| |
| |||||||
Log-Analyse und Auswertung: Win 8 nach Neuinstallation immernoch extrem langsam und stürzt ständig abWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.05.2014, 00:41
| #1 |
| |  Win 8 nach Neuinstallation immernoch extrem langsam und stürzt ständig ab Hallo! Ich danke jetzt schon mal für eure Hilfe! Viel Ahnung habe ich leider nicht, deshalb bin ich mir unsicher, ob ich hier alle nötigen Informationen poste. Mit Anleitung was genau fehlt, kann ich meinen Post gerne erweitern. Da mein Laptop immer langsamer wurde, Fehlermeldungen anzeigte und immer wieder abgestürzt ist, habe ich jetzt mehrere Male Windows 8 neu installiert. Es ist vorinstalliert und ich habe immer die Funktion "Alles entfernen und Windows neu installieren" gewählt. Nur kommt es mir vor, als ob er immer langsamer arbeitet. Manchmal beendet er Programme oder den Browser weil wohl ein Problem vorliegt. Dann erscheint auch manchmal ein blauer Bildschirm auf dem steht, dass der PC ein Problem hat und heruntergefahren wird. Ist es möglich, dass das vorinstallierte Windows kaputt gegangen ist? Ich habe die Anleitung befolgt und hier sind die Ergebnisse: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:40 on 17/05/2014 (Tamara)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by Tamara (administrator) on PC on 17-05-2014 00:41:38
Running from C:\Users\Tamara\Downloads
Platform: Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16384_none_622908ad510eb05b\TiWorker.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13267016 2013-01-23] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-27] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ATLauncher] => "C:\Program Files\McAfee\MSC\OOBE\ATLauncher.exe" /createshortcuts:1
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-01-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-01-10] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Tamara\AppData\Roaming\Mozilla\Firefox\Profiles\vnxcjo34.default
FF Homepage: https://www.google.de/
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-05-17]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []
==================== Services (Whitelisted) =================
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [31632 2013-01-18] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [33168 2013-01-18] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 McOobeSv2; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McSchedulerSvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [264360 2013-10-08] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)
S2 0115051400278486mcinstcleanup; C:\Users\Tamara\AppData\Local\Temp\011505~1.EXE -cleanup -nolog [X]
S4 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [X]
S2 mfevtp; "C:\windows\system32\mfevtps.exe" [X]
==================== Drivers (Whitelisted) ====================
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-16] (ASUS Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131002.001\BHDrvx64.sys [1525848 2013-09-26] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107920 2013-01-18] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [43408 2013-01-18] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [65424 2013-01-18] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [229776 2013-01-18] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [363920 2013-01-18] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-05-16] (Symantec Corporation)
U3 EraserUtilDrv11312; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [137648 2014-05-16] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20130930.001\IDSVia64.sys [520280 2013-09-24] (Symantec Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140516.002\ENG64.SYS [126040 2014-05-16] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140516.002\EX64.SYS [2099288 2014-05-16] (Symantec Corporation)
