| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows und Firefox werden immer langsamerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.10.2014, 16:51
| #1 |
| |  Windows und Firefox werden immer langsamer Hallo Team, mein Rechner wird immer langsamer.Ich habe schon defragmentiert und so gut es geht bereinigt aber es hat alles nichts geholfen.Da mein Sohn diesen Rechner mit benutzt weiß ich auch nicht was er schon alles unternommen hat.Habe den Rechner jetzt Passwortgeschützt so das keiner mehr rumfummeln kann und wollte mal höflichst anfragen ob einer mal über die erstellten Logfiles drüberschaun kann und evtl die Ursache findet. Hier die Logs : Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-10-2014
Ran by Franky at 2014-10-15 16:26:35
Running from C:\Users\Franky\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKLM\...\uTorrent) (Version: 3.2.2.28500 - BitTorrent Inc.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.4.0.2540 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Elements 7.0 (HKLM\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (Version: 7.0.0.3 - Adobe Systems Incorporated) Hidden
Adobe Reader X - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Any DWG DXF Converter Pro 2010 (HKLM\...\Any DWG DXF Converter Pro_is1) (Version: - AnyDWG Software, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Autodesk Material Library 2014 (HKLM\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Avira (HKLM\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Beamrise (HKCU\...\Beamrise) (Version: 29.3.0.7376 - Beamrise)
BitZipper 2013 (HKLM\...\BitZipper_is1) (Version: 2013.13.4.16 - Bitberry Software)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM\...\MyCamera Download Plugin) (Version: 3.1.0.1 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.8.0.1 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.7.0.1 - Canon Inc.)
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.7.0.6 - Canon Inc.)
Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.5.0.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.6.0.5 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.9 (HKLM\...\DPP) (Version: 3.9.1.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 2.9.0.0 - Canon Inc.)
Canon Utilities Original Data Security Tools (HKLM\...\Original Data Security Tools) (Version: 1.9.0.1 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM\...\Picture Style Editor) (Version: 1.8.0.0 - Canon Inc.)
Canon Utilities WFT Utility (HKLM\...\WFTK) (Version: 3.5.1.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.6.0.23 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.4.0.4 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.00 - Piriform)
ConvertXtoDVD 4.1.7.343 (HKLM\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.7.343 - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.)
EPSON BX305 Series Printer Uninstall (HKLM\...\EPSON BX305 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
eToro (HKLM\...\eToro) (Version: 1150 - eToro)
Firebird SQL Server - MAGIX Edition (HKLM\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
FormatFactory 2.70 (HKLM\...\FormatFactory) (Version: 2.70 - Free Time)
Google SketchUp Pro 8 (HKLM\...\{5882F1F6-305C-47BE-89AF-DA5D9AD56EE8}) (Version: 3.0.14358 - Google, Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.09) (Version: 9.09 - Artifex Software Inc.)
Greenshot 1.1.5.2643 (HKLM\...\Greenshot_is1) (Version: 1.1.5.2643 - Greenshot)
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
Inkscape 0.48.5 (HKLM\...\Inkscape) (Version: 0.48.5 - )
Internet Casino Deutsche Spielbank (Remove Only) (HKLM\...\Internet Casino Deutsche Spielbank) (Version: - )
Internet Explorer Toolbar 4.9 by SweetPacks (HKLM\...\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}) (Version: 4.9.0000 - SweetIM Technologies Ltd.) <==== ATTENTION
Ipswitch WS_FTP 12 (HKLM\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 12.3 - Ipswitch)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
IsoBuster 2.8 (HKLM\...\IsoBuster_is1) (Version: 2.8 - Smart Projects)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.260 - Oracle)
K-Lite Mega Codec Pack 6.5.0 (HKLM\...\KLiteCodecPack_is1) (Version: 6.5.0 - )
L&H TTS3000 British English (HKLM\...\LHTTSENG) (Version: - )
L&H TTS3000 Deutsch (HKLM\...\LHTTSGED) (Version: - )
Lame ACM MP3 Codec (HKLM\...\LameACM) (Version: - )
LazyCam 3.00.2 (HKLM\...\LazyCam 3.00.2) (Version: 3.00.2 - ArtSoft Inc.)
