| |
| |||||||
Log-Analyse und Auswertung: Windows 7 wird nach längerer Laufzeit extrem langsam beim Öffnen von WebsitesWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
06.02.2014, 23:45
| #1 |
 |  Windows 7 wird nach längerer Laufzeit extrem langsam beim Öffnen von Websites Hallo liebes Trojaner-Board, mein Rechner wird mit zunehmender Laufzeit extrem langsam und blockiert dann auch manchmal komplett. Anfangs nach dem einschalten geht es noch, wird dann mit der Zeit immer langsamer. Dies merke ich vor allem beim öffnen von Webseiten aber auch beim öfnen von normalen Fenstern (z.b. explorer) in Windows. Ich scanne regelmäßig mit Malwarebytes and Avast - kann jedoch im Moment keine Fehler finden. Bin über jegliche Hilfe und Anmerkungen Dankbar! Chris Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:37 on 06/02/2014 (chris)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-02-2014
Ran by chris (administrator) on BLACK-BOX on 06-02-2014 20:44:18
Running from C:\Users\chris\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Acer Incoporated) C:\Program Files (x86)\Acer\Acer VCM\VC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\Magnify.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [ODDPwr] - C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe [222240 2010-02-05] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10081312 2010-02-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [877600 2010-02-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2010-01-13] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-03-17] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [MDS_Menu] - C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-03-17] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [685048 2012-08-03] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-07] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-13] (Microsoft Corporation)
HKU\S-1-5-21-3309182887-1688452900-3303579845-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27360513k306l0453z135t55n1j111
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27360513k306l0453z135t55n1j111
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\c8bjml6p.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\c8bjml6p.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27]
FF Extension: NoScript - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\c8bjml6p.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-05-12]
FF Extension: Adblock Plus - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\c8bjml6p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-12]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-12]
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (Docs) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-12]
CHR Extension: (Google Drive) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-12]
CHR Extension: (YouTube) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-12]
CHR Extension: (Google-Suche) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-12]
CHR Extension: (Google Mail) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-12]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-07] (AVAST Software)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [820768 2010-03-17] (Acer Incorporated)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
R2 ODDPwrSvc; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [171040 2010-02-05] (Acer Incorporated)
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] ()
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
==================== Drivers (Whitelisted) ====================
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-07] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-07] ()
