![]() |
|
Log-Analyse und Auswertung: Windows 7 wird nach längerer Laufzeit extrem langsam beim Öffnen von WebsitesWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Windows 7 wird nach längerer Laufzeit extrem langsam beim Öffnen von Websites Hallo liebes Trojaner-Board, mein Rechner wird mit zunehmender Laufzeit extrem langsam und blockiert dann auch manchmal komplett. Anfangs nach dem einschalten geht es noch, wird dann mit der Zeit immer langsamer. Dies merke ich vor allem beim öffnen von Webseiten aber auch beim öfnen von normalen Fenstern (z.b. explorer) in Windows. Ich scanne regelmäßig mit Malwarebytes and Avast - kann jedoch im Moment keine Fehler finden. Bin über jegliche Hilfe und Anmerkungen Dankbar! Chris Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 20:37 on 06/02/2014 (chris) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-02-2014 Ran by chris (administrator) on BLACK-BOX on 06-02-2014 20:44:18 Running from C:\Users\chris\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Windows\PLFSetI.exe (Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Acer Incoporated) C:\Program Files (x86)\Acer\Acer VCM\VC.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\Magnify.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.) HKLM\...\Run: [ODDPwr] - C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe [222240 2010-02-05] (Acer Incorporated) HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10081312 2010-02-22] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [877600 2010-02-22] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated) HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2010-01-13] () HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-03-17] (Acer Incorporated) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation) HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.) HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-25] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-25] (Egis Technology Inc.) HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-03] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [MDS_Menu] - C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-03-17] (CyberLink Corp.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [685048 2012-08-03] (Cisco Systems, Inc.) HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-07] (AVAST Software) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-13] (Microsoft Corporation) HKU\S-1-5-21-3309182887-1688452900-3303579845-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27360513k306l0453z135t55n1j111 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27360513k306l0453z135t55n1j111 SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\c8bjml6p.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: WOT - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\c8bjml6p.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27] FF Extension: NoScript - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\c8bjml6p.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-05-12] FF Extension: Adblock Plus - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\c8bjml6p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-12] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-12] Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "hxxp://www.google.com" CHR Extension: (Docs) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-12] CHR Extension: (Google Drive) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-12] CHR Extension: (YouTube) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-12] CHR Extension: (Google-Suche) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-12] CHR Extension: (Google Mail) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-12] ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-07] (AVAST Software) R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [820768 2010-03-17] (Acer Incorporated) S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.) R2 ODDPwrSvc; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [171040 2010-02-05] (Acer Incorporated) R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] () R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated) ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-07] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-03] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-03] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-07] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-07] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-07] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-07] () S3 NvnUsbAudio; C:\Windows\System32\DRIVERS\nvnusbaudio.sys [50232 2011-02-16] (Novation DMS Ltd.