Mach3 (HKLM\...\Mach3) (Version: 3.042.020 - ArtSoft USA)
Mach3 R3.042.038W-29 (HKLM\...\Mach3 R3.042.038W-29) (Version: R3.042.038W-29 - Ing.-Büro Winckler)
MAGIX Screenshare (HKLM\...\{4696FD4A-A0DF-4F84-BC9D-12D73E1D95D3}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM\...\{58503E1E-09E6-400C-A44C-3822D7559794}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Designelemente) (HKLM\...\{090D4332-7A77-4C17-B51D-E9F0C1406DF1}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Klangerzeuger) (HKLM\...\{B153B45F-4539-4FB6-B4DA-5D6AD1778A0F}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (NewBlueFX Premium Effects) (HKLM\...\{4C40A729-70DE-463C-820F-282F0039422A}) (Version: 1.1.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (proDAD Adorage 11) (HKLM\...\{76F8AA5E-7959-4964-9FF1-C9F1EB5DF882}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (proDAD Mercalli 2) (HKLM\...\{67031FA6-070F-4003-9541-72A61703353F}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Reallusion iClone 4.2 Starter-Version) (HKLM\...\{A025CC04-DE6B-47A6-9E00-4FF3743FE0C4}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Soundtrack Maker-Stile) (HKLM\...\{FE8E514C-68AE-430A-BCFF-C4097B6D3866}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Titeleffekte) (HKLM\...\{41BBE7BA-8C98-47CE-95A1-1C0B0245B007}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition (Überblendeffekte) (HKLM\...\{02F0341B-EECC-4D3E-ACD8-FBF77C45DB5B}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition Download-Version (HKLM\...\MAGIX_MSI_Videodeluxe17_premium) (Version: 10.0.11.0 - MAGIX AG)
MAGIX Video deluxe 17 Premium Sonderedition Download-Version (Version: 10.0.11.0 - MAGIX AG) Hidden
MAGIX Video deluxe 17 Premium Sonderedition Video Plugins (HKLM\...\{39CF0384-AF7F-4E56-9A8F-6F533C8A6DF4}) (Version: 1.0.0.0 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Matrox VFW Software Codecs, build 28 (HKLM\...\Matrox VFW Software Codecs) (Version: - )
MediaInfo 0.7.54 (HKLM\...\MediaInfo) (Version: 0.7.54 - MediaArea.net)
Microsoft .NET Framework 4.5.2 (DEU) (Version: 4.5.51209 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Version: 4.5.51209 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Camera Codec Pack (HKLM\...\{908C5B2E-D684-425E-A54D-FE77D5C5A076}) (Version: 16.4.1970.0624 - Microsoft Corporation)
Microsoft Image Composite Editor (HKLM\...\{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 32.0.3 (x86 de) (HKLM\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NewBlue Light Rays for Magix (HKLM\...\NewBlue Light Rays for Magix) (Version: 1.4 - NewBlue)
NewBlue Lightning for Magix (HKLM\...\NewBlue Lightning for Magix) (Version: 1.4 - NewBlue)
NewBlueFX Premium Effects (HKLM\...\NewBlueFX Premium Effects) (Version: 1.4 - NewBlue)
NVIDIA 3D Vision Controller-Treiber 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.07 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3165 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
paint.net (HKLM\...\{3F5F509B-E226-417C-8CD1-CAAE756C3289}) (Version: 4.0.0 - dotPDN LLC)
Panoweaver 7 Professional Edition (HKLM\...\Panoweaver700_pro_is1) (Version: - Easypano Holdings Inc.)
PosteRazor (HKLM\...\PosteRazor_is1) (Version: 1.5 - Alessandro Portale)
proDAD Heroglyph 2.5 (HKLM\...\proDAD-Heroglyph-2.5) (Version: 2.6.32 - proDAD GmbH)
proDAD Mercalli 2.0 (HKLM\...\proDAD-Mercalli-2.0) (Version: 2.0.61 - proDAD GmbH)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
PxMergeModule (Version: 1.00.0000 - Your Company Name) Hidden
QueenVegas (HKLM\...\QueenVegas) (Version: - )
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Silhouette Studio (HKLM\...\{FC7EA748-4433-4CC7-9ED3-E130A4768ECF}) (Version: 3.0.531 - Silhouette America)
SIW version 2011.10.29 (HKLM\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions)
SketchUp Import for AutoCAD 2014 (HKLM\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SUPER © v2012.build.52 (July 7, 2012) Version v2012.build.52 (HKLM\...\{8F311E2E-C275-4CF0-8154-B63991832668}_is1) (Version: v2012.build.52 - eRightSoft)
Tunatic (HKLM\...\Tunatic) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version: - Microsoft)
USB2.0 Capture Device (HKLM\...\{E337B156-DF81-48D8-8977-B1574EE87BCF}) (Version: 1.0.3.0 - )
Vasco da Gama 4 HDPro (HKLM\...\{05BBF12D-565E-4212-8BDD-C482C72866DD}) (Version: 4.00.0000 - MotionStudios)
Vimeo Uploader (HKLM\...\vimeo.Duplo.3E2F2984357E7A95AE95C69EF2C5C14640284048.1) (Version: 0.9.5.4 - UNKNOWN)
Vimeo Uploader (Version: 0.9.5 - UNKNOWN) Hidden
Virtual DJ Studio 6.9 (HKLM\...\VDJ60_is1) (Version: - Next Generation Software)
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
vReveal (HKLM\...\vReveal) (Version: - MotionDSP)
vReveal 3 (HKLM\...\vReveal 3) (Version: - MotionDSP)
