Internet langsam - nach Ausschließen von Technischen Problem Trojaner Check

DocHN · 05.02.2014, 18:40

Moin.

Seit geraumer Zeit ist mein Internet viiiiel zu langsam. Nachdem ich alle technischen Fehler ausgeschlossen habe, sind nun die Störenfriede auf Software Seite dran..

Hab mal ne Malware Anti-Bytes Log Datei erstellt und nen FRS-Scan ausgeführt :

MAB Log :

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.05.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Doc :: DOC-PC [Administrator]

05.02.2014 18:26:19
MBAM-log-2014-02-05 (18-30-55).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 239482
Laufzeit: 3 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0H1L1J1L1S1R1N -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Doc\AppData\Local\Temp\FreemakeVideoDownloader_3.6.2.2.exe (PUP.Optional.Ellora) -> Keine Aktion durchgeführt.

(Ende)

FRST Log :

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2014
Ran by Doc (administrator) on DOC-PC on 05-02-2014 18:31:45
Running from C:\Users\Doc\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.4124\Battle.net.exe
(Blizzard Entertainment, Inc.) G:\StarCraft II\Versions\Base28667\SC2.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(PS3 Media Server) C:\Program Files (x86)\PS3 Media Server\pms.exe
(Oracle Corporation) C:\Program Files (x86)\PS3 Media Server\jre64\bin\javaw.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [2345848 2009-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [ROCCAT Savu Gaming Mouse] - C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe [872048 2012-09-10] (ROCCAT GmbH)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [NPSStartup] - [X]
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKU\S-1-5-21-1025190005-939518660-419760209-1000\...\Run: [AutoStartNPSAgent] - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1025190005-939518660-419760209-1000\...\Run: [TomTomHOME.exe] - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKCU - {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
BHO-x32: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\es85dg6x.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1206147.dll (Adobe Systems, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\es85dg6x.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-12-27]
FF Extension: Adblock Plus - C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\es85dg6x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-28]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ []
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ []

==================== Services (Whitelisted) =================

R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [303360 2011-12-07] ()

==================== Drivers (Whitelisted) ====================

S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-05 18:31 - 2014-02-05 18:31 - 00007451 _____ () C:\Users\Doc\Downloads\FRST.txt
2014-02-05 18:26 - 2014-02-05 18:31 - 00000000 ____D () C:\FRST
2014-02-05 18:23 - 2014-02-05 18:26 - 02082304 _____ (Farbar) C:\Users\Doc\Downloads\FRST64.exe
2014-02-05 18:18 - 2014-02-05 18:18 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-05 18:18 - 2014-02-05 18:18 - 00000000 ____D () C:\Users\Doc\AppData\Roaming\Malwarebytes
2014-02-05 18:18 - 2014-02-05 18:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-05 18:18 - 2014-02-05 18:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-05 18:18 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-05 18:12 - 2014-02-05 18:18 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Doc\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-30 22:26 - 2014-01-30 22:26 - 00008315 _____ () C:\Users\Doc\Desktop\pktDump.cap
2014-01-30 22:20 - 2014-01-30 22:20 - 00004294 _____ () C:\Users\Doc\Desktop\km.xspf
2014-01-27 17:59 - 2014-01-27 17:59 - 00000000 ____D () C:\Users\Jasmin\AppData\Roaming\vlc
2014-01-22 20:47 - 2014-01-22 20:47 - 06716353 _____ (Mozilla) C:\Users\Jasmin\Downloads\Sunbird_Setup_1.0_Beta_1.exe
2014-01-22 20:47 - 2014-01-22 20:47 - 00000477 _____ () C:\Users\Jasmin\Desktop\Mozilla Sunbird.lnk
2014-01-22 20:47 - 2014-01-22 20:47 - 00000000 ____D () C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Sunbird
2014-01-15 19:36 - 2014-01-15 19:36 - 00000000 ____D () C:\ProgramData\TomTom
2014-01-15 19:35 - 2014-01-15 19:35 - 00000000 ____D () C:\Users\Doc\Documents\TomTom
2014-01-15 19:35 - 2014-01-15 19:35 - 00000000 ____D () C:\Users\Doc\AppData\Roaming\TomTom
2014-01-15 19:35 - 2014-01-15 19:35 - 00000000 ____D () C:\Users\Doc\AppData\Local\TomTom
2014-01-12 19:09 - 2014-01-12 19:09 - 00000000 ____D () C:\Users\Doc\AppData\Roaming\IrfanView
2014-01-12 13:21 - 2014-01-12 13:21 - 00003050 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_IType_exe
2014-01-12 13:21 - 2014-01-12 13:21 - 00002953 _____ () C:\Users\Public\Desktop\Microsoft-Tastatur.lnk
2014-01-12 13:20 - 2014-01-12 13:21 - 00000000 ____D () C:\Program Files\Microsoft IntelliType Pro
2014-01-12 13:20 - 2014-01-12 13:20 - 00000000 ____D () C:\Windows\PCHEALTH
2014-01-08 21:25 - 2014-01-08 21:25 - 00000000 ____D () C:\Users\Doc\Desktop\2007 - Frei sein