S3 NvnUsbAudio; C:\Windows\System32\DRIVERS\nvnusbaudio.sys [50232 2011-02-16] (Novation DMS Ltd.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-06 20:44 - 2014-02-06 20:44 - 00016926 _____ () C:\Users\chris\Downloads\FRST.txt
2014-02-06 20:44 - 2014-02-06 20:44 - 00000000 ____D () C:\FRST
2014-02-06 20:43 - 2014-02-06 20:43 - 02079744 _____ (Farbar) C:\Users\chris\Downloads\FRST64.exe
2014-02-06 20:38 - 2014-02-06 20:38 - 00000472 _____ () C:\Users\chris\Desktop\defogger_disable.log
2014-02-06 20:37 - 2014-02-06 20:37 - 00000472 _____ () C:\Users\chris\Downloads\defogger_disable.log
2014-02-06 20:37 - 2014-02-06 20:37 - 00000000 _____ () C:\Users\chris\defogger_reenable
2014-02-06 20:33 - 2014-02-06 20:33 - 00050477 _____ () C:\Users\chris\Desktop\Defogger.exe
2014-02-03 11:21 - 2014-02-03 11:21 - 00204496 _____ (Malwarebytes) C:\Users\chris\Downloads\startuplite-setup-1.07.exe
2014-02-03 11:21 - 2014-02-03 11:21 - 00003150 _____ () C:\Windows\System32\Tasks\{8920A2C2-5AFC-4690-9AF2-EF6BFDCE8C9C}
2014-01-26 20:11 - 2014-01-26 20:11 - 00000000 ____D () C:\Users\chris\Documents\Togeo_Studios-Simple_Synths
2014-01-26 20:08 - 2014-01-26 20:11 - 98454416 _____ () C:\Users\chris\Downloads\Togeo_Studios-Simple_Synths.zip
2014-01-26 19:40 - 2014-01-26 19:40 - 00000000 ____D () C:\Users\chris\Documents\Tom Cosm - Swagger - Ableton Pack
2014-01-17 21:17 - 2014-01-17 21:28 - 79069909 _____ () C:\Users\chris\Downloads\Tom Cosm - Swagger - Ableton Pack.zip
2014-01-16 15:04 - 2014-01-16 15:04 - 18126032 _____ (Adobe Systems Inc.) C:\Users\chris\Downloads\AdobeAIRInstaller.exe
2014-01-16 08:12 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 08:12 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 08:12 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 08:12 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 08:12 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 08:12 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 08:12 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 08:12 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 08:12 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-15 20:34 - 2014-01-19 12:33 - 00008284 _____ () C:\Users\chris\ESt2013_******.elfo
2014-01-15 20:34 - 2014-01-19 12:32 - 00000000 ____D () C:\Users\chris\AppData\Local\.elfohilfe
2014-01-15 18:38 - 2014-01-15 18:38 - 00000000 ____D () C:\Program Files\Common Files\Propellerhead Software
2014-01-15 18:36 - 2014-01-15 18:36 - 00000915 _____ () C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 9 Standard.lnk
2014-01-15 18:26 - 2014-01-15 18:32 - 722616436 _____ () C:\Users\chris\Downloads\ableton_live_standard_9.1_64.zip
2014-01-12 19:32 - 2014-01-18 00:36 - 00000000 ___RD () C:\Users\chris\Desktop\CHRIS Project
2014-01-12 13:32 - 2014-01-15 19:56 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-01-12 13:32 - 2014-01-12 13:32 - 00001237 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2014-01-12 13:32 - 2014-01-12 13:32 - 00000000 ____D () C:\Users\chris\AppData\Roaming\elsterformular
2014-01-12 13:32 - 2014-01-12 13:32 - 00000000 ____D () C:\ProgramData\elsterformular
2014-01-12 13:30 - 2014-01-12 13:31 - 69755760 _____ (Landesfinanzdirektion Thüringen) C:\Users\chris\Downloads\ElsterFormular-14.4.20130909p.exe
2014-01-07 19:07 - 2014-01-07 19:15 - 960843776 _____ () C:\Users\chris\Downloads\tails-i386-0.22.iso
2014-01-07 19:02 - 2014-01-07 19:02 - 01094939 _____ (pendrivelinux.com) C:\Users\chris\Downloads\Universal-USB-Installer-1.9.5.1.exe
2014-01-07 19:00 - 2014-01-07 19:00 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
==================== One Month Modified Files and Folders =======
2014-02-06 20:44 - 2014-02-06 20:44 - 00016926 _____ () C:\Users\chris\Downloads\FRST.txt
