02 12:16 - 00000000 ___HD () C:\jexepackres 2014-01-30 10:03 - 2013-10-28 01:28 - 00000000 ____D () C:\Users\D\Documents\Tom 2014-01-22 21:25 - 2014-01-22 21:18 - 00000000 ____D () C:\Users\D\Documents\Wohngeld 2014-01-16 16:51 - 2009-07-14 05:45 - 05049568 _____ () C:\windows\system32\FNTCACHE.DAT 2014-01-16 00:03 - 2011-08-03 12:59 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-01-16 00:01 - 2013-07-13 00:01 - 00000000 ____D () C:\windows\system32\MRT 2014-01-15 23:57 - 2011-07-30 21:31 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-01-10 23:15 - 2014-01-10 23:15 - 00000000 ____D () C:\ProgramData\Nike 2014-01-10 23:15 - 2014-01-10 23:15 - 00000000 ____D () C:\Program Files (x86)\Nike 2014-01-10 23:04 - 2014-01-10 23:04 - 17934352 _____ (Nike) C:\Users\D\Downloads\Nike+Connect_Installer.exe 2014-01-09 23:16 - 2012-02-04 14:52 - 00000000 ____D () C:\Users\D\AppData\Local\CrashDumps 2014-01-09 18:50 - 2014-01-04 12:35 - 00000000 ____D () C:\Users\D\Documents\LONDON 2014-01-07 17:02 - 2011-07-30 19:46 - 00000000 ___RD () C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-07 17:01 - 2011-09-05 19:07 - 00000000 ____D () C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-05 13:30 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF Some content of TEMP: ==================== C:\Users\D\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-03 07:43 ==================== End Of Log ============================ Geändert von Luitha (04.02.2014 um 21:01 Uhr) |
05.02.2014, 21:59 | #8 | |
Ruhe in Frieden † 2019 | Langsamer PC und (kurzer) Log - für Schädlings-Noob... Was davon muss weg? Hallo Luitha, Zitat:
Ansonsten sieht das gut aus. >OK< So wie ich es sehe, haben wir damit alles Schadhafte entfernt. Deine Logs sind sauber. Abschließend räumen wir noch etwas auf, führen Updates durch und dann bekommst du noch etwas Lesestoff von mir. Schritt 1 Falls Du Malwarebytes-Antimalware und den ESET-Onlinescan nicht mehr benötigst, kannst Du beide Programme einfach über die Programmdeinstallation deinstallieren. Ich empfehle Dir aber zumindest Malwarebytes zu behalten, und damit einmal die Woche einen Kontrollscan zu machen. Schritt 2 Bitte starte Defogger noch einmal und klicke auf re-enable. Schritt 3 Downloade dir bitte delfix auf deinen Desktop.
Updates / Programme aktualisieren
Stelle sicher, dass dein FlashPlayer nach Updates sucht. Den FlashPlayer kann man direkt bei der Installation so konfigurieren, dass er nach Updates automatisch sucht, nachträglich kann man das über folgenden Link machen: Adobe - Flash Player: Einstellungsmanager - Globale Benachrichtigungseinstellungen
Allerdings ist Java eine große Sicherheitslücke auf deinem System, es werden immer wieder neue Schwachstellen entdeckt, die ausgenutzt werden um Rechner zu infizieren. Sofern du Java nicht zwingend benötigst, solltest du es komplett deinstallieren. Windows XP Gehe auf: Start --> Systemsteuerung --> Software --> Javaversionen auswählen --> entfernen Windows Vista Gehe auf: Start --> Systemsteuerung -- > Programme --> Programme deinstallieren --> Javaversionen suchen --> entfernen Windows 7 Dazu gehe auf: den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Javaversionen auswählen --> entfernen Windows 8 Dazu drücke auf: Windowstaste und X dann: Programme und Funktionen -->Javaversionen auswählen --> entfernen Nun zum Schluss noch ein paar Tipps zur Absicherung deines Systems. Aktualität des Systems Es ist extrem wichtig, dass sowohl dein System als auch die darauf installierte sicherheitsrelevante Software (Flash Player, PDF-Reader und besonders Java, sofern vorhanden) aktuell sind.
