| |
| |||||||
Log-Analyse und Auswertung: Internet -Browser sehr langsamWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.04.2014, 18:33
| #1 |
 |  Internet -Browser sehr langsam Hallo, ich hoffe ihr könnt mir helfen. Mein Internet ist momentan sehr langsam. Wenn ich den Browser öffne, dann dauert es bis zu 10 Sekunden, bis sich die Internetseiten öffnen. Auch schon die Google Startseite. Manchmal geht es aber auch ganz schnell , so wie jetzt gerade und dann geht wieder gar nichts. Ich hab die Scans wie gewünscht durchgeführt. Scheinbar sind die zu groß, ich habe sie deshalb angehängt. Zusätzlich ist hier noch die FRSt Logdatei: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by wessel (administrator) on WESSEL-PC on 03-04-2014 19:06:08
Running from C:\Users\wessel\Desktop\sicherheit
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
( ) C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
(Dropbox, Inc.) C:\Users\wessel\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [BLEServicesCtrl] - C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-05-31] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11586944 2012-06-18] (Motorola Solutions, Inc.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-27] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2598696 2012-02-29] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [Eraser] - C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1064224 2013-11-14] (NVIDIA Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [173136 2014-03-25] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-08-11] (Microsoft Corporation)
HKU\S-1-5-21-3477562969-2480981767-1781961833-1000\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-3477562969-2480981767-1781961833-1000\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-3477562969-2480981767-1781961833-1000\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3477562969-2480981767-1781961833-1000\...\MountPoints2: {0b0a06fc-0024-11e3-8b55-806e6f6e6963} - E:\CDSetup.exe
HKU\S-1-5-21-3477562969-2480981767-1781961833-1001\...\MountPoints2: {0b0a06fc-0024-11e3-8b55-806e6f6e6963} - E:\CDSetup.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [246024 2012-12-29] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [201728 2012-12-29] (NVIDIA Corporation)
AppInit_DLLs-x32: ,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201728 2012-12-29] (NVIDIA Corporation)
Startup: C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\wessel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEEAA1C1F2295CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 80.69.100.102 80.69.100.230
FireFox:
========
FF ProfilePath: C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-08-09]
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] - C:\Program Files (x86)\LyriXeeker\128.xpi
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [epojlgbehpaeekopencdagbdamnkppci] - C:\Program Files (x86)\LyriXeeker\128.crx []
==================== Services (Whitelisted) =================
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [121424 2014-03-25] (Avira Operations GmbH & Co. KG)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-15] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-15] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-14] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-02-16] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2014-02-16] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-11-24] ()
S3 L1C; C:\Windows\System32\DRIVERS\e22w7x64.sys [161616 2012-03-07] (Qualcomm Atheros, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-11-24] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 Spyder4; C:\Windows\System32\DRIVERS\dccmtr.sys [15360 2011-06-02] (Datacolor)
S3 GPU-Z; \??\C:\Users\wessel\AppData\Local\Temp\GPU-Z.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-03 19:05 - 2014-04-03 19:06 - 00000000 ____D () C:\FRST
2014-04-03 18:47 - 2014-04-03 18:47 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-03 18:47 - 2014-04-03 18:47 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-03 18:42 - 2014-04-03 18:42 - 00000085 _____ () C:\Windows\wininit.ini
2014-04-03 18:37 - 2014-04-03 18:37 - 00000626 _____ () C:\Users\wessel\Desktop\JRT.txt
2014-04-01 19:28 - 2014-04-03 19:06 - 00000000 ____D () C:\Users\wessel\Desktop\sicherheit
2014-04-01 19:15 - 2014-04-01 19:15 - 00000000 ____D () C:\Users\wessel\AppData\Roaming\DropboxMaster
2014-04-01 19:11 - 2014-04-02 19:05 - 00000892 _____ () C:\aaw7boot.log
2014-03-31 06:24 - 2014-04-01 19:11 - 00000510 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2014-03-31 06:24 - 2014-03-31 06:24 - 00003402 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2014-03-31 06:23 - 2014-04-03 18:35 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-03-31 06:23 - 2014-04-03 18:35 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-03-26 06:51 - 2014-04-03 18:55 - 00020692 _____ () C:\Windows\PFRO.log
2014-03-24 19:50 - 2014-03-24 19:51 - 00000000 ____D () C:\Users\wessel\Documents\steuern
2014-03-24 19:42 - 2014-03-24 19:42 - 00001233 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2014-03-24 19:42 - 2014-03-24 19:42 - 00000000 ____D () C:\Users\wessel\AppData\Roaming\elsterformular
2014-03-24 19:42 - 2014-03-24 19:42 - 00000000 ____D () C:\ProgramData\elsterformular
2014-03-24 19:42 - 2014-03-24 19:42 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-03-24 17:45 - 2014-03-24 17:46 - 00000000 ____D () C:\Windows\rescache
2014-03-23 19:18 - 2014-03-23 19:18 - 01950720 _____ () C:\Users\wessel\Desktop\adwcleaner.exe
2014-03-21 07:11 - 2014-04-03 18:55 - 00003317 _____ () C:\Windows\setupact.log
2014-03-21 07:11 - 2014-03-21 07:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-20 20:14 - 2014-03-20 20:14 - 00000000 ____D () C:\Users\wessel\AppData\Local\NikLicenseFiles
2014-03-20 19:25 - 2014-03-20 19:26 - 00000000 ____D () C:\ProgramData\Google
2014-03-20 19:24 - 2014-04-03 18:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-20 19:24 - 2014-04-03 18:42 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-20 19:24 - 2014-03-30 19:37 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-20 19:24 - 2014-03-30 19:37 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-19 08:00 - 2014-03-20 21:50 - 00000000 ____D () C:\Users\wessel\AppData\Roaming\Samsung
2014-03-19 08:00 - 2014-03-20 21:50 - 00000000 ____D () C:\Users\wessel\AppData\Local\Samsung
2014-03-19 08:00 - 2014-03-19 08:00 - 00000000 ____D () C:\Users\wessel\Documents\samsung
2014-03-19 08:00 - 2014-03-19 08:00 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-03-19 07:59 - 2014-03-20 21:50 - 00000000 ____D () C:\ProgramData\Samsung
2014-03-19 07:59 - 2014-01-23 19:23 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2014-03-19 07:59 - 2014-01-23 19:23 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2014-03-19 07:56 - 2014-03-19 07:56 - 00000000 ____D () C:\Users\wessel\AppData\Local\Downloaded Installations
2014-03-16 15:48 - 2014-03-16 15:48 - 00000000 ____D () C:\Users\wessel\AppData\Roaming\dvdcss
2014-03-13 17:51 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 17:51 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 17:51 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 17:51 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 17:51 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 17:51 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 17:51 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 17:51 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 17:51 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 17:51 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 17:51 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 17:51 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 17:51 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 17:51 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 17:51 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 17:51 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 17:51 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 17:51 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 17:51 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 17:51 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 17:51 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 17:51 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 17:51 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 17:51 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 17:51 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 17:51 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 17:51 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 17:51 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 17:51 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 17:51 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 17:51 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 17:51 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 17:51 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 17:51 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 17:51 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 17:51 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 17:51 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 17:51 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 17:51 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 17:51 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 17:51 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 17:51 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 17:51 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 17:51 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 17:50 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 17:50 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 17:50 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 17:50 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 21:22 - 2014-03-12 21:22 - 00503136 _____ () C:\Users\wessel\Downloads\=_UTF-8_B_MDIgQXJiZWl0c2xvc2lna2VpdCBuYWNoIEzDpG5kZXJuLnBkZg==_=