==================== One Month Modified Files and Folders =======

2014-02-05 18:31 - 2014-02-05 18:31 - 00007451 _____ () C:\Users\Doc\Downloads\FRST.txt
2014-02-05 18:31 - 2014-02-05 18:26 - 00000000 ____D () C:\FRST
2014-02-05 18:30 - 2013-11-30 00:49 - 00000000 ____D () C:\Users\Doc\AppData\Local\Battle.net
2014-02-05 18:27 - 2013-11-28 15:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-05 18:26 - 2014-02-05 18:23 - 02082304 _____ (Farbar) C:\Users\Doc\Downloads\FRST64.exe
2014-02-05 18:18 - 2014-02-05 18:18 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-05 18:18 - 2014-02-05 18:18 - 00000000 ____D () C:\Users\Doc\AppData\Roaming\Malwarebytes
2014-02-05 18:18 - 2014-02-05 18:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-05 18:18 - 2014-02-05 18:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-05 18:18 - 2014-02-05 18:12 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Doc\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-05 18:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-05 12:50 - 2013-11-28 15:53 - 00000000 ____D () C:\Users\Doc\AppData\Roaming\vlc
2014-02-05 12:49 - 2013-12-02 21:49 - 00000000 ____D () C:\ProgramData\PMS
2014-02-05 11:08 - 2013-12-13 17:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-05 11:08 - 2013-11-28 15:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-05 09:43 - 2009-07-14 05:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-05 09:43 - 2009-07-14 05:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-05 09:42 - 2013-05-22 11:02 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-02-05 09:42 - 2013-05-22 11:02 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-02-05 09:42 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-05 09:38 - 2013-11-27 22:02 - 00427637 _____ () C:\Windows\WindowsUpdate.log
2014-02-05 09:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-05 09:35 - 2009-07-14 05:51 - 00039589 _____ () C:\Windows\setupact.log
2014-02-02 21:31 - 2013-12-13 20:45 - 00000000 ____D () C:\DLS
2014-02-01 00:13 - 2013-11-30 00:52 - 00000000 ____D () C:\World of Warcraft
2014-01-30 22:26 - 2014-01-30 22:26 - 00008315 _____ () C:\Users\Doc\Desktop\pktDump.cap
2014-01-30 22:20 - 2014-01-30 22:20 - 00004294 _____ () C:\Users\Doc\Desktop\km.xspf
2014-01-27 18:07 - 2013-11-28 15:17 - 00000000 ____D () C:\Users\Jasmin
2014-01-27 17:59 - 2014-01-27 17:59 - 00000000 ____D () C:\Users\Jasmin\AppData\Roaming\vlc
2014-01-24 16:50 - 2010-11-21 08:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-01-22 22:22 - 2013-11-27 22:51 - 00000000 ____D () C:\Users\Doc\Documents\StarCraft II
2014-01-22 20:47 - 2014-01-22 20:47 - 06716353 _____ (Mozilla) C:\Users\Jasmin\Downloads\Sunbird_Setup_1.0_Beta_1.exe
2014-01-22 20:47 - 2014-01-22 20:47 - 00000477 _____ () C:\Users\Jasmin\Desktop\Mozilla Sunbird.lnk
2014-01-22 20:47 - 2014-01-22 20:47 - 00000000 ____D () C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Sunbird
2014-01-22 20:47 - 2013-11-28 15:18 - 00000000 ____D () C:\Users\Jasmin\AppData\Roaming\Mozilla
2014-01-22 20:47 - 2013-11-28 15:18 - 00000000 ____D () C:\Users\Jasmin\AppData\Local\Mozilla
2014-01-19 10:43 - 2013-11-30 00:49 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-01-15 19:36 - 2014-01-15 19:36 - 00000000 ____D () C:\ProgramData\TomTom
2014-01-15 19:35 - 2014-01-15 19:35 - 00000000 ____D () C:\Users\Doc\Documents\TomTom
2014-01-15 19:35 - 2014-01-15 19:35 - 00000000 ____D () C:\Users\Doc\AppData\Roaming\TomTom
2014-01-15 19:35 - 2014-01-15 19:35 - 00000000 ____D () C:\Users\Doc\AppData\Local\TomTom
2014-01-14 15:55 - 2013-11-28 15:18 - 00057952 _____ () C:\Users\Jasmin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-13 12:42 - 2013-11-27 22:25 - 00057952 _____ () C:\Users\Doc\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-13 12:37 - 2009-07-14 05:45 - 00276360 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-12 19:09 - 2014-01-12 19:09 - 00000000 ____D () C:\Users\Doc\AppData\Roaming\IrfanView
2014-01-12 13:21 - 2014-01-12 13:21 - 00003050 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_IType_exe
2014-01-12 13:21 - 2014-01-12 13:21 - 00002953 _____ () C:\Users\Public\Desktop\Microsoft-Tastatur.lnk
2014-01-12 13:21 - 2014-01-12 13:20 - 00000000 ____D () C:\Program Files\Microsoft IntelliType Pro
2014-01-12 13:20 - 2014-01-12 13:20 - 00000000 ____D () C:\Windows\PCHEALTH
2014-01-12 13:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-01-08 21:25 - 2014-01-08 21:25 - 00000000 ____D () C:\Users\Doc\Desktop\2007 - Frei sein