2014-02-06 20:44 - 2014-02-06 20:44 - 00000000 ____D () C:\FRST
2014-02-06 20:43 - 2014-02-06 20:43 - 02079744 _____ (Farbar) C:\Users\chris\Downloads\FRST64.exe
2014-02-06 20:38 - 2014-02-06 20:38 - 00000472 _____ () C:\Users\chris\Desktop\defogger_disable.log
2014-02-06 20:37 - 2014-02-06 20:37 - 00000472 _____ () C:\Users\chris\Downloads\defogger_disable.log
2014-02-06 20:37 - 2014-02-06 20:37 - 00000000 _____ () C:\Users\chris\defogger_reenable
2014-02-06 20:37 - 2013-05-12 13:00 - 00000000 ____D () C:\Users\chris
2014-02-06 20:33 - 2014-02-06 20:33 - 00050477 _____ () C:\Users\chris\Desktop\Defogger.exe
2014-02-06 20:32 - 2013-05-14 07:52 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Skype
2014-02-06 20:06 - 2013-05-12 15:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-06 19:47 - 2013-05-12 13:00 - 01790202 _____ () C:\Windows\WindowsUpdate.log
2014-02-06 09:26 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-06 09:26 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-06 09:23 - 2013-05-12 22:48 - 00654400 _____ () C:\Windows\system32\perfh007.dat
2014-02-06 09:23 - 2013-05-12 22:48 - 00130240 _____ () C:\Windows\system32\perfc007.dat
2014-02-06 09:23 - 2009-07-14 06:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-06 09:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-06 09:19 - 2009-07-14 05:51 - 00088793 _____ () C:\Windows\setupact.log
2014-02-05 23:01 - 2013-05-12 15:09 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-05 09:06 - 2013-05-12 15:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 09:06 - 2013-05-12 15:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 09:06 - 2013-05-12 15:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-04 09:28 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-02-03 11:53 - 2013-05-29 11:54 - 00000000 ___RD () C:\Users\chris\Dropbox
2014-02-03 11:53 - 2013-05-29 11:52 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Dropbox
2014-02-03 11:21 - 2014-02-03 11:21 - 00204496 _____ (Malwarebytes) C:\Users\chris\Downloads\startuplite-setup-1.07.exe
2014-02-03 11:21 - 2014-02-03 11:21 - 00003150 _____ () C:\Windows\System32\Tasks\{8920A2C2-5AFC-4690-9AF2-EF6BFDCE8C9C}
2014-02-03 11:17 - 2013-05-14 09:13 - 00000000 ____D () C:\Users\chris\Desktop\applications
2014-01-26 20:58 - 2014-01-05 14:11 - 00000000 ____D () C:\ProgramData\Ableton
2014-01-26 20:11 - 2014-01-26 20:11 - 00000000 ____D () C:\Users\chris\Documents\Togeo_Studios-Simple_Synths
2014-01-26 20:11 - 2014-01-26 20:08 - 98454416 _____ () C:\Users\chris\Downloads\Togeo_Studios-Simple_Synths.zip
2014-01-26 19:40 - 2014-01-26 19:40 - 00000000 ____D () C:\Users\chris\Documents\Tom Cosm - Swagger - Ableton Pack
2014-01-26 19:40 - 2014-01-05 14:09 - 00000000 ____D () C:\Users\chris\AppData\Local\WinZip
2014-01-26 16:59 - 2013-05-12 15:54 - 00000000 ____D () C:\Users\chris\AppData\Local\Adobe
2014-01-19 12:33 - 2014-01-15 20:34 - 00008284 _____ () C:\Users\chris\ESt2013_******.elfo
2014-01-19 12:32 - 2014-01-15 20:34 - 00000000 ____D () C:\Users\chris\AppData\Local\.elfohilfe
2014-01-18 00:36 - 2014-01-12 19:32 - 00000000 ___RD () C:\Users\chris\Desktop\CHRIS Project
2014-01-17 21:28 - 2014-01-17 21:17 - 79069909 _____ () C:\Users\chris\Downloads\Tom Cosm - Swagger - Ableton Pack.zip
2014-01-17 11:20 - 2013-05-29 11:53 - 00000482 _____ () C:\Windows\wininit.ini
2014-01-17 11:19 - 2013-05-29 11:54 - 00001022 _____ () C:\Users\chris\Desktop\Dropbox.lnk
2014-01-17 11:19 - 2013-05-29 11:53 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-16 15:04 - 2014-01-16 15:04 - 18126032 _____ (Adobe Systems Inc.) C:\Users\chris\Downloads\AdobeAIRInstaller.exe