2014-03-12 21:06 - 2014-03-12 21:06 - 00522991 _____ () C:\Users\wessel\Downloads\=_UTF-8_B_MDMgQXVzZ2V3w6RobHRlIEFyYmVpdHNsb3NlbnF1b3RlbiBJLnBkZg==_= (1)
2014-03-12 21:06 - 2014-03-12 21:06 - 00522991 _____ () C:\Users\wessel\Downloads\=_UTF-8_B_MDMgQXVzZ2V3w6RobHRlIEFyYmVpdHNsb3NlbnF1b3RlbiBJLnBkZg==_=
2014-03-09 20:22 - 2014-03-09 20:22 - 00000000 ____D () C:\Users\wessel\Desktop\Neuer Ordner (4)
2014-03-08 22:55 - 2014-03-08 23:07 - 879923392 _____ () C:\Users\wessel\Desktop\THE AUSTIN 100 2014 (FINAL).zip
==================== One Month Modified Files and Folders =======
2014-04-03 19:06 - 2014-04-03 19:05 - 00000000 ____D () C:\FRST
2014-04-03 19:06 - 2014-04-01 19:28 - 00000000 ____D () C:\Users\wessel\Desktop\sicherheit
2014-04-03 19:03 - 2009-07-14 06:45 - 00015072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-03 19:03 - 2009-07-14 06:45 - 00015072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-03 19:00 - 2009-07-14 19:58 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-04-03 19:00 - 2009-07-14 19:58 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-04-03 19:00 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-03 18:59 - 2013-08-08 14:19 - 01892181 _____ () C:\Windows\WindowsUpdate.log
2014-04-03 18:56 - 2014-03-20 19:24 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-03 18:56 - 2013-08-16 09:58 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-03 18:56 - 2013-08-12 20:01 - 00000000 ____D () C:\Users\wessel\AppData\Roaming\Dropbox
2014-04-03 18:56 - 2013-08-09 17:22 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-04-03 18:55 - 2014-03-26 06:51 - 00020692 _____ () C:\Windows\PFRO.log
2014-04-03 18:55 - 2014-03-21 07:11 - 00003317 _____ () C:\Windows\setupact.log
2014-04-03 18:55 - 2014-01-04 12:03 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-03 18:55 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-03 18:47 - 2014-04-03 18:47 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-03 18:47 - 2014-04-03 18:47 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-03 18:47 - 2013-10-09 17:34 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-03 18:47 - 2013-08-09 19:10 - 00000000 ____D () C:\ProgramData\Avira
2014-04-03 18:42 - 2014-04-03 18:42 - 00000085 _____ () C:\Windows\wininit.ini
2014-04-03 18:42 - 2014-03-20 19:24 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-03 18:42 - 2014-01-04 12:04 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-03 18:39 - 2013-10-05 18:05 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-03 18:39 - 2013-10-05 17:59 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-03 18:37 - 2014-04-03 18:37 - 00000626 _____ () C:\Users\wessel\Desktop\JRT.txt
2014-04-03 18:35 - 2014-03-31 06:23 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-04-03 18:35 - 2014-03-31 06:23 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-04-03 18:28 - 2013-08-09 19:08 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-03 18:15 - 2013-08-13 16:15 - 00000072 _____ () C:\Users\Public\LMDebug.log
2014-04-03 18:01 - 2013-08-09 20:46 - 00000000 ____D () C:\Users\wessel\AppData\Local\Adobe
2014-04-02 19:09 - 2013-08-09 17:22 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-04-02 19:05 - 2014-04-01 19:11 - 00000892 _____ () C:\aaw7boot.log
2014-04-01 19:32 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-01 19:31 - 2013-08-20 15:34 - 00000000 ____D () C:\AdwCleaner
2014-04-01 19:29 - 2013-11-02 14:02 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-04-01 19:15 - 2014-04-01 19:15 - 00000000 ____D () C:\Users\wessel\AppData\Roaming\DropboxMaster
2014-04-01 19:15 - 2013-08-12 20:04 - 00001021 _____ () C:\Users\wessel\Desktop\Dropbox.lnk
2014-04-01 19:15 - 2013-08-12 20:03 - 00000000 ____D () C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-01 19:15 - 2013-08-08 14:20 - 00000000 ___RD () C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-01 19:11 - 2014-03-31 06:24 - 00000510 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2014-03-31 06:24 - 2014-03-31 06:24 - 00003402 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2014-03-30 19:37 - 2014-03-20 19:24 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-30 19:37 - 2014-03-20 19:24 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-25 10:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-24 19:51 - 2014-03-24 19:50 - 00000000 ____D () C:\Users\wessel\Documents\steuern
2014-03-24 19:42 - 2014-03-24 19:42 - 00001233 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2014-03-24 19:42 - 2014-03-24 19:42 - 00000000 ____D () C:\Users\wessel\AppData\Roaming\elsterformular
2014-03-24 19:42 - 2014-03-24 19:42 - 00000000 ____D () C:\ProgramData\elsterformular
2014-03-24 19:42 - 2014-03-24 19:42 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-03-24 17:46 - 2014-03-24 17:45 - 00000000 ____D () C:\Windows\rescache
2014-03-23 19:18 - 2014-03-23 19:18 - 01950720 _____ () C:\Users\wessel\Desktop\adwcleaner.exe
2014-03-21 07:30 - 2013-12-04 22:23 - 00015003 _____ () C:\Users\wessel\daemonprocess.txt
2014-03-21 07:11 - 2014-03-21 07:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-20 21:51 - 2013-08-15 16:07 - 00000000 ____D () C:\Users\wessel\AppData\Roaming\FileZilla
2014-03-20 21:50 - 2014-03-19 08:00 - 00000000 ____D () C:\Users\wessel\AppData\Roaming\Samsung
2014-03-20 21:50 - 2014-03-19 08:00 - 00000000 ____D () C:\Users\wessel\AppData\Local\Samsung
2014-03-20 21:50 - 2014-03-19 07:59 - 00000000 ____D () C:\ProgramData\Samsung
2014-03-20 21:50 - 2013-08-12 21:57 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-03-20 21:50 - 2013-08-09 16:49 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-20 20:14 - 2014-03-20 20:14 - 00000000 ____D () C:\Users\wessel\AppData\Local\NikLicenseFiles
2014-03-20 19:26 - 2014-03-20 19:25 - 00000000 ____D () C:\ProgramData\Google
2014-03-20 19:26 - 2013-08-20 15:19 - 00000000 ____D () C:\Users\wessel\AppData\Local\Google
2014-03-20 19:26 - 2013-08-09 19:08 - 00000000 ____D () C:\Users\wessel\AppData\Roaming\Adobe
2014-03-20 19:25 - 2013-10-01 20:22 - 00000000 ____D () C:\Program Files\Google
2014-03-20 19:24 - 2013-10-01 20:22 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-19 08:00 - 2014-03-19 08:00 - 00000000 ____D () C:\Users\wessel\Documents\samsung
2014-03-19 08:00 - 2014-03-19 08:00 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-03-19 07:56 - 2014-03-19 07:56 - 00000000 ____D () C:\Users\wessel\AppData\Local\Downloaded Installations
2014-03-16 16:26 - 2013-09-07 19:48 - 00000000 ____D () C:\Users\wessel\Desktop\Neuer Ordner
2014-03-16 15:58 - 2013-08-26 09:39 - 00000000 ____D () C:\ProgramData\DVD Shrink
2014-03-16 15:57 - 2013-09-06 11:00 - 00000000 ____D () C:\Users\wessel\AppData\Roaming\vlc
2014-03-16 15:48 - 2014-03-16 15:48 - 00000000 ____D () C:\Users\wessel\AppData\Roaming\dvdcss
2014-03-14 07:21 - 2014-02-28 16:04 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 07:21 - 2014-02-28 16:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 07:21 - 2009-07-14 06:45 - 05061296 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 21:29 - 2013-08-09 20:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 21:22 - 2014-03-12 21:22 - 00503136 _____ () C:\Users\wessel\Downloads\=_UTF-8_B_MDIgQXJiZWl0c2xvc2lna2VpdCBuYWNoIEzDpG5kZXJuLnBkZg==_=
2014-03-12 21:06 - 2014-03-12 21:06 - 00522991 _____ () C:\Users\wessel\Downloads\=_UTF-8_B_MDMgQXVzZ2V3w6RobHRlIEFyYmVpdHNsb3NlbnF1b3RlbiBJLnBkZg==_= (1)
2014-03-12 21:06 - 2014-03-12 21:06 - 00522991 _____ () C:\Users\wessel\Downloads\=_UTF-8_B_MDMgQXVzZ2V3w6RobHRlIEFyYmVpdHNsb3NlbnF1b3RlbiBJLnBkZg==_=
2014-03-11 20:28 - 2013-08-09 19:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 20:28 - 2013-08-09 19:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 20:28 - 2013-08-09 19:08 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-10 07:19 - 2014-02-11 21:59 - 00000000 ____D () C:\Users\wessel\Desktop\scannen
2014-03-09 20:22 - 2014-03-09 20:22 - 00000000 ____D () C:\Users\wessel\Desktop\Neuer Ordner (4)
2014-03-08 23:07 - 2014-03-08 22:55 - 879923392 _____ () C:\Users\wessel\Desktop\THE AUSTIN 100 2014 (FINAL).zip
Some content of TEMP:
====================
C:\Users\wessel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptm54ee.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-30 14:55
==================== End Of Log ============================
Ich hoffe ihr könnt mir helfen. Danke im Voraus Gruß Fredde |
|
03.04.2014, 19:40
| #2 |
| /// TB-Ausbilder   | Internet -Browser sehr langsam Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Wir beginnen so: Scan mit Combofix
|
|
04.04.2014, 05:13
| #3 |
| | Internet -Browser sehr langsam Hallo Matthias,
__________________vielen Dank schon mal. Hier kommt die Log-Datei von Combofix. Allerdings hat Antivir etwas gemeckert, als ich das ausgeführt habe: Registrierungsschlüssel geschützt. Dabei hatte ich das eigentlich ausgestellt... Gestern Abend hat Antivir auch noch folgende Meldung gegeben: TR/Wysotot.Gen gefunden /gelöscht. Code:
ATTFilter ComboFix 14-04-03.01 - wessel 04.04.2014 6:00.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3993.1807 [GMT 2:00]
ausgeführt von:: c:\users\wessel\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\wessel\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-03-04 bis 2014-04-04 ))))))))))))))))))))))))))))))
.