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-06 20:44 - 2014-02-06 20:44 - 00016926 _____ () C:\Users\chris\Downloads\FRST.txt 2014-02-06 20:44 - 2014-02-06 20:44 - 00000000 ____D () C:\FRST 2014-02-06 20:43 - 2014-02-06 20:43 - 02079744 _____ (Farbar) C:\Users\chris\Downloads\FRST64.exe 2014-02-06 20:38 - 2014-02-06 20:38 - 00000472 _____ () C:\Users\chris\Desktop\defogger_disable.log 2014-02-06 20:37 - 2014-02-06 20:37 - 00000472 _____ () C:\Users\chris\Downloads\defogger_disable.log 2014-02-06 20:37 - 2014-02-06 20:37 - 00000000 _____ () C:\Users\chris\defogger_reenable 2014-02-06 20:33 - 2014-02-06 20:33 - 00050477 _____ () C:\Users\chris\Desktop\Defogger.exe 2014-02-03 11:21 - 2014-02-03 11:21 - 00204496 _____ (Malwarebytes) C:\Users\chris\Downloads\startuplite-setup-1.07.exe 2014-02-03 11:21 - 2014-02-03 11:21 - 00003150 _____ () C:\Windows\System32\Tasks\{8920A2C2-5AFC-4690-9AF2-EF6BFDCE8C9C} 2014-01-26 20:11 - 2014-01-26 20:11 - 00000000 ____D () C:\Users\chris\Documents\Togeo_Studios-Simple_Synths 2014-01-26 20:08 - 2014-01-26 20:11 - 98454416 _____ () C:\Users\chris\Downloads\Togeo_Studios-Simple_Synths.zip 2014-01-26 19:40 - 2014-01-26 19:40 - 00000000 ____D () C:\Users\chris\Documents\Tom Cosm - Swagger - Ableton Pack 2014-01-17 21:17 - 2014-01-17 21:28 - 79069909 _____ () C:\Users\chris\Downloads\Tom Cosm - Swagger - Ableton Pack.zip 2014-01-16 15:04 - 2014-01-16 15:04 - 18126032 _____ (Adobe Systems Inc.) C:\Users\chris\Downloads\AdobeAIRInstaller.exe 2014-01-16 08:12 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-16 08:12 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-16 08:12 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-16 08:12 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-16 08:12 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-16 08:12 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-16 08:12 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-16 08:12 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-16 08:12 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-15 20:34 - 2014-01-19 12:33 - 00008284 _____ () C:\Users\chris\ESt2013_******.elfo 2014-01-15 20:34 - 2014-01-19 12:32 - 00000000 ____D () C:\Users\chris\AppData\Local\.elfohilfe 2014-01-15 18:38 - 2014-01-15 18:38 - 00000000 ____D () C:\Program Files\Common Files\Propellerhead Software 2014-01-15 18:36 - 2014-01-15 18:36 - 00000915 _____ () C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 9 Standard.lnk 2014-01-15 18:26 - 2014-01-15 18:32 - 722616436 _____ () C:\Users\chris\Downloads\ableton_live_standard_9.1_64.zip 2014-01-12 19:32 - 2014-01-18 00:36 - 00000000 ___RD () C:\Users\chris\Desktop\CHRIS Project 2014-01-12 13:32 - 2014-01-15 19:56 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular 2014-01-12 13:32 - 2014-01-12 13:32 - 00001237 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2014-01-12 13:32 - 2014-01-12 13:32 - 00000000 ____D () C:\Users\chris\AppData\Roaming\elsterformular 2014-01-12 13:32 - 2014-01-12 13:32 - 00000000 ____D () C:\ProgramData\elsterformular 2014-01-12 13:30 - 2014-01-12 13:31 - 69755760 _____ (Landesfinanzdirektion Thüringen) C:\Users\chris\Downloads\ElsterFormular-14.4.20130909p.exe 2014-01-07 19:07 - 2014-01-07 19:15 - 960843776 _____ () C:\Users\chris\Downloads\tails-i386-0.22.iso 2014-01-07 19:02 - 2014-01-07 19:02 - 01094939 _____ (pendrivelinux.com) C:\Users\chris\Downloads\Universal-USB-Installer-1.9.5.1.exe 2014-01-07 19:00 - 2014-01-07 19:00 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys ==================== One Month Modified Files and Folders ======= 2014-02-06 20:44 - 2014-02-06 20:44 - 00016926 _____ () C:\Users\chris\Downloads\FRST.txt 2014-02-06 20:44 - 2014-02-06 20:44 - 00000000 ____D () C:\FRST 2014-02-06 20:43 - 2014-02-06 20:43 - 02079744 _____ (Farbar) C:\Users\chris\Downloads\FRST64.exe 2014-02-06 20:38 - 2014-02-06 20:38 - 00000472 _____ () C:\Users\chris\Desktop\defogger_disable.log 2014-02-06 20:37 - 2014-02-06 20:37 - 00000472 _____ () C:\Users\chris\Downloads\defogger_disable.log 2014-02-06 20:37 - 2014-02-06 20:37 - 00000000 _____ () C:\Users\chris\defogger_reenable 2014-02-06 20:37 - 2013-05-12 13:00 - 00000000 ____D () C:\Users\chris 2014-02-06 20:33 - 2014-02-06 20:33 - 00050477 _____ () C:\Users\chris\Desktop\Defogger.exe 2014-02-06 20:32 - 2013-05-14 07:52 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Skype 2014-02-06 20:06 - 2013-05-12 15:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-06 19:47 - 2013-05-12 13:00 - 01790202 _____ () C:\Windows\WindowsUpdate.log 2014-02-06 09:26 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-06 09:26 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-06 09:23 - 2013-05-12 22:48 - 00654400 _____ () C:\Windows\system32\perfh007.dat 2014-02-06 09:23 - 2013-05-12 22:48 - 00130240 _____ () C:\Windows\system32\perfc007.dat 2014-02-06 09:23 - 2009-07-14 06:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-06 09:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-06 09:19 - 2009-07-14 05:51 - 00088793 _____ () C:\Windows\setupact.log 2014-02-05 23:01 - 2013-05-12 15:09 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-02-05 09:06 - 2013-05-12 15:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-05 09:06 - 2013-05-12 15:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-05 09:06 - 2013-05-12 15:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-02-04 09:28 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-02-03 