2014-01-16 10:21 - 2009-07-14 05:45 - 00426520 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-16 08:20 - 2013-07-15 22:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 08:19 - 2013-05-12 16:26 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 19:58 - 2013-05-12 12:51 - 00155112 _____ () C:\Windows\PFRO.log
2014-01-15 19:56 - 2014-01-12 13:32 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-01-15 18:38 - 2014-01-15 18:38 - 00000000 ____D () C:\Program Files\Common Files\Propellerhead Software
2014-01-15 18:36 - 2014-01-15 18:36 - 00000915 _____ () C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 9 Standard.lnk
2014-01-15 18:32 - 2014-01-15 18:26 - 722616436 _____ () C:\Users\chris\Downloads\ableton_live_standard_9.1_64.zip
2014-01-13 15:03 - 2014-01-05 14:13 - 00000000 ____D () C:\Users\chris\Documents\Ableton
2014-01-12 13:32 - 2014-01-12 13:32 - 00001237 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2014-01-12 13:32 - 2014-01-12 13:32 - 00000000 ____D () C:\Users\chris\AppData\Roaming\elsterformular
2014-01-12 13:32 - 2014-01-12 13:32 - 00000000 ____D () C:\ProgramData\elsterformular
2014-01-12 13:31 - 2014-01-12 13:30 - 69755760 _____ (Landesfinanzdirektion Thüringen) C:\Users\chris\Downloads\ElsterFormular-14.4.20130909p.exe
2014-01-07 19:15 - 2014-01-07 19:07 - 960843776 _____ () C:\Users\chris\Downloads\tails-i386-0.22.iso
2014-01-07 19:02 - 2014-01-07 19:02 - 01094939 _____ (pendrivelinux.com) C:\Users\chris\Downloads\Universal-USB-Installer-1.9.5.1.exe
2014-01-07 19:00 - 2014-01-07 19:00 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-07 19:00 - 2013-05-12 15:09 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-07 19:00 - 2013-05-12 15:09 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-07 19:00 - 2013-05-12 15:09 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-07 19:00 - 2013-05-12 15:09 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-01-07 19:00 - 2013-05-12 15:09 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-07 19:00 - 2013-05-12 15:09 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-07 19:00 - 2013-05-12 15:09 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
Some content of TEMP:
====================
C:\Users\chris\AppData\Local\Temp\Ableton Swapper.exe
C:\Users\chris\AppData\Local\Temp\COMAP.EXE
C:\Users\chris\AppData\Local\Temp\GoogleUpdateSetup_1.3.21.169.exe
C:\Users\chris\AppData\Local\Temp\SkypeSetup.exe
C:\Users\chris\AppData\Local\Temp\_is7BA1.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-30 14:03
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-02-2014
Ran by chris at 2014-02-06 20:44:44
Running from C:\Users\chris\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
Ableton Live 9 Standard (Version: 9.0.0.0 - Ableton)
Acer Arcade Deluxe (x32 Version: 4.0.7511 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 4.0.7511 - CyberLink Corp.) Hidden
Acer Arcade Movie (x32 Version: 9.0.6317 - CyberLink Corp.) Hidden
Acer Backup Manager (x32 Version: 2.0.0.60 - NewTech Infosystems)
Acer Crystal Eye Webcam (x32 Version: 5.2.11.2 - Suyin Optronics Corp)
Acer eRecovery Management (x32 Version: 4.05.3011 - Acer Incorporated)
Acer PowerSmart Manager (x32 Version: 5.02.3002 - Acer Incorporated)
Acer Registration (x32 Version: 1.03.3002 - Acer Incorporated)
Acer ScreenSaver (x32 Version: 1.1.0222.2010 - Acer Incorporated)
Acer Updater (x32 Version: 1.02.3001 - Acer Incorporated)
Acer VCM (x32 Version: 4.05.3002 - Acer Incorporated)
Acrobat.com (x32 Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (x32 Version: 1.2.17.05001 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.17.05001 - Alcor Micro Corp.) Hidden
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.23 - Atheros Communications Inc.)