.
2014-04-04 04:03 . 2014-04-04 04:04 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-04-04 04:03 . 2014-04-04 04:03 -------- d-----w- c:\users\schule\AppData\Local\temp
2014-04-03 17:21 . 2014-04-03 17:21 -------- d-----w- c:\users\wessel\AppData\Roaming\Avira
2014-04-03 17:16 . 2014-02-25 09:41 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-04-03 17:16 . 2014-02-25 09:41 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-04-03 17:16 . 2014-02-25 09:41 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-04-03 17:05 . 2014-04-03 17:06 -------- d-----w- C:\FRST
2014-04-03 16:47 . 2014-04-03 17:16 -------- d-----w- c:\program files (x86)\Avira
2014-04-01 17:15 . 2014-04-01 17:15 -------- d-----w- c:\users\wessel\AppData\Roaming\DropboxMaster
2014-03-31 04:23 . 2014-04-03 16:35 -------- d-----w- c:\programdata\Lavasoft
2014-03-31 04:23 . 2014-04-03 16:35 -------- d-----w- c:\program files (x86)\Lavasoft
2014-03-24 17:42 . 2014-03-24 17:42 -------- d-----w- c:\users\wessel\AppData\Roaming\elsterformular
2014-03-24 17:42 . 2014-03-24 17:42 -------- d-----w- c:\programdata\elsterformular
2014-03-24 17:42 . 2014-03-24 17:42 -------- d-----w- c:\program files (x86)\ElsterFormular
2014-03-24 15:45 . 2014-03-24 15:46 -------- d-----w- c:\windows\rescache
2014-03-20 18:14 . 2014-03-20 18:14 -------- d-----w- c:\users\wessel\AppData\Local\NikLicenseFiles
2014-03-19 06:00 . 2014-03-20 19:50 -------- d-----w- c:\users\wessel\AppData\Local\Samsung
2014-03-19 06:00 . 2014-03-20 19:50 -------- d-----w- c:\users\wessel\AppData\Roaming\Samsung
2014-03-19 05:59 . 2014-01-23 17:23 144664 ----a-w- c:\windows\SysWow64\secman.dll
2014-03-19 05:59 . 2014-01-23 17:23 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2014-03-19 05:59 . 2014-03-20 19:50 -------- d-----w- c:\programdata\Samsung
2014-03-19 05:56 . 2014-03-19 05:56 -------- d-----w- c:\users\wessel\AppData\Local\Downloaded Installations
2014-03-16 13:48 . 2014-03-16 13:48 -------- d-----w- c:\users\wessel\AppData\Roaming\dvdcss
2014-03-13 15:50 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-13 15:50 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-13 15:50 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-13 15:50 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-11 18:28 . 2013-08-09 17:08 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 18:28 . 2013-08-09 17:08 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-16 19:50 . 2014-02-16 19:50 119808 ----a-r- c:\users\wessel\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2014-02-16 17:41 . 2013-10-06 10:22 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-02-16 17:41 . 2013-10-06 10:22 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-02-16 17:41 . 2013-10-06 10:22 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-01-23 17:31 . 2014-01-23 17:31 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2014-01-23 17:31 . 2014-01-23 17:31 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2014-01-23 17:31 . 2014-01-23 17:31 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2014-01-23 17:31 . 2014-01-23 17:31 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2014-01-23 17:31 . 2014-01-23 17:31 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2014-01-23 17:31 . 2014-01-23 17:31 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2014-01-23 17:31 . 2014-01-23 17:31 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2014-01-23 17:31 . 2014-01-23 17:31 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2014-01-23 17:31 . 2014-01-23 17:31 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2014-01-23 17:31 . 2014-01-23 17:31 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2014-01-23 17:31 . 2014-01-23 17:31 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2014-01-23 17:31 . 2014-01-23 17:31 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2014-01-23 17:31 . 2014-01-23 17:31 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2014-01-23 17:31 . 2014-01-23 17:31 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2014-01-23 17:31 . 2014-01-23 17:31 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2014-01-23 17:31 . 2014-01-23 17:31 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2014-01-23 17:31 . 2014-01-23 17:31 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2014-01-23 17:31 . 2014-01-23 17:31 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2014-01-23 17:31 . 2014-01-23 17:31 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2014-01-23 17:31 . 2014-01-23 17:31 172032 ----a-w- c:\windows\SysWow64\muzapp.exe
2014-01-23 17:31 . 2014-01-23 17:31 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2014-01-23 17:31 . 2014-01-23 17:31 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2014-01-23 17:31 . 2014-01-23 17:31 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2014-01-23 17:31 . 2014-01-23 17:31 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2014-01-23 17:31 . 2014-01-23 17:31 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2014-01-23 17:31 . 2014-01-23 17:31 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\wessel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\wessel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\wessel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-26 291608]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-09-05 937920]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-03-25 173136]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-25 689744]
.
c:\users\wessel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\wessel\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-3-19 32667896]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-12-18 1103712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SpyderUtility.lnk - c:\program files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe [2012-2-8 8241767]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 GPU-Z;GPU-Z;c:\users\wessel\AppData\Local\Temp\GPU-Z.sys;c:\users\wessel\AppData\Local\Temp\GPU-Z.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 L1C;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\e22w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w7x64.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Spyder4;Datacolor Spyder4;c:\windows\system32\DRIVERS\dccmtr.sys;c:\windows\SYSNATIVE\DRIVERS\dccmtr.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
R4 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-09 18:28]
.
2014-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-20 17:24]
.
2014-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-20 17:24]
.
2014-04-04 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
2014-04-03 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\wessel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\wessel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\wessel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\wessel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-06-18 11586944]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-30 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-30 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-30 439064]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-27 12459112]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-14 1028384]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2012-05-22 980920]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-11-14 1064224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.de/
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An Bluetooth senden - c:\program files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Auswahl speichern - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Bild ausschneiden - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Diese Seite ausschneiden - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Neue Notiz - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: URL notieren - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
TCP: DhcpNameServer = 80.69.100.102 80.69.100.230
FF - ProfilePath - c:\users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-VIS - c:\users\wessel\AppData\Roaming\Windows Net Data\uninstaller.exe
AddRemove-WebEnhance - c:\program files (x86)\WebEnhance\Uninst.exe
AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files (x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32]
@DACL=(02 0000)
@=expand:"%SystemRoot%\\System32\\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-04-04 06:07:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-04-04 04:07
.
Vor Suchlauf: 11 Verzeichnis(se), 10.055.622.656 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 10.010.443.776 Bytes frei
.
- - End Of File - - 4C057A5524D522D73D47932C179C660E
|
|
04.04.2014, 17:54
| #4 | |
| /// TB-Ausbilder | Internet -Browser sehr langsam Servus, Zitat:
Bitte alle Logs mit Funden posten Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 3 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 4 Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
Bitte poste mit deiner nächsten Antwort
|
|
05.04.2014, 11:51
| #5 |
| | Internet -Browser sehr langsam Hallo, hatte gar nicht drüber nachgedacht, dass es bei antivir überhaupt logfiles gibt. ;-) Code:
ATTFilter Die Datei 'C:\AdwCleaner\Quarantine\C\Users\wessel\AppData\Roaming\eIntaller\1483D70A1AB2437e816556E34D60922A\eXQ.exe.vir'
enthielt einen Virus oder unerwünschtes Programm 'TR/Wysotot.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '549614df.qua' verschoben!