Antivirensoftware
Zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der Internet Explorer, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Systemleistung Lösche regelmäßig deine temporären Dateien. Ich empfehle hierzu TFC Halte dich fern von jeglichen Registry Cleanern. Diese schaden deinem System mehr als dass sie es schneller machen. Verhaltensregeln zum sichereren Surfen
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann. Falls Du Lob oder Kritik abgeben möchtest, kannst Du das sehr gerne hier tun. Wenn Du etwas für das Forum und unsere Arbeit spenden möchtest, so kannst Du das hier tun. |
08.02.2014, 15:01 | #9 |
| Langsamer PC und (kurzer) Log - für Schädlings-Noob... Was davon muss weg? Hi Sandra, entschuldige, dass ich erst jetzt antworte. Ich bin vorher aufgrund einiger Prüfungen nicht dazu gekommen, deine Anweisungen durchzugehen. Jetzt aber: Defogger: clicked re-enable delfix: ausgeführt IE- und Flash-Updates runtergeladen, Java gelöscht. Automatische Windows-Updates sind aktiviert. Die Firefox-AddOns habe ich dem Link folgend heruntergeladen... Mein Laptop weiß aber nichts anzufangen mit den .xpi - Was mache ich damit? AdBlock habe ich auch schon, aber in einer älteren Version. TFC runtergeladen. Wie oft ist die Durchführung empfohlen? und danke für die weiteren Hinweise und Tipps. [Das Verschwimmen des Textes könnte gut auf Firefox begrenzt sein... Ich nutze keine anderen Browser. Außerhalb des Browsers ist es mir auf jeden Fall noch nicht aufgefallen (eg. nicht in Word oder so). Und es ist auch immer ausschließlich Text, der verschwimmt. Nie Grafiken oder irgendetwas außerhalb des Browser-Anzeigefensters.] |
09.02.2014, 00:09 | #10 | ||
Ruhe in Frieden † 2019 | Langsamer PC und (kurzer) Log - für Schädlings-Noob... Was davon muss weg? Hallo Luitha, vielen Dank für Deine Rückmeldung Zitat:
Zitat:
|
09.02.2014, 14:50 | #11 |
| Langsamer PC und (kurzer) Log - für Schädlings-Noob... Was davon muss weg? Vielen Dank. Ich habe die Anleitung befolgt und werde nun die nächsten Tage mal darauf achten, ob noch Text verschwimmt (Ich habe mich inzwischen so sehr daran gewöhnt, dass es mir gar nicht mehr immer auffällt...^^). Aber bisher sieht es gut aus, glaube ich. Wäre ja großartig, wenn es so bleiben würde. Die AddOns musste ich manuell "Aus Datei installieren". Das hat gut geklappt... Aber NoScript blockiert ja wirklich ALLES. Mein Web.de-Mailpostfach meckert über abwesendes Java und Facebook lässt NoScript auch nicht zu. Ich bin in einem goldenen Käfig.^^ Aber der Laptop ist wieder erheblich schneller; keine Abstürze mehr in den letzten Tagen und MBAM findet auch nichts. VIELEN HERZLICHEN DANK, Sandra. Du bist großartig. |
09.02.2014, 17:21 | #12 | |
Ruhe in Frieden † 2019 | Langsamer PC und (kurzer) Log - für Schädlings-Noob... Was davon muss weg?Zitat:
Und vielen Dank für Dein Lob. |
Themen zu Langsamer PC und (kurzer) Log - für Schädlings-Noob... Was davon muss weg? |
administrator, appdata, autostart, explorer, langsamer pc, log, malwarebytes, pup.lyricsad, pup.optional.chipxonio, pup.optional.crossrider, pup.optional.downloadguide.a, pup.optional.iminent.a, pup.optional.installex, pup.optional.opencandy, pup.optional.solimba, setup |