11:53 - 2013-05-29 11:54 - 00000000 ___RD () C:\Users\chris\Dropbox 2014-02-03 11:53 - 2013-05-29 11:52 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Dropbox 2014-02-03 11:21 - 2014-02-03 11:21 - 00204496 _____ (Malwarebytes) C:\Users\chris\Downloads\startuplite-setup-1.07.exe 2014-02-03 11:21 - 2014-02-03 11:21 - 00003150 _____ () C:\Windows\System32\Tasks\{8920A2C2-5AFC-4690-9AF2-EF6BFDCE8C9C} 2014-02-03 11:17 - 2013-05-14 09:13 - 00000000 ____D () C:\Users\chris\Desktop\applications 2014-01-26 20:58 - 2014-01-05 14:11 - 00000000 ____D () C:\ProgramData\Ableton 2014-01-26 20:11 - 2014-01-26 20:11 - 00000000 ____D () C:\Users\chris\Documents\Togeo_Studios-Simple_Synths 2014-01-26 20:11 - 2014-01-26 20:08 - 98454416 _____ () C:\Users\chris\Downloads\Togeo_Studios-Simple_Synths.zip 2014-01-26 19:40 - 2014-01-26 19:40 - 00000000 ____D () C:\Users\chris\Documents\Tom Cosm - Swagger - Ableton Pack 2014-01-26 19:40 - 2014-01-05 14:09 - 00000000 ____D () C:\Users\chris\AppData\Local\WinZip 2014-01-26 16:59 - 2013-05-12 15:54 - 00000000 ____D () C:\Users\chris\AppData\Local\Adobe 2014-01-19 12:33 - 2014-01-15 20:34 - 00008284 _____ () C:\Users\chris\ESt2013_******.elfo 2014-01-19 12:32 - 2014-01-15 20:34 - 00000000 ____D () C:\Users\chris\AppData\Local\.elfohilfe 2014-01-18 00:36 - 2014-01-12 19:32 - 00000000 ___RD () C:\Users\chris\Desktop\CHRIS Project 2014-01-17 21:28 - 2014-01-17 21:17 - 79069909 _____ () C:\Users\chris\Downloads\Tom Cosm - Swagger - Ableton Pack.zip 2014-01-17 11:20 - 2013-05-29 11:53 - 00000482 _____ () C:\Windows\wininit.ini 2014-01-17 11:19 - 2013-05-29 11:54 - 00001022 _____ () C:\Users\chris\Desktop\Dropbox.lnk 2014-01-17 11:19 - 2013-05-29 11:53 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-16 15:04 - 2014-01-16 15:04 - 18126032 _____ (Adobe Systems Inc.) C:\Users\chris\Downloads\AdobeAIRInstaller.exe 2014-01-16 10:21 - 2009-07-14 05:45 - 00426520 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-01-16 08:20 - 2013-07-15 22:17 - 00000000 ____D () C:\Windows\system32\MRT 2014-01-16 08:19 - 2013-05-12 16:26 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-15 19:58 - 2013-05-12 12:51 - 00155112 _____ () C:\Windows\PFRO.log 2014-01-15 19:56 - 2014-01-12 13:32 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular 2014-01-15 18:38 - 2014-01-15 18:38 - 00000000 ____D () C:\Program Files\Common Files\Propellerhead Software 2014-01-15 18:36 - 2014-01-15 18:36 - 00000915 _____ () C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 9 Standard.lnk 2014-01-15 18:32 - 2014-01-15 18:26 - 722616436 _____ () C:\Users\chris\Downloads\ableton_live_standard_9.1_64.zip 2014-01-13 15:03 - 2014-01-05 14:13 - 00000000 ____D () C:\Users\chris\Documents\Ableton 2014-01-12 13:32 - 2014-01-12 13:32 - 00001237 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2014-01-12 13:32 - 2014-01-12 13:32 - 00000000 ____D () C:\Users\chris\AppData\Roaming\elsterformular 2014-01-12 13:32 - 2014-01-12 13:32 - 00000000 ____D () C:\ProgramData\elsterformular 2014-01-12 13:31 - 2014-01-12 13:30 - 69755760 _____ (Landesfinanzdirektion Thüringen) C:\Users\chris\Downloads\ElsterFormular-14.4.20130909p.exe 2014-01-07 19:15 - 2014-01-07 19:07 - 960843776 _____ () C:\Users\chris\Downloads\tails-i386-0.22.iso 2014-01-07 19:02 - 2014-01-07 19:02 - 01094939 _____ (pendrivelinux.com) C:\Users\chris\Downloads\Universal-USB-Installer-1.9.5.1.exe 2014-01-07 19:00 - 2014-01-07 19:00 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-01-07 19:00 - 2013-05-12 15:09 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-01-07 19:00 - 2013-05-12 15:09 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-01-07 19:00 - 2013-05-12 15:09 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-01-07 19:00 - 2013-05-12 15:09 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-01-07 19:00 - 2013-05-12 15:09 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-01-07 19:00 - 2013-05-12 15:09 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-01-07 19:00 - 2013-05-12 15:09 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk Some content of TEMP: ==================== C:\Users\chris\AppData\Local\Temp\Ableton Swapper.exe C:\Users\chris\AppData\Local\Temp\COMAP.EXE C:\Users\chris\AppData\Local\Temp\GoogleUpdateSetup_1.3.21.169.exe C:\Users\chris\AppData\Local\Temp\SkypeSetup.exe C:\Users\chris\AppData\Local\Temp\_is7BA1.