fach von einer Quarantäne in die nächste geschoben worden zu sein... nach dem ich zoek.exe durchlaufen lassen habe, hab ich antivir wieder angeschaltet. Antivir erkennt einen Virus in der Datei, das muss mir aber keine Sorgen machen? hier kommen die anderen logs... der browser arbeitet aber schon viel schneller Code:
ATTFilter # AdwCleaner v3.023 - Bericht erstellt am 05/04/2014 um 10:18:22
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : wessel - WESSEL-PC
# Gestartet von : C:\Users\wessel\Desktop\sicherheit\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v27.0.1 (de)
[ Datei : C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\wessel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [10760 octets] - [20/08/2013 15:34:57]
AdwCleaner[R1].txt - [895 octets] - [20/08/2013 17:36:17]
AdwCleaner[R2].txt - [1821 octets] - [02/09/2013 20:48:53]
AdwCleaner[R3].txt - [9011 octets] - [21/03/2014 16:32:21]
AdwCleaner[R4].txt - [1410 octets] - [23/03/2014 19:21:27]
AdwCleaner[R5].txt - [1416 octets] - [01/04/2014 19:28:53]
AdwCleaner[R6].txt - [1536 octets] - [05/04/2014 10:15:01]
AdwCleaner[S0].txt - [9012 octets] - [20/08/2013 15:35:15]
AdwCleaner[S1].txt - [8554 octets] - [21/03/2014 16:32:56]
AdwCleaner[S2].txt - [1471 octets] - [23/03/2014 19:22:41]
AdwCleaner[S3].txt - [1477 octets] - [01/04/2014 19:31:37]
AdwCleaner[S4].txt - [1457 octets] - [05/04/2014 10:18:22]
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1517 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Professional x64
Ran by wessel on 05.04.2014 at 10:21:47,01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.04.2014 at 10:30:35,18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 05.04.2014 Scan Time: 11:57:19 Logfile: mbam.txt Administrator: Yes Version: 2.00.1.1004 Malware Database: v2014.04.05.02 Rootkit Database: v2014.03.27.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: wessel Scan Type: Threat Scan Result: Completed Objects Scanned: 342944 Time Elapsed: 10 min, 2 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 1 PUP.Optional.Lyrics.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\epojlgbehpaeekopencdagbdamnkppci, Quarantined, [e0d6fd2903782214d8acd292c33ffd03], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) |
|
05.04.2014, 12:49
| #6 | |
| /// TB-Ausbilder | Internet -Browser sehr langsam Servus, Zitat:
 Kannst du bitte noch die Logdatei von Zoek posten? Dann können wir weitermachen.  |
|
05.04.2014, 13:06
| #7 |
| | Internet -Browser sehr langsam oh, hier ist sie: Code:
ATTFilter
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by wessel on 05.04.2014 at 12:00:14,70.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\wessel\Desktop\sicherheit\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
05.04.2014 12:01:32 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3477562969-2480981767-1781961833-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-3477562969-2480981767-1781961833-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-3477562969-2480981767-1781961833-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-3477562969-2480981767-1781961833-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-3477562969-2480981767-1781961833-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-3477562969-2480981767-1781961833-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-3477562969-2480981767-1781961833-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully
HKEY_USERS\S-1-5-21-3477562969-2480981767-1781961833-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully
HKEY_USERS\S-1-5-21-3477562969-2480981767-1781961833-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully
HKEY_USERS\S-1-5-21-3477562969-2480981767-1781961833-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully
HKEY_USERS\S-1-5-21-3477562969-2480981767-1781961833-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully
HKEY_USERS\S-1-5-21-3477562969-2480981767-1781961833-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully
HKEY_USERS\S-1-5-21-3477562969-2480981767-1781961833-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully
HKEY_USERS\S-1-5-21-3477562969-2480981767-1781961833-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-3477562969-2480981767-1781961833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully
HKEY_USERS\S-1-5-21-3477562969-2480981767-1781961833-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully
HKEY_USERS\S-1-5-21-3477562969-2480981767-1781961833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-3477562969-2480981767-1781961833-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-3477562969-2480981767-1781961833-1000\Software\Mozilla\Firefox\Extensions\lyrix@lyrixeeker.co deleted successfully
HKEY_USERS\S-1-5-21-3477562969-2480981767-1781961833-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Mozilla\Firefox\Extensions\lyrix@lyrixeeker.co deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.de/");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\prefs.js:
Added to C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default
user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----
prefs__1219_.backup
ProfilePath: C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}
user.js not found
---- FireFox user.js and prefs.js backups ----
==== Deleting Files \ Folders ======================
C:\Users\musik\daemonprocess.txt deleted
C:\Users\schule\daemonprocess.txt deleted
C:\Users\wessel\daemonprocess.txt deleted
C:\PROGRA~2\GUMEF9.tmp deleted
C:\PROGRA~2\Covus Freemium deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\PROGRA~3\dxdiag.txt deleted
C:\PROGRA~3\FreeSystemUtilities deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\wessel\AppData\Local\cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covus Freemium deleted
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions\staged deleted
"C:\Users\wessel\AppData\Roaming\Samsung" deleted
==== Firefox Extensions ======================
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default
95812430959AE88CDD0301AB3A71913B - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll - Shockwave Flash
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.de/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.de/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\wessel\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VIS deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\musik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\musik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\schule\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\wessel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\wessel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\wessel\AppData\Local\Mozilla\Firefox\Profiles\gpieaic0.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome Cache found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=365 folders=69 70408365 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\musik\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\schule\AppData\Local\temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\temp emptied successfully
C:\Users\wessel\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\wessel\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 05.04.2014 at 12:36:38,84 ======================
|
|
05.04.2014, 13:54
| #8 |
| /// TB-Ausbilder | Internet -Browser sehr langsam Servus, Wir spüren die letzten Reste auf, damit wir sie später entfernen können: Kontrollscan mit FRST Führe wie zuvor beschrieben einen Scan mit FRST aus. Setze dazu einen Haken bei Addition.txt rechts unten und klicke auf Scan. Es werden zwei Logdateien erzeugt. Poste mir diese. Gibt es noch Probleme mit langsamen Browsern? Wenn ja, welche? Wie läuft der Rechner derzeit? Bitte poste mit deiner nächsten Antwort
|
|
05.04.2014, 14:39
| #9 |
| | Internet -Browser sehr langsam Der Browser läuft in der meisten Zeit wesentlich schneller. Allerdings hab ich zwischendurch noch Probleme ins Internet zu kommen... Das könnte aber auch am Router liegen, habe vor kurzer Zeit den neuen Router von Unitymedia bekommen, über den man ja nicht viel gutes liest... FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by wessel (administrator) on WESSEL-PC on 05-04-2014 15:35:43
Running from C:\Users\wessel\Desktop\sicherheit
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
( ) C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
(Dropbox, Inc.) C:\Users\wessel\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11586944 2012-06-18] (Motorola Solutions, Inc.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-27] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2598696 2012-02-29] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [Eraser] - C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1064224 2013-11-14] (NVIDIA Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [173136 2014-03-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3477562969-2480981767-1781961833-1000\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3477562969-2480981767-1781961833-1001\...\MountPoints2: {0b0a06fc-0024-11e3-8b55-806e6f6e6963} - E:\CDSetup.exe
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [246024 2012-12-29] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [201728 2012-12-29] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201728 2012-12-29] (NVIDIA Corporation)
Startup: C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\wessel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEEAA1C1F2295CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 80.69.100.102 80.69.100.230
FireFox:
========
FF ProfilePath: C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default
FF NewTab: hxxp://www.google.com/
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [121424 2014-03-25] (Avira Operations GmbH & Co. KG)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-15] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-15] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-14] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-02-16] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2014-02-16] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-11-24] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 L1C; C:\Windows\System32\DRIVERS\e22w7x64.sys [161616 2012-03-07] (Qualcomm Atheros, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-11-24] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 Spyder4; C:\Windows\System32\DRIVERS\dccmtr.sys [15360 2011-06-02] (Datacolor)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GPU-Z; \??\C:\Users\wessel\AppData\Local\Temp\GPU-Z.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-05 13:58 - 2014-04-05 13:58 - 00000000 ____D () C:\Users\wessel\AppData\Local\PDF24