R3 SRTSP; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1501000.012\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
S0 cfwids; system32\drivers\cfwids.sys [X]
S0 mfeapfk; system32\drivers\mfeapfk.sys [X]
R0 mfeavfk; system32\drivers\mfeavfk.sys [X]
S0 mfeelamk; system32\drivers\mfeelamk.sys [X]
S0 mfefirek; system32\drivers\mfefirek.sys [X]
R0 mfehidk; system32\drivers\mfehidk.sys [X]
R0 mfewfpk; system32\drivers\mfewfpk.sys [X]
U0 msahci;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-17 00:41 - 2014-05-17 00:41 - 00013228 _____ () C:\Users\Tamara\Downloads\FRST.txt
2014-05-17 00:41 - 2014-05-17 00:41 - 00000000 ____D () C:\FRST
2014-05-17 00:40 - 2014-05-17 00:41 - 02067456 _____ (Farbar) C:\Users\Tamara\Downloads\FRST64.exe
2014-05-17 00:40 - 2014-05-17 00:40 - 00000474 _____ () C:\Users\Tamara\Downloads\defogger_disable.log
2014-05-17 00:40 - 2014-05-17 00:40 - 00000000 _____ () C:\Users\Tamara\defogger_reenable
2014-05-17 00:39 - 2014-05-17 00:39 - 00050477 _____ () C:\Users\Tamara\Downloads\Defogger.exe
2014-05-17 00:35 - 2014-05-16 23:16 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1354172735-270949485-901679959-1002
2014-05-17 00:20 - 2014-05-17 00:20 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton 360
2014-05-17 00:18 - 2014-05-17 00:18 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-05-17 00:18 - 2014-05-17 00:18 - 00008222 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-05-17 00:18 - 2014-05-17 00:18 - 00003206 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration
2014-05-17 00:18 - 2014-05-17 00:18 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-05-17 00:17 - 2014-05-17 00:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-05-17 00:17 - 2014-05-17 00:17 - 00000000 ____D () C:\WINDOWS\system32\Drivers\N360x64
2014-05-17 00:17 - 2014-05-17 00:17 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-05-17 00:03 - 2014-05-17 00:19 - 00000000 ____D () C:\ProgramData\Norton
2014-05-17 00:03 - 2014-05-17 00:03 - 01021456 _____ (Symantec Corporation) C:\Users\Tamara\Downloads\Norton_Download_Manager.exe
2014-05-17 00:03 - 2014-05-17 00:03 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-05-16 23:03 - 2014-05-16 23:05 - 00000000 ____D () C:\AdwCleaner
2014-05-16 23:03 - 2014-05-16 23:03 - 01325827 _____ () C:\Users\Tamara\Downloads\adwcleaner_3.208.exe
2014-05-16 23:01 - 2014-05-16 23:01 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-16 23:01 - 2014-05-16 23:01 - 00000000 ____D () C:\Users\Tamara\AppData\Roaming\Mozilla
2014-05-16 23:01 - 2014-05-16 23:01 - 00000000 ____D () C:\Users\Tamara\AppData\Local\Mozilla
2014-05-16 23:01 - 2014-05-16 23:01 - 00000000 ____D () C:\ProgramData\Mozilla
2014-05-16 23:01 - 2014-05-16 23:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-16 23:01 - 2014-05-16 23:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-16 22:38 - 2014-05-16 22:38 - 00000000 ____D () C:\Users\Tamara\Documents\CyberLink
2014-05-16 22:38 - 2014-05-16 22:38 - 00000000 ____D () C:\Users\Tamara\AppData\Roaming\CyberLink
2014-05-16 22:38 - 2014-05-16 22:38 - 00000000 ____D () C:\Users\Tamara\AppData\Local\Cyberlink
2014-05-16 22:38 - 2014-05-16 22:38 - 00000000 ____D () C:\Users\Public\CyberLink
2014-05-16 22:38 - 2014-05-16 22:38 - 00000000 ____D () C:\ProgramData\CyberLink
2014-05-16 21:13 - 2014-05-16 21:13 - 00000000 ____D () C:\Users\Tamara\AppData\Roaming\Macromedia
2014-05-16 21:10 - 2014-05-16 21:10 - 00000000 ___RD () C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 21:10 - 2014-05-16 21:10 - 00000000 ___RD () C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 21:10 - 2014-05-16 21:10 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2014-05-16 21:10 - 2014-05-16 21:10 - 00000000 ____D () C:\Users\Tamara\AppData\Roaming\ASUS WebStorage