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-30 14:03 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-02-2014 Ran by chris at 2014-02-06 20:44:44 Running from C:\Users\chris\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== Ableton Live 9 Standard (Version: 9.0.0.0 - Ableton) Acer Arcade Deluxe (x32 Version: 4.0.7511 - CyberLink Corp.) Acer Arcade Deluxe (x32 Version: 4.0.7511 - CyberLink Corp.) Hidden Acer Arcade Movie (x32 Version: 9.0.6317 - CyberLink Corp.) Hidden Acer Backup Manager (x32 Version: 2.0.0.60 - NewTech Infosystems) Acer Crystal Eye Webcam (x32 Version: 5.2.11.2 - Suyin Optronics Corp) Acer eRecovery Management (x32 Version: 4.05.3011 - Acer Incorporated) Acer PowerSmart Manager (x32 Version: 5.02.3002 - Acer Incorporated) Acer Registration (x32 Version: 1.03.3002 - Acer Incorporated) Acer ScreenSaver (x32 Version: 1.1.0222.2010 - Acer Incorporated) Acer Updater (x32 Version: 1.02.3001 - Acer Incorporated) Acer VCM (x32 Version: 4.05.3002 - Acer Incorporated) Acrobat.com (x32 Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated) Alcor Micro USB Card Reader (x32 Version: 1.2.17.05001 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.2.17.05001 - Alcor Micro Corp.) Hidden Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.23 - Atheros Communications Inc.) ATI Catalyst Install Manager (Version: 3.0.765.0 - ATI Technologies, Inc.) avast! Free Antivirus (x32 Version: 9.0.2011 - Avast Software) Backup Manager Basic (x32 Version: 2.0.0.60 - NewTech Infosystems) Hidden Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Core Implementation (x32 Version: 2010.0303.420.7651 - ATI) Hidden Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0303.420.7651 - ATI) Hidden Catalyst Control Center Graphics Full New (x32 Version: 2010.0303.420.7651 - ATI) Hidden Catalyst Control Center Graphics Light (x32 Version: 2010.0303.420.7651 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0303.420.7651 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2010.0303.420.7651 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2010.0303.420.7651 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2010.0303.0419.7651 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2010.0303.0419.7651 - ATI) Hidden CCC Help Czech (x32 Version: 2010.0303.0419.7651 - ATI) Hidden CCC Help Danish (x32 Version: 2010.0303.0419.7651 - ATI) Hidden CCC Help Dutch (x32 Version: 2010.0303.0419.7651 - ATI) Hidden CCC Help English (x32 Version: 2010.0303.0419.7651 - ATI) Hidden CCC Help Finnish (x32 Version: 2010.0303.0419.7651 - ATI) Hidden CCC Help French (x32 Version: 2010.0303.0419.7651 - ATI) Hidden CCC Help German (x32 Version: 2010.0303.0419.7651 - ATI) Hidden CCC Help Greek (x32 Version: 2010.0303.0419.7651 - ATI) Hidden CCC Help Hungarian (x32 Version: 2010.0303.0419.7651 - ATI) Hidden CCC Help Italian (x32 Version: 2010.0303.0419.7651 - ATI) Hidden CCC Help Japanese (x32 Version: 2010.0303.0419.7651 - ATI) Hidden CCC Help Korean (x32 Version: 2010.0303.0419.7651 - ATI) Hidden CCC Help Norwegian (x32 Version: 2010.0303.0419.7651 - ATI) Hidden CCC Help Polish (x32 Version: 2010.0303.0419.7651 - ATI) Hidden CCC Help Portuguese (x32 Version: 2010.0303.0419.7651 - ATI) Hidden CCC Help Russian (x32 Version: 2010.0303.0419.7651 - ATI) Hidden CCC Help Spanish (x32 Version: 2010.0303.0419.7651 - ATI) Hidden CCC Help Swedish (x32 Version: 2010.0303.0419.7651 - ATI) Hidden CCC Help Thai (x32 Version: 2010.0303.0419.7651 - ATI) Hidden CCC Help Turkish (x32 Version: 2010.0303.0419.7651 - ATI) Hidden ccc-core-static (x32 Version: 2010.0303.420.7651 - Ihr Firmenname) Hidden ccc-utility64 (Version: 2010.0303.420.7651 - ATI) Hidden Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.00495 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.00495 - Cisco Systems, Inc.) Hidden dBpoweramp Music Converter (x32 Version: Release 14.4 - Illustrate) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft) Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.) Druckerdeinstallation für EPSON Stylus S20 Series (Version: - SEIKO EPSON Corporation) ElsterFormular (x32 Version: 15.0.13315 - Landesfinanzdirektion Thüringen) Haali Media Splitter (x32 Version: - ) Identity Card (x32 Version: 1.00.3003 - Acer Incorporated) Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (x32 Version: 9.5.6.1001 - Intel Corporation) Intel(R) Turbo Boost Technology Driver (x32 Version: 01.00.01.1002 - Intel Corporation) ITCH for Novation TWITCH (x32 Version: 1.8.2 - Serato Audio Research) Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden Launch Manager (x32 Version: 4.0.7 - Acer Inc.) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation) MediaShow Espresso (x32 Version: 5.5.1403_23691 - CyberLink Corp.) Hidden Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Suite Activation Assistant (x32 Version: 2.9 - Microsoft Corporation) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation) MixMeister BPM Analyzer 1.0 (x32 Version: - MixMeister Technology LLC) Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla) Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla) MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation) MyWinLocker (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden MyWinLocker Suite (x32 Version: 3.1.206.0 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden Novation USB Audio Driver 2.1 (Version: 2.1 - Novation DMS Ltd.) NTI Backup Now 5 (x32 Version: 5.1.2.628 - NewTech Infosystems) NTI Backup Now Standard (x32 Version: 5.1.2.628 - NewTech Infosystems) Hidden NTI Media Maker 8 (x32 Version: 8.0.12.6630 - NewTech Infosystems) NTI Media Maker 8 (x32 Version: 8.0.12.6630 - NewTech Infosystems) Hidden Optical Drive Power Management (x32 Version: 1.01.3006 - Acer Incorporated) PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Realtek High Definition Audio Driver (x32 Version: 6.0.1.6050 - Realtek Semiconductor Corp.