ATI Catalyst Install Manager (Version: 3.0.765.0 - ATI Technologies, Inc.)
avast! Free Antivirus (x32 Version: 9.0.2011 - Avast Software)
Backup Manager Basic (x32 Version: 2.0.0.60 - NewTech Infosystems) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0303.420.7651 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0303.420.7651 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0303.420.7651 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0303.420.7651 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0303.420.7651 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0303.420.7651 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0303.420.7651 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0303.0419.7651 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0303.0419.7651 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0303.0419.7651 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0303.0419.7651 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0303.0419.7651 - ATI) Hidden
CCC Help English (x32 Version: 2010.0303.0419.7651 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0303.0419.7651 - ATI) Hidden
CCC Help French (x32 Version: 2010.0303.0419.7651 - ATI) Hidden
CCC Help German (x32 Version: 2010.0303.0419.7651 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0303.0419.7651 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0303.0419.7651 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0303.0419.7651 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0303.0419.7651 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0303.0419.7651 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0303.0419.7651 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0303.0419.7651 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0303.0419.7651 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0303.0419.7651 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0303.0419.7651 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0303.0419.7651 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0303.0419.7651 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0303.0419.7651 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0303.420.7651 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0303.420.7651 - ATI) Hidden
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.00495 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.00495 - Cisco Systems, Inc.) Hidden
dBpoweramp Music Converter (x32 Version: Release 14.4 - Illustrate)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
Druckerdeinstallation für EPSON Stylus S20 Series (Version: - SEIKO EPSON Corporation)
ElsterFormular (x32 Version: 15.0.13315 - Landesfinanzdirektion Thüringen)
Haali Media Splitter (x32 Version: - )
Identity Card (x32 Version: 1.00.3003 - Acer Incorporated)
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 9.5.6.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.00.01.1002 - Intel Corporation)
ITCH for Novation TWITCH (x32 Version: 1.8.2 - Serato Audio Research)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Launch Manager (x32 Version: 4.0.7 - Acer Inc.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
MediaShow Espresso (x32 Version: 5.5.1403_23691 - CyberLink Corp.) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (x32 Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
MixMeister BPM Analyzer 1.0 (x32 Version: - MixMeister Technology LLC)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (x32 Version: 3.1.206.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden
Novation USB Audio Driver 2.1 (Version: 2.1 - Novation DMS Ltd.)
NTI Backup Now 5 (x32 Version: 5.1.2.628 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.628 - NewTech Infosystems) Hidden
NTI Media Maker 8 (x32 Version: 8.0.12.6630 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6630 - NewTech Infosystems) Hidden
Optical Drive Power Management (x32 Version: 1.01.3006 - Acer Incorporated)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6050 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Shredder (Version: 2.0.5.0 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.5.0 - Egis Technology Inc.) Hidden
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (Version: 14.0.6.0 - Synaptics Incorporated)
Unity Web Player (HKCU Version: - Unity Technologies ApS)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
Welcome Center (x32 Version: 1.01.3002 - Acer Incorporated)
WIDCOMM Bluetooth Software (Version: 6.3.0.4300 - Broadcom Corporation)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029 - Microsoft Corporation)
WinZip 18.0 (Version: 18.0.10661 - WinZip Computing, S.L. )
==================== Restore Points =========================
21-01-2014 09:03:48 Windows Update
24-01-2014 16:46:07 Windows Update
28-01-2014 08:08:35 Windows Update
31-01-2014 09:37:37 Windows Update
04-02-2014 08:32:39 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {379F0879-5EAC-43AF-A108-E01E42F31E86} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-07] (AVAST Software)
Task: {5418912F-BA7F-401D-9F90-42E484195A17} - System32\Tasks\{AF6C7C59-F000-4DA8-9370-341F9B0FB380} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.107/de/go/help.faq.installer?source=lightinstaller&LastError=1618