2014-05-16 21:09 - 2014-05-16 21:09 - 00001440 _____ () C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-16 21:09 - 2014-05-16 21:09 - 00000192 _____ () C:\WINDOWS\FixPatch.log
2014-05-16 21:09 - 2014-05-16 21:09 - 00000134 _____ () C:\WINDOWS\SysWOW64\mcmarkclean.log
2014-05-16 21:09 - 2014-05-16 21:09 - 00000000 __RSD () C:\Users\Public\Desktop\ASUS
2014-05-16 21:09 - 2014-05-16 21:09 - 00000000 ____D () C:\Users\Tamara\AppData\Roaming\Adobe
2014-05-16 21:09 - 2014-05-16 21:09 - 00000000 ____D () C:\ProgramData\FolderView
2014-05-16 21:08 - 2014-05-16 23:06 - 00000062 _____ () C:\Users\Tamara\AppData\Roaming\sp_data.sys
2014-05-16 21:08 - 2014-05-16 22:40 - 00000000 ____D () C:\Users\Tamara\AppData\Local\Packages
2014-05-16 21:08 - 2014-05-16 21:08 - 00000000 ____D () C:\Users\Tamara\AppData\Local\VirtualStore
2014-05-16 21:08 - 2014-05-16 21:08 - 00000000 ____D () C:\Users\Tamara\AppData\Local\ASUS
2014-05-16 21:07 - 2014-05-17 00:40 - 00000000 ____D () C:\Users\Tamara
2014-05-16 21:07 - 2014-05-16 21:07 - 00000020 ___SH () C:\Users\Tamara\ntuser.ini
2014-05-16 21:07 - 2014-05-16 21:07 - 00000000 _SHDL () C:\Users\Tamara\Vorlagen
2014-05-16 21:07 - 2014-05-16 21:07 - 00000000 _SHDL () C:\Users\Tamara\Startmenü
2014-05-16 21:07 - 2014-05-16 21:07 - 00000000 _SHDL () C:\Users\Tamara\Netzwerkumgebung
2014-05-16 21:07 - 2014-05-16 21:07 - 00000000 _SHDL () C:\Users\Tamara\Lokale Einstellungen
2014-05-16 21:07 - 2014-05-16 21:07 - 00000000 _SHDL () C:\Users\Tamara\Eigene Dateien
2014-05-16 21:07 - 2014-05-16 21:07 - 00000000 _SHDL () C:\Users\Tamara\Druckumgebung
2014-05-16 21:07 - 2014-05-16 21:07 - 00000000 _SHDL () C:\Users\Tamara\Documents\Eigene Musik
2014-05-16 21:07 - 2014-05-16 21:07 - 00000000 _SHDL () C:\Users\Tamara\Documents\Eigene Bilder
2014-05-16 21:07 - 2014-05-16 21:07 - 00000000 _SHDL () C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-16 21:07 - 2014-05-16 21:07 - 00000000 _SHDL () C:\Users\Tamara\AppData\Local\Verlauf
2014-05-16 21:07 - 2014-05-16 21:07 - 00000000 _SHDL () C:\Users\Tamara\AppData\Local\Anwendungsdaten
2014-05-16 21:07 - 2014-05-16 21:07 - 00000000 _SHDL () C:\Users\Tamara\Anwendungsdaten
2014-05-16 21:07 - 2012-11-27 06:09 - 00002098 _____ () C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-05-16 21:07 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-16 21:07 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-16 21:07 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-05-16 21:07 - 2012-07-26 10:13 - 00000000 ____D () C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
==================== One Month Modified Files and Folders =======
2014-05-17 00:41 - 2014-05-17 00:41 - 00013228 _____ () C:\Users\Tamara\Downloads\FRST.txt
2014-05-17 00:41 - 2014-05-17 00:41 - 00000000 ____D () C:\FRST
2014-05-17 00:41 - 2014-05-17 00:40 - 02067456 _____ (Farbar) C:\Users\Tamara\Downloads\FRST64.exe
2014-05-17 00:40 - 2014-05-17 00:40 - 00000474 _____ () C:\Users\Tamara\Downloads\defogger_disable.log
2014-05-17 00:40 - 2014-05-17 00:40 - 00000000 _____ () C:\Users\Tamara\defogger_reenable
2014-05-17 00:40 - 2014-05-16 21:07 - 00000000 ____D () C:\Users\Tamara
2014-05-17 00:39 - 2014-05-17 00:39 - 00050477 _____ () C:\Users\Tamara\Downloads\Defogger.exe
2014-05-17 00:20 - 2014-05-17 00:20 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton 360
2014-05-17 00:19 - 2014-05-17 00:03 - 00000000 ____D () C:\ProgramData\Norton
2014-05-17 00:19 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-05-17 00:18 - 2014-05-17 00:18 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-05-17 00:18 - 2014-05-17 00:18 - 00008222 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-05-17 00:18 - 2014-05-17 00:18 - 00003206 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration