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden Shredder (Version: 2.0.5.0 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.5.0 - Egis Technology Inc.) Hidden Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.) Synaptics Pointing Device Driver (Version: 14.0.6.0 - Synaptics Incorporated) Unity Web Player (HKCU Version: - Unity Technologies ApS) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft) Welcome Center (x32 Version: 1.01.3002 - Acer Incorporated) WIDCOMM Bluetooth Software (Version: 6.3.0.4300 - Broadcom Corporation) Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5 - Microsoft Corporation) Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden Windows Live Essentials (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation) Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live-Uploadtool (x32 Version: 14.0.8014.1029 - Microsoft Corporation) WinZip 18.0 (Version: 18.0.10661 - WinZip Computing, S.L. ) ==================== Restore Points ========================= 21-01-2014 09:03:48 Windows Update 24-01-2014 16:46:07 Windows Update 28-01-2014 08:08:35 Windows Update 31-01-2014 09:37:37 Windows Update 04-02-2014 08:32:39 Windows Update ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {379F0879-5EAC-43AF-A108-E01E42F31E86} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-07] (AVAST Software) Task: {5418912F-BA7F-401D-9F90-42E484195A17} - System32\Tasks\{AF6C7C59-F000-4DA8-9370-341F9B0FB380} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.107/de/go/help.faq.installer?source=lightinstaller&LastError=1618 Task: {6E7F5A3B-48F3-4BF8-9636-8C59D004389D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated) Task: {8BC0E775-D157-4556-954A-ACF2DA4CEA19} - System32\Tasks\{9DBA2934-98EE-4162-85D5-16ECED83BE1A} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.107/de/go/help.faq.installer?source=lightinstaller&LastError=1618 Task: {B347F6C3-D00B-4347-A948-B0FCEE8BE4B6} - System32\Tasks\{4AC7A996-9031-4F31-BE4C-4A37655BA2FF} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.107/de/go/help.faq.installer?source=lightinstaller&LastError=1618 Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-03-26 10:46 - 2010-03-26 10:46 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll 2010-01-07 13:42 - 2010-01-07 13:42 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2013-05-12 12:53 - 2013-05-12 12:53 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2012-08-03 20:53 - 2012-08-03 20:53 - 00062968 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2014-02-05 23:01 - 2014-02-05 10:22 - 02168320 _____ () C:\Program Files\AVAST Software\Avast\defs\14020500\algo.dll 2014-02-06 19:45 - 2014-02-06 13:08 - 02168320 _____ () C:\Program Files\AVAST Software\Avast\defs\14020600\algo.dll 2010-03-09 01:18 - 2010-03-09 01:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll 2010-03-09 01:13 - 2010-03-09 01:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll 2010-04-15 12:03 - 2009-12-24 01:32 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-04-15 12:47 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll 2013-12-03 19:12 - 2013-12-03 19:12 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-01-03 19:07 - 2014-01-03 19:07 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: High Definition Audio-Controller Description: High Definition Audio-Controller Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: HDAudBus Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (01/31/2014 00:01:53 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: Skype.exe, Version: 6.11.0.102, Zeitstempel: 0x5284fb74 Name des fehlerhaften Moduls: Skype.exe, Version: 6.11.0.102, Zeitstempel: 0x5284fb74 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00212421 ID des fehlerhaften Prozesses: 0x448 Startzeit der fehlerhaften Anwendung: 0xSkype.exe0 Pfad der fehlerhaften Anwendung: Skype.exe1 Pfad des fehlerhaften Moduls: Skype.exe2 Berichtskennung: Skype.exe3 Error: (01/30/2014 02:04:38 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (01/27/2014 06:57:07 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (01/26/2014 09:43:57 PM) (Source: Application Hang) (User: ) Description: Programm firefox.exe, Version 26.0.0.5087 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1754 Startzeit: 01cf1ac693bd44e8 Endzeit: 51 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 90d85404-86ca-11e3-894b-c80aa974bc5d Error: (01/18/2014 10:56:17 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (01/15/2014 04:53:12 PM) (Source: Application Hang) (User: ) Description: Programm mbam.exe, Version 1.75.