Task: {6E7F5A3B-48F3-4BF8-9636-8C59D004389D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {8BC0E775-D157-4556-954A-ACF2DA4CEA19} - System32\Tasks\{9DBA2934-98EE-4162-85D5-16ECED83BE1A} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.107/de/go/help.faq.installer?source=lightinstaller&LastError=1618
Task: {B347F6C3-D00B-4347-A948-B0FCEE8BE4B6} - System32\Tasks\{4AC7A996-9031-4F31-BE4C-4A37655BA2FF} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.107/de/go/help.faq.installer?source=lightinstaller&LastError=1618
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-26 10:46 - 2010-03-26 10:46 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-01-07 13:42 - 2010-01-07 13:42 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-05-12 12:53 - 2013-05-12 12:53 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-08-03 20:53 - 2012-08-03 20:53 - 00062968 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-02-05 23:01 - 2014-02-05 10:22 - 02168320 _____ () C:\Program Files\AVAST Software\Avast\defs\14020500\algo.dll
2014-02-06 19:45 - 2014-02-06 13:08 - 02168320 _____ () C:\Program Files\AVAST Software\Avast\defs\14020600\algo.dll
2010-03-09 01:18 - 2010-03-09 01:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-03-09 01:13 - 2010-03-09 01:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-04-15 12:03 - 2009-12-24 01:32 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-04-15 12:47 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2013-12-03 19:12 - 2013-12-03 19:12 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-03 19:07 - 2014-01-03 19:07 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: High Definition Audio-Controller
Description: High Definition Audio-Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/31/2014 00:01:53 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Skype.exe, Version: 6.11.0.102, Zeitstempel: 0x5284fb74
Name des fehlerhaften Moduls: Skype.exe, Version: 6.11.0.102, Zeitstempel: 0x5284fb74
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00212421
ID des fehlerhaften Prozesses: 0x448
Startzeit der fehlerhaften Anwendung: 0xSkype.exe0
Pfad der fehlerhaften Anwendung: Skype.exe1
Pfad des fehlerhaften Moduls: Skype.exe2
Berichtskennung: Skype.exe3
Error: (01/30/2014 02:04:38 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (01/27/2014 06:57:07 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (01/26/2014 09:43:57 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 26.0.0.5087 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1754
Startzeit: 01cf1ac693bd44e8
Endzeit: 51
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: 90d85404-86ca-11e3-894b-c80aa974bc5d
Error: (01/18/2014 10:56:17 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (01/15/2014 04:53:12 PM) (Source: Application Hang) (User: )
Description: Programm mbam.exe, Version 1.75.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1aa8
Startzeit: 01cf12091d417985
Endzeit: 60000
Anwendungspfad: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Berichts-ID: edf6c716-7dfc-11e3-9294-c80aa974bc5d
Error: (01/15/2014 11:37:55 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (01/13/2014 06:15:51 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.16428, Zeitstempel: 0x525b664c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00038e19
ID des fehlerhaften Prozesses: 0x1be8
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (01/13/2014 01:10:28 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (01/11/2014 11:58:10 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_9_900_170.exe, Version: 11.9.900.170, Zeitstempel: 0x529b79bf
Name des fehlerhaften Moduls: FlashPlayerPlugin_11_9_900_170.exe, Version: 11.9.900.170, Zeitstempel: 0x529b79bf
Ausnahmecode: 0x40000015
Fehleroffset: 0x00017b60
ID des fehlerhaften Prozesses: 0x11e0
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_11_9_900_170.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_11_9_900_170.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_11_9_900_170.exe2
Berichtskennung: FlashPlayerPlugin_11_9_900_170.exe3
System errors:
=============
Error: (01/31/2014 00:34:09 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (01/30/2014 11:07:22 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "UYAB",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7E686523-FD6D-44F8-B738-040B9E9BDF09}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (01/30/2014 10:43:21 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "UYAB",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7E686523-FD6D-44F8-B738-040B9E9BDF09}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (01/30/2014 10:31:22 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "UYAB",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7E686523-FD6D-44F8-B738-040B9E9BDF09}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (01/24/2014 03:51:11 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (01/16/2014 01:21:30 PM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.10
registriert werden. Der Computer mit IP-Adresse 192.168.0.11 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (01/16/2014 10:20:40 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (User: NT-AUTORITÄT)
Description: Das SAM-Modul konnte den TCP/IP- bzw. SPX/IPX-Listening-Thread nicht starten.