2014-05-17 00:18 - 2014-05-17 00:18 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-05-17 00:18 - 2014-05-17 00:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-05-17 00:18 - 2012-07-26 10:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-05-17 00:17 - 2014-05-17 00:17 - 00000000 ____D () C:\WINDOWS\system32\Drivers\N360x64
2014-05-17 00:17 - 2014-05-17 00:17 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-05-17 00:03 - 2014-05-17 00:03 - 01021456 _____ (Symantec Corporation) C:\Users\Tamara\Downloads\Norton_Download_Manager.exe
2014-05-17 00:03 - 2014-05-17 00:03 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-05-17 00:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-05-16 23:43 - 2012-11-27 06:11 - 00000000 ____D () C:\ProgramData\McAfee
2014-05-16 23:37 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-05-16 23:31 - 2013-02-26 19:44 - 01442296 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-16 23:30 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\restore
2014-05-16 23:16 - 2014-05-17 00:35 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1354172735-270949485-901679959-1002
2014-05-16 23:10 - 2012-08-03 01:15 - 00791608 _____ () C:\WINDOWS\system32\perfh013.dat
2014-05-16 23:10 - 2012-08-03 01:15 - 00161136 _____ () C:\WINDOWS\system32\perfc013.dat
2014-05-16 23:10 - 2012-08-03 01:11 - 00787034 _____ () C:\WINDOWS\system32\perfh010.dat
2014-05-16 23:10 - 2012-08-03 01:11 - 00155158 _____ () C:\WINDOWS\system32\perfc010.dat
2014-05-16 23:10 - 2012-08-03 01:06 - 00796080 _____ () C:\WINDOWS\system32\perfh00C.dat
2014-05-16 23:10 - 2012-08-03 01:06 - 00157634 _____ () C:\WINDOWS\system32\perfc00C.dat
2014-05-16 23:10 - 2012-08-03 01:02 - 00759192 _____ () C:\WINDOWS\system32\perfh007.dat
2014-05-16 23:10 - 2012-08-03 01:02 - 00158376 _____ () C:\WINDOWS\system32\perfc007.dat
2014-05-16 23:10 - 2012-07-26 09:28 - 04568320 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-16 23:06 - 2014-05-16 21:08 - 00000062 _____ () C:\Users\Tamara\AppData\Roaming\sp_data.sys
2014-05-16 23:06 - 2012-11-27 06:11 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-05-16 23:05 - 2014-05-16 23:03 - 00000000 ____D () C:\AdwCleaner
2014-05-16 23:05 - 2012-08-02 15:24 - 00005504 _____ () C:\WINDOWS\PFRO.log
2014-05-16 23:05 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-16 23:05 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-05-16 23:03 - 2014-05-16 23:03 - 01325827 _____ () C:\Users\Tamara\Downloads\adwcleaner_3.208.exe
2014-05-16 23:01 - 2014-05-16 23:01 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-16 23:01 - 2014-05-16 23:01 - 00000000 ____D () C:\Users\Tamara\AppData\Roaming\Mozilla
2014-05-16 23:01 - 2014-05-16 23:01 - 00000000 ____D () C:\Users\Tamara\AppData\Local\Mozilla
2014-05-16 23:01 - 2014-05-16 23:01 - 00000000 ____D () C:\ProgramData\Mozilla
2014-05-16 23:01 - 2014-05-16 23:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-16 23:01 - 2014-05-16 23:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-16 22:51 - 2012-11-27 06:11 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-05-16 22:40 - 2014-05-16 21:08 - 00000000 ____D () C:\Users\Tamara\AppData\Local\Packages
2014-05-16 22:40 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-05-16 22:38 - 2014-05-16 22:38 - 00000000 ____D () C:\Users\Tamara\Documents\CyberLink
2014-05-16 22:38 - 2014-05-16 22:38 - 00000000 ____D () C:\Users\Tamara\AppData\Roaming\CyberLink
2014-05-16 22:38 - 2014-05-16 22:38 - 00000000 ____D () C:\Users\Tamara\AppData\Local\Cyberlink
2014-05-16 22:38 - 2014-05-16 22:38 - 00000000 ____D () C:\Users\Public\CyberLink