2014-04-05 13:57 - 2014-04-05 13:57 - 00001083 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-04-05 13:57 - 2014-04-05 13:57 - 00001063 _____ () C:\Users\Public\Desktop\PDF24 Fax.lnk
2014-04-05 13:57 - 2014-04-05 13:57 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-04-05 12:52 - 2014-04-05 12:54 - 00012587 _____ () C:\Users\wessel\Adobe Creative Suite Cleaner Tool.log
2014-04-05 12:23 - 2014-04-05 12:00 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-04-05 12:01 - 2014-04-05 12:36 - 00013023 _____ () C:\zoek-results.log
2014-04-05 12:00 - 2014-04-05 12:19 - 00000000 ____D () C:\zoek_backup
2014-04-05 11:46 - 2014-04-05 11:47 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-05 11:46 - 2014-04-05 11:47 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-05 11:46 - 2014-04-05 11:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-05 11:46 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-05 11:46 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-05 11:46 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-05 10:30 - 2014-04-05 10:30 - 00000626 _____ () C:\Users\wessel\Desktop\JRT.txt
2014-04-05 10:19 - 2014-04-05 12:36 - 00001256 _____ () C:\Windows\PFRO.log
2014-04-04 23:30 - 2014-04-04 23:30 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-04-04 07:44 - 2014-04-04 07:44 - 00000000 ____D () C:\Users\schule\AppData\Roaming\Avira
2014-04-04 07:40 - 2014-04-05 12:36 - 00000392 _____ () C:\Windows\setupact.log
2014-04-04 07:40 - 2014-04-04 07:40 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-04 06:07 - 2014-04-04 06:07 - 00026917 _____ () C:\Users\wessel\Desktop\compo.txt
2014-04-04 06:07 - 2014-04-04 06:07 - 00026917 _____ () C:\ComboFix.txt
2014-04-04 05:57 - 2014-04-04 06:07 - 00000000 ____D () C:\Qoobox
2014-04-04 05:57 - 2014-04-04 06:06 - 00000000 ____D () C:\Windows\erdnt
2014-04-04 05:57 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-04 05:57 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-04 05:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-04 05:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-04 05:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-04 05:57 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-04 05:57 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-04 05:57 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-04 05:55 - 2014-04-04 05:56 - 05193944 ____R (Swearware) C:\Users\wessel\Desktop\ComboFix.exe
2014-04-03 19:21 - 2014-04-03 19:21 - 00000000 ____D () C:\Users\wessel\AppData\Roaming\Avira
2014-04-03 19:16 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-04-03 19:16 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-04-03 19:16 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-04-03 19:08 - 2014-04-03 19:08 - 00000000 _____ () C:\Users\wessel\defogger_reenable
2014-04-03 19:05 - 2014-04-05 15:35 - 00000000 ____D () C:\FRST
2014-04-03 18:47 - 2014-04-03 19:16 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-03 18:47 - 2014-04-03 18:47 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-01 19:28 - 2014-04-05 15:35 - 00000000 ____D () C:\Users\wessel\Desktop\sicherheit
2014-04-01 19:15 - 2014-04-01 19:15 - 00000000 ____D () C:\Users\wessel\AppData\Roaming\DropboxMaster
2014-04-01 19:11 - 2014-04-02 19:05 - 00000892 _____ () C:\aaw7boot.log
2014-03-31 06:23 - 2014-04-03 18:35 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-03-31 06:23 - 2014-04-03 18:35 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-03-24 19:50 - 2014-03-24 19:51 - 00000000 ____D () C:\Users\wessel\Documents\steuern
2014-03-24 19:42 - 2014-03-24 19:42 - 00001233 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2014-03-24 19:42 - 2014-03-24 19:42 - 00000000 ____D () C:\Users\wessel\AppData\Roaming\elsterformular
2014-03-24 19:42 - 2014-03-24 19:42 - 00000000 ____D () C:\ProgramData\elsterformular
2014-03-24 19:42 - 2014-03-24 19:42 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-03-24 17:45 - 2014-03-24 17:46 - 00000000 ____D () C:\Windows\rescache
2014-03-23 19:18 - 2014-03-23 19:18 - 01950720 _____ () C:\Users\wessel\Desktop\adwcleaner.exe
2014-03-20 20:14 - 2014-03-20 20:14 - 00000000 ____D () C:\Users\wessel\AppData\Local\NikLicenseFiles
2014-03-20 19:25 - 2014-03-20 19:26 - 00000000 ____D () C:\ProgramData\Google
2014-03-20 19:24 - 2014-04-05 15:29 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-20 19:24 - 2014-04-05 12:36 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-20 19:24 - 2014-03-30 19:37 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-20 19:24 - 2014-03-30 19:37 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-19 08:00 - 2014-03-20 21:50 - 00000000 ____D () C:\Users\wessel\AppData\Local\Samsung
2014-03-19 08:00 - 2014-03-19 08:00 - 00000000 ____D () C:\Users\wessel\Documents\samsung
2014-03-19 08:00 - 2014-03-19 08:00 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-03-19 07:59 - 2014-03-20 21:50 - 00000000 ____D () C:\ProgramData\Samsung
2014-03-19 07:59 - 2014-01-23 19:23 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2014-03-19 07:59 - 2014-01-23 19:23 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2014-03-19 07:56 - 2014-03-19 07:56 - 00000000 ____D () C:\Users\wessel\AppData\Local\Downloaded Installations
2014-03-16 15:48 - 2014-03-16 15:48 - 00000000 ____D () C:\Users\wessel\AppData\Roaming\dvdcss
2014-03-13 17:51 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 17:51 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 17:51 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 17:51 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 17:51 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 17:51 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 17:51 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 17:51 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 17:51 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 17:51 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 17:51 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 17:51 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 17:51 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 17:51 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 17:51 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 17:51 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 17:51 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 17:51 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 17:51 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 17:51 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 17:51 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 17:51 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 17:51 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 17:51 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 17:51 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 17:51 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 17:51 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 17:51 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 17:51 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 17:51 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 17:51 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 17:51 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 17:51 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 17:51 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 17:51 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 17:51 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 17:51 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 17:51 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 17:51 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 17:51 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 17:51 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 17:51 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 17:51 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 17:51 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 17:50 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 17:50 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 17:50 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 17:50 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 21:22 - 2014-03-12 21:22 - 00503136 _____ () C:\Users\wessel\Downloads\=_UTF-8_B_MDIgQXJiZWl0c2xvc2lna2VpdCBuYWNoIEzDpG5kZXJuLnBkZg==_=
2014-03-12 21:06 - 2014-03-12 21:06 - 00522991 _____ () C:\Users\wessel\Downloads\=_UTF-8_B_MDMgQXVzZ2V3w6RobHRlIEFyYmVpdHNsb3NlbnF1b3RlbiBJLnBkZg==_= (1)
2014-03-12 21:06 - 2014-03-12 21:06 - 00522991 _____ () C:\Users\wessel\Downloads\=_UTF-8_B_MDMgQXVzZ2V3w6RobHRlIEFyYmVpdHNsb3NlbnF1b3RlbiBJLnBkZg==_=
2014-03-09 20:22 - 2014-03-09 20:22 - 00000000 ____D () C:\Users\wessel\Desktop\Neuer Ordner (4)
2014-03-08 22:55 - 2014-03-08 23:07 - 879923392 _____ () C:\Users\wessel\Desktop\THE AUSTIN 100 2014 (FINAL).zip
==================== One Month Modified Files and Folders =======
2014-04-05 15:35 - 2014-04-03 19:05 - 00000000 ____D () C:\FRST
2014-04-05 15:35 - 2014-04-01 19:28 - 00000000 ____D () C:\Users\wessel\Desktop\sicherheit
2014-04-05 15:29 - 2014-03-20 19:24 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-05 15:28 - 2013-08-09 19:08 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-05 15:28 - 2013-08-08 14:19 - 01129615 _____ () C:\Windows\WindowsUpdate.log
2014-04-05 13:58 - 2014-04-05 13:58 - 00000000 ____D () C:\Users\wessel\AppData\Local\PDF24
2014-04-05 13:57 - 2014-04-05 13:57 - 00001083 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-04-05 13:57 - 2014-04-05 13:57 - 00001063 _____ () C:\Users\Public\Desktop\PDF24 Fax.lnk
2014-04-05 13:57 - 2014-04-05 13:57 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-04-05 12:54 - 2014-04-05 12:52 - 00012587 _____ () C:\Users\wessel\Adobe Creative Suite Cleaner Tool.log
2014-04-05 12:54 - 2013-08-09 20:46 - 00000000 ____D () C:\Users\wessel\AppData\Local\Adobe
2014-04-05 12:52 - 2013-08-08 14:19 - 00000000 ____D () C:\Users\wessel
2014-04-05 12:43 - 2009-07-14 06:45 - 00015072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-05 12:43 - 2009-07-14 06:45 - 00015072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-05 12:40 - 2009-07-14 19:58 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-04-05 12:40 - 2009-07-14 19:58 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-04-05 12:40 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-05 12:37 - 2013-08-12 20:01 - 00000000 ____D () C:\Users\wessel\AppData\Roaming\Dropbox