Some content of TEMP:
====================
C:\Users\Doc\AppData\Local\Temp\FreemakeVideoDownloader_3.6.2.2.exe
C:\Users\Doc\AppData\Local\Temp\GdiPlus.dll
C:\Users\Doc\AppData\Local\Temp\InstallerMessageBox.exe
C:\Users\Doc\AppData\Local\Temp\jna2728389599941556279.dll
C:\Users\Doc\AppData\Local\Temp\jna9201563176162520846.dll
C:\Users\Doc\AppData\Local\Temp\NPSInstallerProxy.exe
C:\Users\Doc\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-29 14:13

==================== End Of Log ============================

--- --- ---

Addition Log :

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2014
Ran by Doc at 2014-02-05 18:32:12
Running from C:\Users\Doc\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.6.147 - Adobe Systems, Inc.)
AMD Accelerated Video Transcoding (Version: 12.5.100.30429 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80430.0002 - Advanced Micro Devices, Inc.) Hidden
Battle.net (x32 Version:  - Blizzard Entertainment)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0429.2313.39747 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Freemake Video Downloader (x32 Version: 3.6.2 - Ellora Assets Corporation)
IrfanView (remove only) (x32 Version: 4.35 - Irfan Skiljan)
JDownloader 0.9 (x32 Version: 0.9 - AppWork GmbH)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliType Pro 7.1 (Version: 7.10.344.0 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
NETGEAR WNA3100 wireless USB 2.0 adapter (x32 Version: 1.01.206 - NETGEAR)
PS3 Media Server (x32 Version: 1.90.1 - PS3 Media Server)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Samsung New PC Studio (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Savu Mouse (x32 Version: 1.1.9 - ROCCAT GmbH)
StarCraft II (x32 Version:  - Blizzard Entertainment)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TomTom HOME (x32 Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (x32 Version: 1.0.2 - TomTom International B.V.)
TrueCrypt (x32 Version: 7.1a - TrueCrypt Foundation)
VLC media player 2.1.1 (Version: 2.1.1 - VideoLAN)
WinRAR 4.20 (64-Bit) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (x32 Version:  - Blizzard Entertainment)