Error: (01/15/2014 05:19:57 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 15.01.2014 um 17:16:52 unerwartet heruntergefahren.
Error: (01/07/2014 08:18:27 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (01/04/2014 09:11:14 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0x8000002a63\??\C:\Users\chris\AppData\Local\Microsoft\Windows\UsrClass.dat
Microsoft Office Sessions:
=========================
Error: (01/31/2014 00:01:53 AM) (Source: Application Error)(User: )
Description: Skype.exe6.11.0.1025284fb74Skype.exe6.11.0.1025284fb74c00000050021242144801cf1debc7766189C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Skype\Phone\Skype.exe819e6340-8a02-11e3-ba08-c80aa974bc5d
Error: (01/30/2014 02:04:38 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8
Error: (01/27/2014 06:57:07 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8
Error: (01/26/2014 09:43:57 PM) (Source: Application Hang)(User: )
Description: firefox.exe26.0.0.5087175401cf1ac693bd44e851C:\Program Files (x86)\Mozilla Firefox\firefox.exe90d85404-86ca-11e3-894b-c80aa974bc5d
Error: (01/18/2014 10:56:17 AM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8
Error: (01/15/2014 04:53:12 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.75.0.11aa801cf12091d41798560000C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeedf6c716-7dfc-11e3-9294-c80aa974bc5d
Error: (01/15/2014 11:37:55 AM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8
Error: (01/13/2014 06:15:51 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.16428525b664cntdll.dll6.1.7601.18247521ea8e7c000000500038e191be801cf1082879ad825C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll59de4679-7c76-11e3-ae3c-c80aa974bc5d
Error: (01/13/2014 01:10:28 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8
Error: (01/11/2014 11:58:10 PM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_11_9_900_170.exe11.9.900.170529b79bfFlashPlayerPlugin_11_9_900_170.exe11.9.900.170529b79bf4000001500017b6011e001cf0f12307423a4C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exed74c3c34-7b13-11e3-8904-c80aa974bc5d
CodeIntegrity Errors:
===================================
Date: 2014-02-06 11:26:07.602
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-05 08:57:51.083
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-01 14:32:02.844
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-30 21:25:13.966
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-30 15:27:44.313
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-29 20:35:27.861
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-29 20:26:25.446
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-29 20:25:26.158
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-26 19:37:41.993
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-26 18:25:35.368
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 50%
Total physical RAM: 3766.68 MB
Available physical RAM: 1880.52 MB
Total Pagefile: 7531.55 MB
Available Pagefile: 5393.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:135.95 GB) (Free:50.82 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 851CF10E)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=136 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-06 21:24:44
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 INTEL_SS rev.2CV1 149,05GB
Running: Gmer-19357.exe; Driver: C:\Users\chris\AppData\Local\Temp\pwtdrpog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 532 fffff80002fb0004 5 bytes JMP fffff80002fe0e10
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 675 fffff80002fb0093 36 bytes [8B, 7C, 24, 43, 48, D3, CF, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[608] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Windows\system32\services.exe[708] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[840] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[932] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Windows\system32\atiesrxx.exe[996] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[312] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[404] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[552] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[616] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1124] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62]
.text C:\Windows\system32\atieclxx.exe[1160] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1196] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Windows\system32\Dwm.exe[1640] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Windows\Explorer.EXE[1684] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[1792] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1860] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2000] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2024] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1076] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62]
.text C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe[652] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[2056] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2088] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2116] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2184] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a01465 2 bytes [A0, 76]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a014bb 2 bytes [A0, 76]
.text ... * 2
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2200] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2232] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62]
.text C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe[2244] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2280] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62]
.text C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe[2332] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2356] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe[2396] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2448] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe[2464] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62]