2014-04-05 12:36 - 2014-04-05 12:01 - 00013023 _____ () C:\zoek-results.log
2014-04-05 12:36 - 2014-04-05 10:19 - 00001256 _____ () C:\Windows\PFRO.log
2014-04-05 12:36 - 2014-04-04 07:40 - 00000392 _____ () C:\Windows\setupact.log
2014-04-05 12:36 - 2014-03-20 19:24 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-05 12:36 - 2013-08-09 17:22 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-04-05 12:36 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-05 12:19 - 2014-04-05 12:00 - 00000000 ____D () C:\zoek_backup
2014-04-05 12:19 - 2014-02-07 20:03 - 00000000 ____D () C:\Users\musik
2014-04-05 12:19 - 2013-09-06 11:09 - 00000000 ____D () C:\Users\schule
2014-04-05 12:00 - 2014-04-05 12:23 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-04-05 11:47 - 2014-04-05 11:46 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-05 11:47 - 2014-04-05 11:46 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-05 11:47 - 2014-04-05 11:46 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-05 11:46 - 2013-08-20 15:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-05 10:30 - 2014-04-05 10:30 - 00000626 _____ () C:\Users\wessel\Desktop\JRT.txt
2014-04-05 10:21 - 2013-08-20 15:34 - 00000000 ____D () C:\AdwCleaner
2014-04-05 10:19 - 2009-07-14 06:45 - 05061320 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-05 10:16 - 2013-08-13 16:15 - 00000072 _____ () C:\Users\Public\LMDebug.log
2014-04-04 23:30 - 2014-04-04 23:30 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-04-04 17:25 - 2013-08-09 17:28 - 00115304 _____ () C:\Users\wessel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-04 15:53 - 2013-08-09 20:48 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-04 15:53 - 2013-08-09 20:48 - 00000000 ____D () C:\Program Files\Adobe
2014-04-04 15:52 - 2013-08-09 20:49 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-04-04 15:51 - 2013-08-09 20:47 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-04 07:44 - 2014-04-04 07:44 - 00000000 ____D () C:\Users\schule\AppData\Roaming\Avira
2014-04-04 07:40 - 2014-04-04 07:40 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-04 06:29 - 2013-08-16 09:58 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-04 06:21 - 2013-08-09 20:57 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-04-04 06:07 - 2014-04-04 06:07 - 00026917 _____ () C:\Users\wessel\Desktop\compo.txt
2014-04-04 06:07 - 2014-04-04 06:07 - 00026917 _____ () C:\ComboFix.txt
2014-04-04 06:07 - 2014-04-04 05:57 - 00000000 ____D () C:\Qoobox
2014-04-04 06:07 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-04 06:06 - 2014-04-04 05:57 - 00000000 ____D () C:\Windows\erdnt
2014-04-04 06:05 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-04 05:56 - 2014-04-04 05:55 - 05193944 ____R (Swearware) C:\Users\wessel\Desktop\ComboFix.exe
2014-04-03 19:21 - 2014-04-03 19:21 - 00000000 ____D () C:\Users\wessel\AppData\Roaming\Avira
2014-04-03 19:16 - 2014-04-03 18:47 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-03 19:16 - 2013-08-09 19:10 - 00000000 ____D () C:\ProgramData\Avira
2014-04-03 19:09 - 2013-08-09 17:22 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-04-03 19:08 - 2014-04-03 19:08 - 00000000 _____ () C:\Users\wessel\defogger_reenable
2014-04-03 18:55 - 2014-01-04 12:03 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-03 18:47 - 2014-04-03 18:47 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-03 18:42 - 2014-01-04 12:04 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-03 18:39 - 2013-10-05 18:05 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-03 18:39 - 2013-10-05 17:59 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-03 18:35 - 2014-03-31 06:23 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-04-03 18:35 - 2014-03-31 06:23 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-04-03 09:51 - 2014-04-05 11:46 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-05 11:46 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-05 11:46 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 19:05 - 2014-04-01 19:11 - 00000892 _____ () C:\aaw7boot.log
2014-04-01 19:32 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-01 19:29 - 2013-11-02 14:02 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-04-01 19:15 - 2014-04-01 19:15 - 00000000 ____D () C:\Users\wessel\AppData\Roaming\DropboxMaster
2014-04-01 19:15 - 2013-08-12 20:04 - 00001021 _____ () C:\Users\wessel\Desktop\Dropbox.lnk
2014-04-01 19:15 - 2013-08-12 20:03 - 00000000 ____D () C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-01 19:15 - 2013-08-08 14:20 - 00000000 ___RD () C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-31 09:35 - 2013-08-24 13:18 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-30 19:37 - 2014-03-20 19:24 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-30 19:37 - 2014-03-20 19:24 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-25 10:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-24 19:51 - 2014-03-24 19:50 - 00000000 ____D () C:\Users\wessel\Documents\steuern
2014-03-24 19:42 - 2014-03-24 19:42 - 00001233 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2014-03-24 19:42 - 2014-03-24 19:42 - 00000000 ____D () C:\Users\wessel\AppData\Roaming\elsterformular
2014-03-24 19:42 - 2014-03-24 19:42 - 00000000 ____D () C:\ProgramData\elsterformular
2014-03-24 19:42 - 2014-03-24 19:42 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-03-24 17:46 - 2014-03-24 17:45 - 00000000 ____D () C:\Windows\rescache
2014-03-23 19:18 - 2014-03-23 19:18 - 01950720 _____ () C:\Users\wessel\Desktop\adwcleaner.exe
2014-03-20 21:51 - 2013-08-15 16:07 - 00000000 ____D () C:\Users\wessel\AppData\Roaming\FileZilla
2014-03-20 21:50 - 2014-03-19 08:00 - 00000000 ____D () C:\Users\wessel\AppData\Local\Samsung
2014-03-20 21:50 - 2014-03-19 07:59 - 00000000 ____D () C:\ProgramData\Samsung
2014-03-20 21:50 - 2013-08-12 21:57 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-03-20 21:50 - 2013-08-09 16:49 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-20 20:14 - 2014-03-20 20:14 - 00000000 ____D () C:\Users\wessel\AppData\Local\NikLicenseFiles
2014-03-20 19:26 - 2014-03-20 19:25 - 00000000 ____D () C:\ProgramData\Google
2014-03-20 19:26 - 2013-08-20 15:19 - 00000000 ____D () C:\Users\wessel\AppData\Local\Google
2014-03-20 19:26 - 2013-08-09 19:08 - 00000000 ____D () C:\Users\wessel\AppData\Roaming\Adobe
2014-03-20 19:25 - 2013-10-01 20:22 - 00000000 ____D () C:\Program Files\Google
2014-03-20 19:24 - 2013-10-01 20:22 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-19 08:00 - 2014-03-19 08:00 - 00000000 ____D () C:\Users\wessel\Documents\samsung
2014-03-19 08:00 - 2014-03-19 08:00 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-03-19 07:56 - 2014-03-19 07:56 - 00000000 ____D () C:\Users\wessel\AppData\Local\Downloaded Installations
2014-03-16 16:26 - 2013-09-07 19:48 - 00000000 ____D () C:\Users\wessel\Desktop\Neuer Ordner
2014-03-16 15:58 - 2013-08-26 09:39 - 00000000 ____D () C:\ProgramData\DVD Shrink
2014-03-16 15:57 - 2013-09-06 11:00 - 00000000 ____D () C:\Users\wessel\AppData\Roaming\vlc
2014-03-16 15:48 - 2014-03-16 15:48 - 00000000 ____D () C:\Users\wessel\AppData\Roaming\dvdcss
2014-03-14 07:21 - 2014-02-28 16:04 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 07:21 - 2014-02-28 16:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 21:29 - 2013-08-09 20:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 21:22 - 2014-03-12 21:22 - 00503136 _____ () C:\Users\wessel\Downloads\=_UTF-8_B_MDIgQXJiZWl0c2xvc2lna2VpdCBuYWNoIEzDpG5kZXJuLnBkZg==_=
2014-03-12 21:06 - 2014-03-12 21:06 - 00522991 _____ () C:\Users\wessel\Downloads\=_UTF-8_B_MDMgQXVzZ2V3w6RobHRlIEFyYmVpdHNsb3NlbnF1b3RlbiBJLnBkZg==_= (1)
2014-03-12 21:06 - 2014-03-12 21:06 - 00522991 _____ () C:\Users\wessel\Downloads\=_UTF-8_B_MDMgQXVzZ2V3w6RobHRlIEFyYmVpdHNsb3NlbnF1b3RlbiBJLnBkZg==_=
2014-03-11 20:28 - 2013-08-09 19:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 20:28 - 2013-08-09 19:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 20:28 - 2013-08-09 19:08 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-10 07:19 - 2014-02-11 21:59 - 00000000 ____D () C:\Users\wessel\Desktop\scannen
2014-03-09 20:22 - 2014-03-09 20:22 - 00000000 ____D () C:\Users\wessel\Desktop\Neuer Ordner (4)
2014-03-08 23:07 - 2014-03-08 22:55 - 879923392 _____ () C:\Users\wessel\Desktop\THE AUSTIN 100 2014 (FINAL).zip
Some content of TEMP:
====================
C:\Users\wessel\AppData\Local\Temp\avgnt.exe
C:\Users\wessel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplxhxrx.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-30 14:55
==================== End Of Log ============================
--- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by wessel at 2014-04-05 15:36:15
Running from C:\Users\wessel\Desktop\sicherheit
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
Avira (HKLM-x32\...\{8f29d204-f85e-4d8d-87b0-7ba66bffc1aa}) (Version: 1.0.5197.30752 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.0.5197.30752 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
calibre 64bit (HKLM\...\{2ADBDFD8-FBF2-44D1-9592-52CB11F50575}) (Version: 1.10.0 - Kovid Goyal)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq2414) (Version: - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4214 - CDBurnerXP)
Command & Conquer™ 3 Tiberium Wars and Kane's Wrath (HKLM-x32\...\{35A2FE53-CC80-4D17-941F-3A7C82824FC7}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.25 - Dropbox, Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.0.20140212 - Landesfinanzdirektion Thüringen)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
ETDWare PS/2-X64 8.0.5.7_WHQL (HKLM\...\Elantech) (Version: 8.0.5.7 - ELAN Microelectronic Corp.)
Evernote v. 5.1 (HKLM-x32\...\{9DF852CA-6831-11E3-AD73-00163E98E7D6}) (Version: 5.1.0.2217 - Evernote Corp.)
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version: - Bethesda Game Studios)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version: - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Free System Utilities (HKLM-x32\...\{b70d03b1-2a07-4c32-beef-79d2d13a5bee}) (Version: 1.1.3.0 - Covus Freemium GmbH)
Free SystemUtilities (x32 Version: 1.1.3.0 - Covus Freemium GmbH) Hidden
Free YouTube to MP3 Converter version 3.12.17.1127 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.17.1127 - DVDVideoSoft Ltd.)