==================== Restore Points  =========================

05-02-2014 10:27:02 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {C9B19B56-F479-44A3-8438-E3D69E4C4A3F} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2009-11-05] (Microsoft Corporation)
Task: {FAD62847-95F2-4830-A837-540D0601BBCF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-06-18 15:49 - 2013-06-18 15:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-04-29 23:08 - 2013-04-29 23:08 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-11-27 22:10 - 2011-10-25 14:54 - 00372736 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll
2013-11-27 22:10 - 2011-09-13 16:57 - 00282624 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll
2014-01-19 10:42 - 2014-01-19 10:42 - 26118656 _____ () C:\Program Files (x86)\Battle.net\Battle.net.4124\libcef.dll
2014-01-19 10:42 - 2014-01-19 10:42 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.4124\libglesv2.dll
2014-01-19 10:42 - 2014-01-19 10:42 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.4124\libegl.dll
2013-11-28 15:14 - 2013-12-13 17:03 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-05 12:49 - 2014-02-05 12:49 - 00011264 _____ () C:\Users\Doc\AppData\Local\Temp\nswE553.tmp\System.dll
2013-12-10 22:27 - 2013-12-10 22:27 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/05/2014 09:37:37 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 08:06:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 06:53:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 06:48:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 06:37:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 04:11:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 02:49:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/01/2014 11:36:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/01/2014 08:16:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/01/2014 02:29:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/05/2014 11:27:33 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

Error: (02/05/2014 11:22:04 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

Error: (02/05/2014 11:22:03 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (02/05/2014 09:38:45 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

Error: (02/05/2014 00:05:11 AM) (Source: Ntfs) (User: )
Description: Auf dem Volume "O:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (02/04/2014 11:02:43 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

Error: (02/03/2014 00:32:40 AM) (Source: Ntfs) (User: )
Description: Auf dem Volume "O:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (02/02/2014 01:47:42 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

Error: (02/02/2014 11:10:55 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (02/02/2014 10:48:59 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.


Microsoft Office Sessions:
=========================
Error: (02/05/2014 09:37:37 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 08:06:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 06:53:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 06:48:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 06:37:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 04:11:37 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 02:49:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/01/2014 11:36:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/01/2014 08:16:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/01/2014 02:29:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 76%
Total physical RAM: 4095.3 MB
Available physical RAM: 942.27 MB
Total Pagefile: 8188.79 MB
Available Pagefile: 3715.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:78.03 GB) (Free:11.5 GB) NTFS
Drive d: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:20 GB) (Free:3.62 GB) NTFS
Drive f: (Downloads) (Fixed) (Total:367.63 GB) (Free:3.87 GB) NTFS
Drive g: (Spiele) (Fixed) (Total:97.56 GB) (Free:16.76 GB) NTFS
Drive h: (Programme+Downloads 2) (Fixed) (Total:200.43 GB) (Free:2.71 GB) NTFS
Drive m: (Filme+Serien+Musik (extern2)) (Fixed) (Total:931.51 GB) (Free:728.77 GB) NTFS
Drive o: (Zeugs halt (extern1)) (Fixed) (Total:465.76 GB) (Free:9.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 51B84FD5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=78 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=20 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 2F28DD2E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=200 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 466 GB) (Disk ID: B11D244D)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 932 GB) (Disk ID: 7E9271FC)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Gruss und Danke schonmal

schrauber · 05.02.2014, 18:57

Hi,

Funde mit MBAM löschen lassen, dann:

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

DocHN · 05.02.2014, 19:24

Hallo,

danke für die schnelle Rückmeldung.