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1aa8 Startzeit: 01cf12091d417985 Endzeit: 60000 Anwendungspfad: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Berichts-ID: edf6c716-7dfc-11e3-9294-c80aa974bc5d Error: (01/15/2014 11:37:55 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (01/13/2014 06:15:51 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.16428, Zeitstempel: 0x525b664c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00038e19 ID des fehlerhaften Prozesses: 0x1be8 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Error: (01/13/2014 01:10:28 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (01/11/2014 11:58:10 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_9_900_170.exe, Version: 11.9.900.170, Zeitstempel: 0x529b79bf Name des fehlerhaften Moduls: FlashPlayerPlugin_11_9_900_170.exe, Version: 11.9.900.170, Zeitstempel: 0x529b79bf Ausnahmecode: 0x40000015 Fehleroffset: 0x00017b60 ID des fehlerhaften Prozesses: 0x11e0 Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_11_9_900_170.exe0 Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_11_9_900_170.exe1 Pfad des fehlerhaften Moduls: FlashPlayerPlugin_11_9_900_170.exe2 Berichtskennung: FlashPlayerPlugin_11_9_900_170.exe3 System errors: ============= Error: (01/31/2014 00:34:09 AM) (Source: DCOM) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (01/30/2014 11:07:22 PM) (Source: bowser) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "UYAB", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7E686523-FD6D-44F8-B738-040B9E9BDF09}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (01/30/2014 10:43:21 PM) (Source: bowser) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "UYAB", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7E686523-FD6D-44F8-B738-040B9E9BDF09}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (01/30/2014 10:31:22 PM) (Source: bowser) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "UYAB", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7E686523-FD6D-44F8-B738-040B9E9BDF09}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (01/24/2014 03:51:11 PM) (Source: DCOM) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (01/16/2014 01:21:30 PM) (Source: NetBT) (User: ) Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.10 registriert werden. Der Computer mit IP-Adresse 192.168.0.11 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (01/16/2014 10:20:40 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (User: NT-AUTORITÄT) Description: Das SAM-Modul konnte den TCP/IP- bzw. SPX/IPX-Listening-Thread nicht starten. Error: (01/15/2014 05:19:57 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 15.01.2014 um 17:16:52 unerwartet heruntergefahren. Error: (01/07/2014 08:18:27 PM) (Source: DCOM) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (01/04/2014 09:11:14 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) Description: 0x8000002a63\??\C:\Users\chris\AppData\Local\Microsoft\Windows\UsrClass.dat Microsoft Office Sessions: ========================= Error: (01/31/2014 00:01:53 AM) (Source: Application Error)(User: ) Description: Skype.exe6.11.0.1025284fb74Skype.exe6.11.0.1025284fb74c00000050021242144801cf1debc7766189C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Skype\Phone\Skype.exe819e6340-8a02-11e3-ba08-c80aa974bc5d Error: (01/30/2014 02:04:38 PM) (Source: SideBySide)(User: ) Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8 Error: (01/27/2014 06:57:07 PM) (Source: SideBySide)(User: ) Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8 Error: (01/26/2014 09:43:57 PM) (Source: Application Hang)(User: ) Description: firefox.exe26.0.0.5087175401cf1ac693bd44e851C:\Program Files (x86)\Mozilla Firefox\firefox.exe90d85404-86ca-11e3-894b-c80aa974bc5d Error: (01/18/2014 10:56:17 AM) (Source: SideBySide)(User: ) Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8 Error: (01/15/2014 04:53:12 PM) (Source: Application Hang)(User: ) Description: mbam.exe1.75.0.11aa801cf12091d41798560000C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeedf6c716-7dfc-11e3-9294-c80aa974bc5d Error: (01/15/2014 11:37:55 AM) (Source: SideBySide)(User: ) Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8 Error: (01/13/2014 06:15:51 PM) (Source: Application Error)(User: ) Description: IEXPLORE.EXE11.0.9600.16428525b664cntdll.dll6.1.7601.18247521ea8e7c000000500038e191be801cf1082879ad825C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll59de4679-7c76-11e3-ae3c-c80aa974bc5d Error: (01/13/2014 01:10:28 PM) (Source: SideBySide)(User: ) Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8 Error: (01/11/2014 11:58:10 PM) (Source: Application Error)(User: ) Description: FlashPlayerPlugin_11_9_900_170.exe11.9.900.170529b79bfFlashPlayerPlugin_11_9_900_170.exe11.9.900.170529b79bf4000001500017b6011e001cf0f12307423a4C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exed74c3c34-7b13-11e3-8904-c80aa974bc5d CodeIntegrity Errors: =================================== Date: 2014-02-06 11:26:07.602 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-02-05 08:57:51.083 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-02-01 14:32:02.844 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-30 21:25:13.966 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-30 15:27:44.313 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-29 20:35:27.861 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-29 20:26:25.446 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-29 