Geeks3D FurMark 1.12.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{A10B1524-63B5-40F2-B272-D841CF671C16}) (Version: 2.2.0.0266 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{54EB8041-1115-4406-AA4B-44D236E84B3B}) (Version: 15.01.1000.0927 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.1.1.1 - Google)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.5 - Notepad++ Team)
NVIDIA GeForce Experience 1.7.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.7.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.90 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 310.90 (Version: 310.90 - NVIDIA Corporation) Hidden
NVIDIA Update 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.9 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.7.2735 - Electronic Arts, Inc.)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Port Royale 3 (HKLM-x32\...\Steam App 205610) (Version: - Gaming Minds)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6602 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.92 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Samsung ML-331x Series (HKLM-x32\...\Samsung ML-331x Series) (Version: - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: - Samsung Electronics Co., Ltd.)
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
SHIELD Streaming (Version: 1.6.53 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
SimCity 4 Deluxe (HKLM-x32\...\Steam App 24780) (Version: - EA - Maxis)
Spyder4Pro (HKLM-x32\...\Spyder4Pro) (Version: - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
StreamTransport version: 1.1.0.1 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version: - )
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.0 - Ubisoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
WebEnhance (HKLM-x32\...\WebEnhance) (Version: - )
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Worms Armageddon (HKLM-x32\...\Steam App 217200) (Version: - Team17 Digital Ltd.)
YTD Video Downloader 4.7.1 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.7.1 - GreenTree Applications SRL)
==================== Restore Points =========================
05-04-2014 10:01:24 zoek.exe restore point
==================== Hosts content: ==========================
2013-08-16 14:00 - 2014-04-04 06:05 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0FB3A30D-844B-4F68-BFA3-D1844B858BC2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {245BDB68-C863-4352-B313-3ED51871799C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {2873001C-656F-47BB-8EEA-98D893C62998} - \Software Updater Ui No Task File
Task: {2DC7BF4E-4F94-41E3-9084-68925BEDCC02} - System32\Tasks\{FA7A60CF-2D12-4AB5-9E3C-023915C3121C} => D:\SteamLibrary\SteamApps\common\Supreme Commander\bin\SupremeCommander.exe
Task: {34894FF1-76F6-43DC-A150-08AACFDF0DB3} - System32\Tasks\Freemium1ClickMaint => C:\Users\wessel\Desktop\1Click.exe
Task: {3CB0BEAA-A6B7-4192-ABA3-DE62F7446A90} - \Software Updater No Task File
Task: {60F4F9C7-3E4F-4855-B3EB-46F19AC8AD40} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {728775DB-7038-47E9-9796-035AE6A8B757} - \DealPlyUpdate No Task File
Task: {75C3E469-D599-4532-804E-96F1FE5768EB} - \DSite No Task File
Task: {7818F2DB-328D-4F60-9C9E-D67666D8ABAB} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {A7767FA7-45C0-46D9-A3CB-D28687AAF9BB} - \Dealply No Task File
Task: {A9C2579A-2DAE-4CBA-ADB2-DAB01DF6CD39} - System32\Tasks\{514AB144-6D63-4DF4-9544-497D513C4C58} => D:\SteamLibrary\SteamApps\common\Supreme Commander\bin\SupremeCommander.exe
Task: {B479D829-DE8A-4F21-ADB1-72EACBB9F5A3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {BC421944-B73D-4F6F-B917-694A0ACC4381} - \BrowserDefendert No Task File
Task: {E2DF94AE-327F-4DA1-9E4E-B3ACEAE16094} - System32\Tasks\{7AC4D9D4-F00E-49D9-8B8A-1195C847B2CF} => D:\SteamLibrary\SteamApps\common\Supreme Commander\bin\SupremeCommander.exe
Task: {FFFD8651-BEAC-4E86-BC48-490653D6C1E4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
==================== Loaded Modules (whitelisted) =============
2013-12-01 18:16 - 2012-12-29 10:40 - 00087480 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-12 21:57 - 2010-09-14 20:31 - 00027648 _____ () C:\Windows\System32\ssi1mlm.dll
2013-11-02 14:02 - 2010-04-05 21:55 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-08-09 17:21 - 2012-03-15 06:48 - 00127320 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2013-10-06 12:22 - 2014-02-16 19:41 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-06 12:22 - 2014-02-16 19:41 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-08-09 17:30 - 2012-03-26 11:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-04-03 19:16 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-03-25 17:07 - 2014-03-25 17:07 - 00137808 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-03-25 17:07 - 2014-03-25 17:07 - 00063568 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2011-08-09 17:06 - 2012-02-07 15:59 - 00139264 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\Appearance Pak.dll
2011-08-09 17:06 - 2012-02-07 15:59 - 00151552 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\RegEx.dll
2011-08-09 17:06 - 2012-02-07 15:59 - 12977947 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\RBScript.dll
2011-08-09 17:06 - 2012-02-07 15:59 - 00098304 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\Shell.dll
2011-08-09 17:06 - 2012-02-07 15:59 - 00761856 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\XML.dll
2011-08-09 17:06 - 2012-02-07 15:59 - 00274432 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\CGamma.dll
2011-08-09 17:06 - 2012-02-07 15:59 - 00086016 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\CSensor.dll
2011-09-22 16:22 - 2012-02-07 15:59 - 00039936 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\MBSRegistrationPlugin16724.dll
2011-09-22 16:22 - 2012-02-07 15:59 - 00025600 _____ () C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\MBSPluginVersionPlugin16724.dll
2014-04-05 12:36 - 2014-04-05 12:36 - 00041984 _____ () c:\users\wessel\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplxhxrx.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\wessel\AppData\Roaming\Dropbox\bin\libcef.dll
2013-11-25 11:00 - 2013-11-25 11:00 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2013-11-25 11:00 - 2013-11-25 11:00 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2014-04-05 12:36 - 2014-03-25 17:07 - 00049744 _____ () C:\Users\wessel\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-02-14 20:46 - 2014-02-14 20:46 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\00a0b4a9df6e4abf30ae2af3624a77ce\IsdiInterop.ni.dll
2013-08-09 17:25 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-08-09 17:21 - 2012-03-06 09:27 - 01198872 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\wessel\Desktop\2012-11-05 16.08.27.jpg:com.dropbox.attributes
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: Bluetooth Device Monitor => 2
MSCONFIG\Services: Bluetooth Media Service => 2
MSCONFIG\startupreg: BLEServicesCtrl => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
==================== Faulty Device Manager Devices =============
Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (04/05/2014 01:56:56 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (04/05/2014 01:56:56 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (04/05/2014 01:50:47 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (04/05/2014 01:50:47 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (04/05/2014 00:53:27 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (04/05/2014 00:19:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (04/05/2014 00:19:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (04/05/2014 00:19:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (04/05/2014 00:19:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (04/05/2014 00:19:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Microsoft Office Sessions:
=========================
Error: (09/23/2013 07:40:59 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5001, Microsoft Office Version: 12.0.6612.1000. This session lasted 74888 seconds with 8760 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-04-04 06:03:37.299
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-04-04 06:03:37.237
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-04 15:49:04.174
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-04 15:49:04.174
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-04 15:49:04.174
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-04 15:49:04.174
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-04 15:49:04.174
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-04 15:49:04.164
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-03 14:48:26.215
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-03 14:48:26.215
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 51%
Total physical RAM: 3992.95 MB
Available physical RAM: 1928.92 MB
Total Pagefile: 7984.07 MB
Available Pagefile: 5553.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:119.14 GB) (Free:22 GB) NTFS
Drive d: () (Fixed) (Total:465.76 GB) (Free:209.49 GB) NTFS
Drive e: (Richter_und_sein_Henker) (CDROM) (Total:6.74 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 9212F41F)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 742FCB21)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Geändert von fredde (05.04.2014 um 14:55 Uhr) |
|
05.04.2014, 15:24
| #10 |
| /// TB-Ausbilder | Internet -Browser sehr langsam Servus, Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern. Im Anschluss daran räumen wir auf und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
Task: {2873001C-656F-47BB-8EEA-98D893C62998} - \Software Updater Ui No Task File
Task: {34894FF1-76F6-43DC-A150-08AACFDF0DB3} - System32\Tasks\Freemium1ClickMaint => C:\Users\wessel\Desktop\1Click.exe
Task: {3CB0BEAA-A6B7-4192-ABA3-DE62F7446A90} - \Software Updater No Task File
C:\Users\wessel\Desktop\1Click.exe
Task: {728775DB-7038-47E9-9796-035AE6A8B757} - \DealPlyUpdate No Task File
Task: {75C3E469-D599-4532-804E-96F1FE5768EB} - \DSite No Task File
Task: {A7767FA7-45C0-46D9-A3CB-D28687AAF9BB} - \Dealply No Task File
Task: {BC421944-B73D-4F6F-B917-694A0ACC4381} - \BrowserDefendert No Task File
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
05.04.2014, 22:50
| #11 |
| | Internet -Browser sehr langsamCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by wessel at 2014-04-05 17:44:48 Run:1
Running from C:\Users\wessel\Desktop\sicherheit
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
Task: {2873001C-656F-47BB-8EEA-98D893C62998} - \Software Updater Ui No Task File
Task: {34894FF1-76F6-43DC-A150-08AACFDF0DB3} - System32\Tasks\Freemium1ClickMaint => C:\Users\wessel\Desktop\1Click.exe
Task: {3CB0BEAA-A6B7-4192-ABA3-DE62F7446A90} - \Software Updater No Task File
C:\Users\wessel\Desktop\1Click.exe
Task: {728775DB-7038-47E9-9796-035AE6A8B757} - \DealPlyUpdate No Task File
Task: {75C3E469-D599-4532-804E-96F1FE5768EB} - \DSite No Task File
Task: {A7767FA7-45C0-46D9-A3CB-D28687AAF9BB} - \Dealply No Task File
Task: {BC421944-B73D-4F6F-B917-694A0ACC4381} - \BrowserDefendert No Task File
end
*****************
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2873001C-656F-47BB-8EEA-98D893C62998} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2873001C-656F-47BB-8EEA-98D893C62998} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Updater Ui => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34894FF1-76F6-43DC-A150-08AACFDF0DB3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34894FF1-76F6-43DC-A150-08AACFDF0DB3} => Key deleted successfully.