ADW Log :

Code:

ATTFilter

# AdwCleaner v3.018 - Bericht erstellt am 05/02/2014 um 19:03:42
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Doc - DOC-PC
# Gestartet von : C:\Users\Doc\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKCU\Software\InstallCore

***** [ Browser ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\es85dg6x.default\prefs.js ]


[ Datei : C:\Users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\0ife2wdk.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1128 octets] - [05/02/2014 19:03:06]
AdwCleaner[S0].txt - [996 octets] - [05/02/2014 19:03:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1055 octets] ##########

JRT Log :

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Professional x64
Ran by Doc on 05.02.2014 at 19:15:29,75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Doc\AppData\Roaming\mozilla\firefox\profiles\es85dg6x.default\minidumps [15 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.02.2014 at 19:22:14,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Neuer FRS Log :

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2014
Ran by Doc (administrator) on DOC-PC on 05-02-2014 19:24:18
Running from C:\Users\Doc\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [2345848 2009-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [ROCCAT Savu Gaming Mouse] - C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe [872048 2012-09-10] (ROCCAT GmbH)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [NPSStartup] - [X]
HKU\S-1-5-21-1025190005-939518660-419760209-1000\...\Run: [AutoStartNPSAgent] - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1025190005-939518660-419760209-1000\...\Run: [TomTomHOME.exe] - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
BHO-x32: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\es85dg6x.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1206147.dll (Adobe Systems, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\es85dg6x.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-12-27]
FF Extension: Adblock Plus - C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\es85dg6x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-28]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ []
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ []

==================== Services (Whitelisted) =================

R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [303360 2011-12-07] ()

==================== Drivers (Whitelisted) ====================

S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-05 19:22 - 2014-02-05 19:22 - 00000753 _____ () C:\Users\Doc\Desktop\JRT.txt
2014-02-05 19:09 - 2014-02-05 19:09 - 00000000 ____D () C:\Windows\ERUNT
2014-02-05 19:03 - 2014-02-05 19:03 - 00000000 ____D () C:\AdwCleaner
2014-02-05 19:00 - 2014-02-05 19:01 - 01166132 _____ () C:\Users\Doc\Downloads\adwcleaner.exe
2014-02-05 19:00 - 2014-02-05 19:01 - 01037530 _____ (Thisisu) C:\Users\Doc\Downloads\JRT.exe
2014-02-05 18:58 - 2014-02-05 18:58 - 00014665 _____ () C:\Users\Doc\Desktop\xycvxcv.log
2014-02-05 18:46 - 2014-02-05 18:46 - 00380416 _____ () C:\Users\Doc\Downloads\Gmer-19357.exe
2014-02-05 18:32 - 2014-02-05 18:33 - 00017335 _____ () C:\Users\Doc\Downloads\Addition.txt
2014-02-05 18:31 - 2014-02-05 19:24 - 00006727 _____ () C:\Users\Doc\Downloads\FRST.txt
2014-02-05 18:26 - 2014-02-05 19:24 - 00000000 ____D () C:\FRST
2014-02-05 18:23 - 2014-02-05 18:26 - 02082304 _____ (Farbar) C:\Users\Doc\Downloads\FRST64.exe
2014-02-05 18:18 - 2014-02-05 18:18 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-05 18:18 - 2014-02-05 18:18 - 00000000 ____D () C:\Users\Doc\AppData\Roaming\Malwarebytes
2014-02-05 18:18 - 2014-02-05 18:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-05 18:18 - 2014-02-05 18:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-05 18:18 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-05 18:12 - 2014-02-05 18:18 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Doc\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-05 11:08 - 2014-02-05 11:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-01-30 22:26 - 2014-01-30 22:26 - 00008315 _____ () C:\Users\Doc\Desktop\pktDump.cap
2014-01-30 22:20 - 2014-01-30 22:20 - 00004294 _____ () C:\Users\Doc\Desktop\km.xspf
2014-01-27 17:59 - 2014-01-27 17:59 - 00000000 ____D () C:\Users\Jasmin\AppData\Roaming\vlc
2014-01-22 20:47 - 2014-01-22 20:47 - 06716353 _____ (Mozilla) C:\Users\Jasmin\Downloads\Sunbird_Setup_1.0_Beta_1.exe
2014-01-22 20:47 - 2014-01-22 20:47 - 00000477 _____ () C:\Users\Jasmin\Desktop\Mozilla Sunbird.lnk
2014-01-22 20:47 - 2014-01-22 20:47 - 00000000 ____D () C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Sunbird
2014-01-15 19:36 - 2014-01-15 19:36 - 00000000 ____D () C:\ProgramData\TomTom
2014-01-15 19:35 - 2014-01-15 19:35 - 00000000 ____D () C:\Users\Doc\Documents\TomTom
2014-01-15 19:35 - 2014-01-15 19:35 - 00000000 ____D () C:\Users\Doc\AppData\Roaming\TomTom
2014-01-15 19:35 - 2014-01-15 19:35 - 00000000 ____D () C:\Users\Doc\AppData\Local\TomTom
2014-01-12 19:09 - 2014-01-12 19:09 - 00000000 ____D () C:\Users\Doc\AppData\Roaming\IrfanView
2014-01-12 13:21 - 2014-01-12 13:21 - 00003050 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_IType_exe
2014-01-12 13:21 - 2014-01-12 13:21 - 00002953 _____ () C:\Users\Public\Desktop\Microsoft-Tastatur.lnk
2014-01-12 13:20 - 2014-01-12 13:21 - 00000000 ____D () C:\Program Files\Microsoft IntelliType Pro
2014-01-12 13:20 - 2014-01-12 13:20 - 00000000 ____D () C:\Windows\PCHEALTH