2014-05-16 22:38 - 2014-05-16 22:38 - 00000000 ____D () C:\ProgramData\CyberLink
2014-05-16 21:13 - 2014-05-16 21:13 - 00000000 ____D () C:\Users\Tamara\AppData\Roaming\Macromedia
2014-05-16 21:12 - 2012-11-27 06:09 - 00000000 ____D () C:\ProgramData\ChangeFolderView
2014-05-16 21:10 - 2014-05-16 21:10 - 00000000 ___RD () C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 21:10 - 2014-05-16 21:10 - 00000000 ___RD () C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 21:10 - 2014-05-16 21:10 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2014-05-16 21:10 - 2014-05-16 21:10 - 00000000 ____D () C:\Users\Tamara\AppData\Roaming\ASUS WebStorage
2014-05-16 21:09 - 2014-05-16 21:09 - 00001440 _____ () C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-16 21:09 - 2014-05-16 21:09 - 00000192 _____ () C:\WINDOWS\FixPatch.log
2014-05-16 21:09 - 2014-05-16 21:09 - 00000134 _____ () C:\WINDOWS\SysWOW64\mcmarkclean.log
2014-05-16 21:09 - 2014-05-16 21:09 - 00000000 __RSD () C:\Users\Public\Desktop\ASUS
2014-05-16 21:09 - 2014-05-16 21:09 - 00000000 ____D () C:\Users\Tamara\AppData\Roaming\Adobe
2014-05-16 21:09 - 2014-05-16 21:09 - 00000000 ____D () C:\ProgramData\FolderView
2014-05-16 21:09 - 2012-11-27 06:08 - 06469770 _____ () C:\WINDOWS\AsDebug.log
2014-05-16 21:09 - 2012-11-27 06:08 - 01061158 _____ () C:\WINDOWS\AsCDProc.log
2014-05-16 21:09 - 2012-08-02 15:33 - 00000000 ____D () C:\WINDOWS\Log
2014-05-16 21:08 - 2014-05-16 21:08 - 00000000 ____D () C:\Users\Tamara\AppData\Local\VirtualStore
2014-05-16 21:08 - 2014-05-16 21:08 - 00000000 ____D () C:\Users\Tamara\AppData\Local\ASUS
2014-05-16 21:08 - 2012-07-26 10:12 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-05-16 21:08 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-16 21:07 - 2014-05-16 21:07 - 00000020 ___SH () C:\Users\Tamara\ntuser.ini
2014-05-16 21:07 - 2014-05-16 21:07 - 00000000 _SHDL () C:\Users\Tamara\Vorlagen
2014-05-16 21:07 - 2014-05-16 21:07 - 00000000 _SHDL () C:\Users\Tamara\Startmenü
2014-05-16 21:07 - 2014-05-16 21:07 - 00000000 _SHDL () C:\Users\Tamara\Netzwerkumgebung
2014-05-16 21:07 - 2014-05-16 21:07 - 00000000 _SHDL () C:\Users\Tamara\Lokale Einstellungen
2014-05-16 21:07 - 2014-05-16 21:07 - 00000000 _SHDL () C:\Users\Tamara\Eigene Dateien
2014-05-16 21:07 - 2014-05-16 21:07 - 00000000 _SHDL () C:\Users\Tamara\Druckumgebung
2014-05-16 21:07 - 2014-05-16 21:07 - 00000000 _SHDL () C:\Users\Tamara\Documents\Eigene Musik
2014-05-16 21:07 - 2014-05-16 21:07 - 00000000 _SHDL () C:\Users\Tamara\Documents\Eigene Bilder
2014-05-16 21:07 - 2014-05-16 21:07 - 00000000 _SHDL () C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-16 21:07 - 2014-05-16 21:07 - 00000000 _SHDL () C:\Users\Tamara\AppData\Local\Verlauf
2014-05-16 21:07 - 2014-05-16 21:07 - 00000000 _SHDL () C:\Users\Tamara\AppData\Local\Anwendungsdaten
2014-05-16 21:07 - 2014-05-16 21:07 - 00000000 _SHDL () C:\Users\Tamara\Anwendungsdaten
2014-05-16 20:59 - 2012-07-26 10:13 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2014-05-16 20:59 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\Recovery
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2012-08-02 15:24
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05-2014
Ran by Tamara at 2014-05-17 00:42:06
Running from C:\Users\Tamara\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 Online (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Online (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Online (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.5 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.13 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.1.3 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0002 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.8 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.10.123 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0027 - ASUS)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.7.1084 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Norton 360 (HKLM-x32\...\N360) (Version: 21.1.0.18 - Symantec Corporation)