C:\Windows\System32\Tasks\Freemium1ClickMaint => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Freemium1ClickMaint => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3CB0BEAA-A6B7-4192-ABA3-DE62F7446A90} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CB0BEAA-A6B7-4192-ABA3-DE62F7446A90} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Updater => Key deleted successfully.
"C:\Users\wessel\Desktop\1Click.exe" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{728775DB-7038-47E9-9796-035AE6A8B757} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{728775DB-7038-47E9-9796-035AE6A8B757} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75C3E469-D599-4532-804E-96F1FE5768EB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75C3E469-D599-4532-804E-96F1FE5768EB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7767FA7-45C0-46D9-A3CB-D28687AAF9BB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7767FA7-45C0-46D9-A3CB-D28687AAF9BB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC421944-B73D-4F6F-B917-694A0ACC4381} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC421944-B73D-4F6F-B917-694A0ACC4381} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert => Key deleted successfully.
==== End of Fixlog ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a001615d5595c64ca4ab53769add56f1
# engine=14986
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-02 06:14:06
# local_time=2013-09-02 08:14:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 298245 129775496 0 0
# scanned=303676
# found=1
# cleaned=0
# scan_time=3292
sh=F721A9E1AC3EA08C6EBE5309FA84315080D4D8D8 ft=1 fh=17fe8b2a6c886bfd vn="a variant of Win32/SpeedingUpMyPC.B application" ac=I fn="C:\Users\wessel\AppData\Local\Temp\OptimizerPro.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a001615d5595c64ca4ab53769add56f1
# engine=17567
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-23 07:54:35
# local_time=2014-03-23 08:54:35 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 14615364 147234325 0 0
# scanned=304751
# found=0
# cleaned=0
# scan_time=4113
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a001615d5595c64ca4ab53769add56f1
# engine=17766
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-05 07:04:39
# local_time=2014-04-05 09:04:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 20163 3407015 12942 0
# compatibility_mode=5893 16776573 100 94 5763 148354529 0 0
# scanned=42795
# found=0
# cleaned=0
# scan_time=4245
ESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a001615d5595c64ca4ab53769add56f1
# engine=17769
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-05 09:27:06
# local_time=2014-04-05 11:27:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 28710 3415562 21489 0
# compatibility_mode=5893 16776573 100 94 14310 148363076 0 0
# scanned=309250
# found=0
# cleaned=0
# scan_time=7276
Code:
ATTFilter HitmanPro 3.7.9.216
www.hitmanpro.com
Computer name . . . . : WESSEL-PC
Windows . . . . . . . : 6.1.1.7601.X64/8
User name . . . . . . : wessel-PC\wessel
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (30 days left)
Scan date . . . . . . : 2014-04-05 17:47:58
Scan mode . . . . . . : Normal
Scan duration . . . . : 2m 39s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : Yes
Threats . . . . . . . : 0
Traces . . . . . . . : 58
Objects scanned . . . : 2.270.723
Files scanned . . . . : 40.068
Remnants scanned . . : 625.596 files / 1.605.059 keys
Suspicious files ____________________________________________________________
C:\Users\wessel\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
Size . . . . . . . : 951.497 bytes
Age . . . . . . . : 181.2 days (2013-10-06 13:45:08)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 43358BBCEC1EBE7927CA3B0A3DCA0597D5E8584F0FCBE987B8126A0C12D73A2B
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\wessel\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys
Size . . . . . . . : 140.072 bytes
Age . . . . . . . : 181.2 days (2013-10-06 13:45:20)
Entropy . . . . . : 7.7
SHA-256 . . . . . : CC3F4E453FC246B64C09E81BB73741CECC897C805C13815336647E986A60301E
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.
C:\Users\wessel\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
Size . . . . . . . : 953.886 bytes
Age . . . . . . . : 116.9 days (2013-12-09 19:20:17)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\wessel\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys
Size . . . . . . . : 138.032 bytes
Age . . . . . . . : 116.9 days (2013-12-09 19:20:29)
Entropy . . . . . : 7.8
SHA-256 . . . . . : ABAF3FACF01E10E4C685F79C3B9E5D2118B3CF8629C4277EBE035B2A10474148
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.
Potential Unwanted Programs _________________________________________________
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TBNotifier_RASAPI32\ (AskBar) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TBNotifier_RASMANCS\ (AskBar) -> Deleted
HKU\.DEFAULT\Software\AskPartnerNetwork\ (AskBar) -> Deleted
HKU\S-1-5-18\Software\AskPartnerNetwork\ (AskBar) -> PendingDelete
HKU\S-1-5-21-3477562969-2480981767-1781961833-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro) -> Deleted
HKU\S-1-5-21-3477562969-2480981767-1781961833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find) -> Deleted
HKU\S-1-5-21-3477562969-2480981767-1781961833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome (22Find) -> Deleted
Cookies _____________________________________________________________________
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\0K7LYTXV.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\0PYNXUQ9.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\487XEOFN.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\A9K2S6RF.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\AVTWWDLG.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\BB53QUJ9.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\CY3ZIV7X.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\E0OT5FVV.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\HXWEAKAZ.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\JU389HLR.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\N6G0QEGT.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\O1FPM4F1.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\QYJUAX99.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\TDVY6T32.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\XLD7CVIR.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\XVZFGNRB.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\ZDF46GQG.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\ZLFWOXMR.txt
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:2o7.net
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:ad.360yield.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:ad.ad-srv.net
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:ad.dyntracker.de
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:ad.movad.net
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:ad.yieldmanager.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:ad.zanox.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:ads.creative-serving.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:ads.escinteractive.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:ads.p161.net
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:ads.pubmatic.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:ads.stickyadstv.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:ads.yahoo.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:adtech.de
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:adtechus.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:atdmt.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:deutschepostag.112.2o7.net
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:fl01.ct2.comclick.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:kontera.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:media6degrees.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:revsci.net
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:ru4.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:serving-sys.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:smartadserver.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:statcounter.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:track.adform.net
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:track.effiliation.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:track.tnm.de
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:xiti.com
Code:
ATTFilter Results of screen317's Security Check version 0.99.80
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spyder4Pro
Java 7 Update 51
Adobe Flash Player 12.0.0.77
Mozilla Firefox (27.0.1)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
|
|
06.04.2014, 12:22
| #12 |
| /// TB-Ausbilder | Internet -Browser sehr langsam Servus, Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 5 Die Reihenfolge ist hier entscheidend.
Schritt 6 Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
06.04.2014, 13:23
| #13 |
| | Internet -Browser sehr langsam Hallo Matthias, vielen dank für deine Hilfe. Werde das System noch ein paar Tage beobachten, glaube aber , dass alles ok ist. Vielen vielen Dank für deine Hilfe. Finde super, was ihr macht Gruß Fredde |
|
07.04.2014, 12:45
| #14 |
| /// TB-Ausbilder | Internet -Browser sehr langsam Ich bin froh, dass wir helfen konnten  In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
| Themen zu Internet -Browser sehr langsam |
| ad-aware, avg, avira, browser langsam, canon, desktop, flash player, google, homepage, internet, langsam, realtek, registry, sekunden, services.exe, spyware, svchost.exe, temp, tr/wysotot.gen, up.optional.lyrics.a, usb, winlogon.exe |
WARNUNG an die MITLESER: 
und 
und speichere die Logdatei auf Deinem Desktop.
Linear-Darstellung