==================== One Month Modified Files and Folders =======

2014-02-05 19:24 - 2014-02-05 18:31 - 00006727 _____ () C:\Users\Doc\Downloads\FRST.txt
2014-02-05 19:24 - 2014-02-05 18:26 - 00000000 ____D () C:\FRST
2014-02-05 19:22 - 2014-02-05 19:22 - 00000753 _____ () C:\Users\Doc\Desktop\JRT.txt
2014-02-05 19:22 - 2013-11-28 15:53 - 00000000 ____D () C:\Users\Doc\AppData\Roaming\vlc
2014-02-05 19:12 - 2013-05-22 11:02 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-02-05 19:12 - 2013-05-22 11:02 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-02-05 19:12 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-05 19:12 - 2009-07-14 05:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-05 19:12 - 2009-07-14 05:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-05 19:09 - 2014-02-05 19:09 - 00000000 ____D () C:\Windows\ERUNT
2014-02-05 19:08 - 2013-12-13 17:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-05 19:05 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-05 19:05 - 2009-07-14 05:51 - 00039645 _____ () C:\Windows\setupact.log
2014-02-05 19:03 - 2014-02-05 19:03 - 00000000 ____D () C:\AdwCleaner
2014-02-05 19:03 - 2013-11-27 22:02 - 00431110 _____ () C:\Windows\WindowsUpdate.log
2014-02-05 19:01 - 2014-02-05 19:00 - 01166132 _____ () C:\Users\Doc\Downloads\adwcleaner.exe
2014-02-05 19:01 - 2014-02-05 19:00 - 01037530 _____ (Thisisu) C:\Users\Doc\Downloads\JRT.exe
2014-02-05 19:00 - 2013-11-30 00:49 - 00000000 ____D () C:\Users\Doc\AppData\Local\Battle.net
2014-02-05 18:58 - 2014-02-05 18:58 - 00014665 _____ () C:\Users\Doc\Desktop\xycvxcv.log
2014-02-05 18:46 - 2014-02-05 18:46 - 00380416 _____ () C:\Users\Doc\Downloads\Gmer-19357.exe
2014-02-05 18:33 - 2014-02-05 18:32 - 00017335 _____ () C:\Users\Doc\Downloads\Addition.txt
2014-02-05 18:27 - 2013-11-28 15:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-05 18:26 - 2014-02-05 18:23 - 02082304 _____ (Farbar) C:\Users\Doc\Downloads\FRST64.exe
2014-02-05 18:18 - 2014-02-05 18:18 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-05 18:18 - 2014-02-05 18:18 - 00000000 ____D () C:\Users\Doc\AppData\Roaming\Malwarebytes
2014-02-05 18:18 - 2014-02-05 18:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-05 18:18 - 2014-02-05 18:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-05 18:18 - 2014-02-05 18:12 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Doc\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-05 18:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-05 12:49 - 2013-12-02 21:49 - 00000000 ____D () C:\ProgramData\PMS
2014-02-05 11:08 - 2014-02-05 11:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-02 21:31 - 2013-12-13 20:45 - 00000000 ____D () C:\DLS
2014-02-01 00:13 - 2013-11-30 00:52 - 00000000 ____D () C:\World of Warcraft2014-01-30 22:26 - 2014-01-30 22:26 - 00008315 _____ () C:\Users\Doc\Desktop\pktDump.cap
2014-01-30 22:20 - 2014-01-30 22:20 - 00004294 _____ () C:\Users\Doc\Desktop\km.xspf