20:25:26.158 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-26 19:37:41.993 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-26 18:25:35.368 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 50% Total physical RAM: 3766.68 MB Available physical RAM: 1880.52 MB Total Pagefile: 7531.55 MB Available Pagefile: 5393.61 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:135.95 GB) (Free:50.82 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 851CF10E) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=136 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-02-06 21:24:44 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 INTEL_SS rev.2CV1 149,05GB Running: Gmer-19357.exe; Driver: C:\Users\chris\AppData\Local\Temp\pwtdrpog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 532 fffff80002fb0004 5 bytes JMP fffff80002fe0e10 INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 675 fffff80002fb0093 36 bytes [8B, 7C, 24, 43, 48, D3, CF, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[608] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Windows\system32\winlogon.exe[680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Windows\system32\services.exe[708] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[840] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[932] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Windows\system32\atiesrxx.exe[996] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[312] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[404] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[552] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[616] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1124] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62] .text C:\Windows\system32\atieclxx.exe[1160] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1196] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Windows\system32\Dwm.exe[1640] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Windows\Explorer.EXE[1684] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1780] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Windows\system32\taskhost.exe[1792] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1860] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2000] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2024] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1076] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62] .text C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe[652] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[2056] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2088] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2116] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62] .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2184] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62] .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a01465 2 bytes [A0, 76] .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a014bb 2 bytes [A0, 76] .text ... * 2 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2200] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2232] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62] .text C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe[2244] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2280] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62] .text C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe[2332] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2356] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe[2396] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2448] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe[2464] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62] .text C:\Windows\system32\igfxsrvc.exe[2588] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[2680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Windows\PLFSetI.exe[2760] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62] .text C:\Windows\PLFSetI.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a01465 2 bytes [A0, 76] .text C:\Windows\PLFSetI.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a014bb 2 bytes [A0, 76] .text ... * 2 .text C:\Windows\PLFSetI.exe[2760] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000738011a8 2 bytes [80, 73] .text C:\Windows\PLFSetI.exe[2760] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000738013a8 2 bytes [80, 73] .text C:\Windows\PLFSetI.exe[2760] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000073801422 2 bytes [80, 73] .text C:\Windows\PLFSetI.exe[2760] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000073801498 2 bytes [80, 73] .text C:\Windows\PLFSetI.exe[2760] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 0000000074301b41 2 bytes [30, 74] .text C:\Windows\PLFSetI.exe[2760] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 0000000074301be8 2 bytes [30, 74] .text C:\Windows\PLFSetI.exe[2760] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 0000000074301c20 2 bytes [30, 74] .text C:\Windows\PLFSetI.exe[2760] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 0000000074301cd2 2 bytes [30, 74] .text C:\Windows\PLFSetI.exe[2760] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 0000000074301cf2 2 bytes [30, 74] .