NVIDIA Control Panel 311.00 (Version: 311.00 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 311.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.00 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6829 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.27023 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Windows Driver Package - ASUS (ATP) Mouse (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
==================== Restore Points =========================
16-05-2014 21:30:55 Sprachpaketdeinstallation
==================== Hosts content: ==========================
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2459A6C9-24F3-4157-AA53-777F7E67FEAD} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {3ABCED2C-7D02-4059-B882-1A9EE9D4C0F0} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {4FA6548A-07C2-41E3-ABD0-3478FEE6A664} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-29] (ASUS)
Task: {526D1ED6-A08F-48FD-9787-0985B2CD2B13} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {5E6CDBFD-60EC-42A8-8B95-165A5A607572} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {62811A54-1884-4922-93A2-804FA097D3C1} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {6E3D7754-6654-4A3B-9A73-9A66AFEAA389} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2012-11-29] ()
Task: {756FD5E1-6F88-4DE0-8F0B-11EA27574CA3} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-01-16] (AsusTek)
Task: {8423827D-696E-4391-A89E-33D4DF0C1608} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-10-24] (ASUS)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\WINDOWS\system32\dism.exe [2012-07-26] (Microsoft Corporation)
Task: {B3DB13A3-7060-4F8F-9F94-3FB39D24F057} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
==================== Loaded Modules (whitelisted) =============
2012-08-24 19:26 - 2012-08-24 19:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-11-29 19:15 - 2012-11-29 19:15 - 00171224 _____ () C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
2013-01-29 05:43 - 2012-10-15 06:09 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2013-02-26 19:48 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-05-16 23:01 - 2014-05-07 04:27 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/16/2014 10:42:29 PM) (Source: McLogEvent) (EventID: 5022) (User: NT-AUTORITÄT)
Description: 1
Error: (05/16/2014 10:42:21 PM) (Source: McLogEvent) (EventID: 5022) (User: NT-AUTORITÄT)
Description: 1
System errors:
=============
Error: (05/17/2014 00:16:06 AM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (05/17/2014 00:15:36 AM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (05/16/2014 10:47:39 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {26608B46-476A-4BF1-9CC6-AFEA28EBBC17}
Error: (05/16/2014 10:45:39 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {26608B46-476A-4BF1-9CC6-AFEA28EBBC17}
Error: (05/16/2014 09:12:41 PM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: Microsoft.WindowsLive.Platform.Service.RemoteProcess
Error: (05/16/2014 09:00:08 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Microsoft Office Sessions:
=========================
Error: (05/16/2014 10:42:29 PM) (Source: McLogEvent) (EventID: 5022) (User: NT-AUTORITÄT)
Description: 1
Error: (05/16/2014 10:42:21 PM) (Source: McLogEvent) (EventID: 5022) (User: NT-AUTORITÄT)
Description: 1
==================== Memory info ===========================
Percentage of memory in use: 42%
Total physical RAM: 6029.54 MB