2014-01-27 18:07 - 2013-11-28 15:17 - 00000000 ____D () C:\Users\Jasmin
2014-01-27 17:59 - 2014-01-27 17:59 - 00000000 ____D () C:\Users\Jasmin\AppData\Roaming\vlc
2014-01-24 16:50 - 2010-11-21 08:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-01-22 22:22 - 2013-11-27 22:51 - 00000000 ____D () C:\Users\Doc\Documents\StarCraft II
2014-01-22 20:47 - 2014-01-22 20:47 - 06716353 _____ (Mozilla) C:\Users\Jasmin\Downloads\Sunbird_Setup_1.0_Beta_1.exe
2014-01-22 20:47 - 2014-01-22 20:47 - 00000477 _____ () C:\Users\Jasmin\Desktop\Mozilla Sunbird.lnk
2014-01-22 20:47 - 2014-01-22 20:47 - 00000000 ____D () C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Sunbird
2014-01-22 20:47 - 2013-11-28 15:18 - 00000000 ____D () C:\Users\Jasmin\AppData\Roaming\Mozilla
2014-01-22 20:47 - 2013-11-28 15:18 - 00000000 ____D () C:\Users\Jasmin\AppData\Local\Mozilla
2014-01-19 10:43 - 2013-11-30 00:49 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-01-15 19:36 - 2014-01-15 19:36 - 00000000 ____D () C:\ProgramData\TomTom
2014-01-15 19:35 - 2014-01-15 19:35 - 00000000 ____D () C:\Users\Doc\Documents\TomTom
2014-01-15 19:35 - 2014-01-15 19:35 - 00000000 ____D () C:\Users\Doc\AppData\Roaming\TomTom
2014-01-15 19:35 - 2014-01-15 19:35 - 00000000 ____D () C:\Users\Doc\AppData\Local\TomTom
2014-01-14 15:55 - 2013-11-28 15:18 - 00057952 _____ () C:\Users\Jasmin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-13 12:42 - 2013-11-27 22:25 - 00057952 _____ () C:\Users\Doc\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-13 12:37 - 2009-07-14 05:45 - 00276360 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-12 19:09 - 2014-01-12 19:09 - 00000000 ____D () C:\Users\Doc\AppData\Roaming\IrfanView
2014-01-12 13:21 - 2014-01-12 13:21 - 00003050 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_IType_exe
2014-01-12 13:21 - 2014-01-12 13:21 - 00002953 _____ () C:\Users\Public\Desktop\Microsoft-Tastatur.lnk
2014-01-12 13:21 - 2014-01-12 13:20 - 00000000 ____D () C:\Program Files\Microsoft IntelliType Pro
2014-01-12 13:20 - 2014-01-12 13:20 - 00000000 ____D () C:\Windows\PCHEALTH
2014-01-12 13:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared

Some content of TEMP:
====================
C:\Users\Doc\AppData\Local\Temp\FreemakeVideoDownloader_3.6.2.2.exe
C:\Users\Doc\AppData\Local\Temp\GdiPlus.dll
C:\Users\Doc\AppData\Local\Temp\InstallerMessageBox.exe
C:\Users\Doc\AppData\Local\Temp\jna9201563176162520846.dll
C:\Users\Doc\AppData\Local\Temp\NPSInstallerProxy.exe
C:\Users\Doc\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll
C:\Users\Doc\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-29 14:13

==================== End Of Log ============================

--- --- ---

--- --- ---

Gruss

schrauber · 06.02.2014, 14:26

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Internet langsam - nach Ausschließen von Technischen Problem Trojaner Check

Plagegeister aller Art und deren Bekämpfung: Internet langsam - nach Ausschließen von Technischen Problem Trojaner Check