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2792] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2888] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2968] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a01465 2 bytes [A0, 76] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a014bb 2 bytes [A0, 76] .text ... * 2 .text C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe[2932] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62] .text C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe[2932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a01465 2 bytes [A0, 76] .text C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe[2932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a014bb 2 bytes [A0, 76] .text ... * 2 .text C:\Windows\system32\wbem\unsecapp.exe[3112] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3304] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3656] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62] .text C:\Program Files (x86)\Launch Manager\LManager.exe[3744] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62] .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3880] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[3896] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62] .text C:\Windows\SysWOW64\RunDll32.exe[3912] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62] .text C:\Windows\SysWOW64\RunDll32.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a01465 2 bytes [A0, 76] .text C:\Windows\SysWOW64\RunDll32.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a014bb 2 bytes [A0, 76] .text ... * 2 .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3920] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62] .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a01465 2 bytes [A0, 76] .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a014bb 2 bytes [A0, 76] .text ... * 2 .text C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe[3180] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[1140] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3836] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62] .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4148] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62] .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a01465 2 bytes [A0, 76] .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a014bb 2 bytes [A0, 76] .text ... * 2 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4212] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[4964] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2104] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[5552] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe[5592] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[184] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62] .text C:\Program Files (x86)\Acer\Acer VCM\Vc.exe[6392] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62] .text C:\Program Files (x86)\Acer\Acer VCM\Vc.exe[6392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a01465 2 bytes [A0, 76] .text C:\Program Files (x86)\Acer\Acer VCM\Vc.exe[6392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a014bb 2 bytes [A0, 76] .text ... * 2 .text C:\Program Files (x86)\Acer\Acer VCM\Vc.exe[3128] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Windows\system32\notepad.exe[6176] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Windows\system32\notepad.exe[7920] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] .text C:\Users\chris\Downloads\Gmer-19357.exe[6216] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000761aa2ba 1 byte [62] .text C:\Windows\System32\Magnify.exe[6760] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0eecd 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2104:3944] 000007fefaed2a7c ---- Processes - GMER 2.1 ---- Library C:\Users\chris\Downloads\FRST64.exe (*** suspicious ***) @ C:\Users\chris\Downloads\FRST64.exe [3128] 000000013f340000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbaeb6ff Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbaeb6ff (not active ControlSet) ---- EOF - GMER 2.1 ---- Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.02.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 chris :: BLACK-BOX [Administrator] 06.02.2014 21:57:50 mbam-log-2014-02-06 (21-57-50).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 353667 Laufzeit: 35 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Danke! |
Themen zu Windows 7 wird nach längerer Laufzeit extrem langsam beim Öffnen von Websites |
4d36e972-e325-11ce-bfc1-08002be10318, antivirus, blockiert, branding, browser, converter, desktop, device driver, error, excel, fehler, firefox, flash player, home, iexplore.exe, langsam, launch, mozilla, ntdll.dll, realtek, registry, rundll, scan, security, services.exe, software, svchost.exe, system, taskhost.exe, vista, windows, windows 7 |