.text C:\Windows\system32\igfxsrvc.exe[2588] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[2680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Windows\PLFSetI.exe[2760] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62]
.text C:\Windows\PLFSetI.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a01465 2 bytes [A0, 76]
.text C:\Windows\PLFSetI.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a014bb 2 bytes [A0, 76]
.text ... * 2
.text C:\Windows\PLFSetI.exe[2760] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000738011a8 2 bytes [80, 73]
.text C:\Windows\PLFSetI.exe[2760] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000738013a8 2 bytes [80, 73]
.text C:\Windows\PLFSetI.exe[2760] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000073801422 2 bytes [80, 73]
.text C:\Windows\PLFSetI.exe[2760] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000073801498 2 bytes [80, 73]
.text C:\Windows\PLFSetI.exe[2760] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 0000000074301b41 2 bytes [30, 74]
.text C:\Windows\PLFSetI.exe[2760] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 0000000074301be8 2 bytes [30, 74]
.text C:\Windows\PLFSetI.exe[2760] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 0000000074301c20 2 bytes [30, 74]
.text C:\Windows\PLFSetI.exe[2760] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 0000000074301cd2 2 bytes [30, 74]
.text C:\Windows\PLFSetI.exe[2760] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 0000000074301cf2 2 bytes [30, 74]
.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2792] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2888] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2968] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a01465 2 bytes [A0, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a014bb 2 bytes [A0, 76]
.text ... * 2
.text C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe[2932] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62]
.text C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe[2932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a01465 2 bytes [A0, 76]
.text C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe[2932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a014bb 2 bytes [A0, 76]
.text ... * 2
.text C:\Windows\system32\wbem\unsecapp.exe[3112] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3304] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3656] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3744] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62]
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3880] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[3896] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62]
.text C:\Windows\SysWOW64\RunDll32.exe[3912] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62]
.text C:\Windows\SysWOW64\RunDll32.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a01465 2 bytes [A0, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a014bb 2 bytes [A0, 76]
.text ... * 2
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3920] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a01465 2 bytes [A0, 76]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a014bb 2 bytes [A0, 76]
.text ... * 2
.text C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe[3180] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[1140] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[3836] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62]
.text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4148] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62]
.text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a01465 2 bytes [A0, 76]
.text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a014bb 2 bytes [A0, 76]
.text ... * 2
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4212] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[4964] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[5552] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe[5592] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[184] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62]
.text C:\Program Files (x86)\Acer\Acer VCM\Vc.exe[6392] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62]
.text C:\Program Files (x86)\Acer\Acer VCM\Vc.exe[6392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a01465 2 bytes [A0, 76]
.text C:\Program Files (x86)\Acer\Acer VCM\Vc.exe[6392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a014bb 2 bytes [A0, 76]
.text ... * 2
.text C:\Program Files (x86)\Acer\Acer VCM\Vc.exe[3128] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Windows\system32\notepad.exe[6176] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Windows\system32\notepad.exe[7920] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
.text C:\Users\chris\Downloads\Gmer-19357.exe[6216] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62]
.text C:\Windows\System32\Magnify.exe[6760] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62]
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2104:3944] 000007fefaed2a7c
---- Processes - GMER 2.1 ----
Library C:\Users\chris\Downloads\FRST64.exe (*** suspicious ***) @ C:\Users\chris\Downloads\FRST64.exe [3128] 000000013f340000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbaeb6ff
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbaeb6ff (not active ControlSet)
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.02.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 chris :: BLACK-BOX [Administrator] 06.02.2014 21:57:50 mbam-log-2014-02-06 (21-57-50).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 353667 Laufzeit: 35 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Danke! |
| Themen zu Windows 7 wird nach längerer Laufzeit extrem langsam beim Öffnen von Websites |
| 4d36e972-e325-11ce-bfc1-08002be10318, antivirus, blockiert, branding, browser, converter, desktop, device driver, error, excel, fehler, firefox, flash player, home, iexplore.exe, langsam, launch, mozilla, ntdll.dll, realtek, registry, rundll, scan, security, services.exe, software, svchost.exe, system, taskhost.exe, vista, windows, windows 7 |
Baum-Darstellung