Available physical RAM: 3460.93 MB
Total Pagefile: 10125.54 MB
Available Pagefile: 7552.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:185.52 GB) (Free:150.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:258.15 GB) (Free:258.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: C2B20764)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-17 01:13:41
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003f WDC_WD5000LPVT-80G33T2 rev.01.01A01 465,76GB
Running: 2ku18rdu.exe; Driver: C:\Users\Tamara\AppData\Local\Temp\fxloapow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2448] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd28761532 4 bytes [76, 28, FD, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2448] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd2876153a 4 bytes [76, 28, FD, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2448] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd2876165a 4 bytes [76, 28, FD, 07]
.text C:\WINDOWS\system32\nvvsvc.exe[2468] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 690 000007fd28761532 4 bytes [76, 28, FD, 07]
.text C:\WINDOWS\system32\nvvsvc.exe[2468] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 698 000007fd2876153a 4 bytes [76, 28, FD, 07]
.text C:\WINDOWS\system32\nvvsvc.exe[2468] C:\WINDOWS\system32\MSIMG32.dll!TransparentBlt + 246 000007fd2876165a 4 bytes [76, 28, FD, 07]
.text C:\WINDOWS\system32\nvvsvc.exe[2468] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd34c4177a 4 bytes [C4, 34, FD, 07]
.text C:\WINDOWS\system32\nvvsvc.exe[2468] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd34c41782 4 bytes [C4, 34, FD, 07]
.text C:\WINDOWS\Explorer.EXE[3236] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd34c4177a 4 bytes [C4, 34, FD, 07]
.text C:\WINDOWS\Explorer.EXE[3236] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd34c41782 4 bytes [C4, 34, FD, 07]
.text C:\WINDOWS\Explorer.EXE[3236] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fd2d011b32 4 bytes [01, 2D, FD, 07]
.text C:\WINDOWS\Explorer.EXE[3236] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fd2d011b3a 4 bytes [01, 2D, FD, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4040] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd28761532 4 bytes [76, 28, FD, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4040] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd2876153a 4 bytes [76, 28, FD, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4040] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd2876165a 4 bytes [76, 28, FD, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3392] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd28761532 4 bytes [76, 28, FD, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3392] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd2876153a 4 bytes [76, 28, FD, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3392] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd2876165a 4 bytes [76, 28, FD, 07]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [500:480] fffff960008185e8
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Ich hoffe, ich habe alles richtig gemacht. Gruß Tamara |
|
17.05.2014, 12:00
| #2 |
| /// the machine /// TB-Ausbilder    | Win 8 nach Neuinstallation immernoch extrem langsam und stürzt ständig ab Hi,
__________________schau mal ob du ein Dumpfile findest im Ordner C:\Windows\Minidump.
__________________ |
|
| Themen zu Win 8 nach Neuinstallation immernoch extrem langsam und stürzt ständig ab |
| association, bildschirm, browser, cpu, defender, desktop, entfernen, error, firefox, homepage, installation, kaputt, langsam, mozilla, problem, realtek, registry, rundll, scan, security, services.exe, software, svchost.exe, symantec, system, windows |
Linear-Darstellung