WBFS Manager 4.0 (HKLM\...\{825E9A84-1E03-4526-9F8E-45015C938A7C}) (Version: 4.0 - WBFS)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinHTTrack Website Copier 3.47-21 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.47.21 - HTTrack)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
XnView 2.22 (HKLM\...\XnView_is1) (Version: 2.22 - Gougelet Pierre-e)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2434956288-1805249905-3065635734-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Franky\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2434956288-1805249905-3065635734-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-2434956288-1805249905-3065635734-1000_Classes\CLSID\{1EF21888-3BD8-4064-BAD3-4BF694952652}\InprocServer32 -> C:\Program Files\Microsoft Research\Image Composite Editor\WLPG.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2434956288-1805249905-3065635734-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-2434956288-1805249905-3065635734-1000_Classes\CLSID\{62363FBC-76F1-AE04-AF46-51940490C49B}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2434956288-1805249905-3065635734-1000_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\Windows\system32\msvbvm60.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2434956288-1805249905-3065635734-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Franky\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2434956288-1805249905-3065635734-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Franky\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2434956288-1805249905-3065635734-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Franky\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2434956288-1805249905-3065635734-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Franky\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2434956288-1805249905-3065635734-1006_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-2434956288-1805249905-3065635734-1006_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-2434956288-1805249905-3065635734-1006_Classes\CLSID\{1EF21888-3BD8-4064-BAD3-4BF694952652}\InprocServer32 -> C:\Program Files\Microsoft Research\Image Composite Editor\WLPG.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2434956288-1805249905-3065635734-1006_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-2434956288-1805249905-3065635734-1006_Classes\CLSID\{62363FBC-76F1-AE04-AF46-51940490C49B}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2434956288-1805249905-3065635734-1006_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\Windows\system32\msvbvm60.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2434956288-1805249905-3065635734-1006_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll No File
CustomCLSID: HKU\S-1-5-21-2434956288-1805249905-3065635734-1006_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll No File
CustomCLSID: HKU\S-1-5-21-2434956288-1805249905-3065635734-1006_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll No File
CustomCLSID: HKU\S-1-5-21-2434956288-1805249905-3065635734-1006_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll No File
==================== Restore Points =========================
24-09-2014 22:00:04 Geplanter Prüfpunkt
02-10-2014 07:58:44 Geplanter Prüfpunkt
09-10-2014 22:03:01 Geplanter Prüfpunkt
15-10-2014 10:19:31 Removed ABBYY FineReader 10 Professional Edition
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2010-11-08 15:30 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {057EFE97-7172-468F-B568-1B23527AA407} - System32\Tasks\{7A2EFAD3-10EA-437F-B6CE-CB4E5ACB9E32} => C:\Program Files\Skype\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)
Task: {081FF6E4-C446-4448-B584-FEEC3F5487CE} - System32\Tasks\Your File Updater => C:\Program Files\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {10DE5934-3E75-4F0B-B16B-ACF85540F9D2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-14] (Google Inc.)
Task: {2142BD04-0EA6-4026-ABC0-A7B71A6DA628} - System32\Tasks\ASO-OneClickCare => C:\Program Files\Advanced System Optimizer 3\ASO3.exe
Task: {5F0B4E13-FD22-4949-BE9C-E36C5C74B0ED} - \Plus-HD-2.2-firefoxinstaller No Task File <==== ATTENTION
Task: {638DDCAF-3696-49BE-B252-B33480AAC6D3} - System32\Tasks\ASOService => C:\Program Files\Advanced System Optimizer 3\ASO3.exe
Task: {6AA6E41D-E852-4F96-B224-36A754D6807B} - \Plus-HD-2.2-chromeinstaller No Task File <==== ATTENTION
Task: {82E376EB-9975-4275-A4C6-A9570227CC05} - System32\Tasks\ASO-AutoCheckUpdate7Days => C:\Program Files\Advanced System Optimizer 3\CheckUpdate.exe
Task: {8D5D8DD3-F6F3-478B-A686-A3F46F181BFB} - \Plus-HD-2.2-enabler No Task File <==== ATTENTION
Task: {A315F75D-D8E4-4E1A-ADD8-114513941636} - System32\Tasks\{C29EC90C-AF99-4ACC-B0D0-76BBB47508C6} => C:\Program Files\VirtualDJ\virtualdj_home.exe
Task: {B4142401-D8FB-4B4B-8750-CA94430D00B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {BACBE013-4366-4163-8679-9C5189C0E512} - \Plus-HD-2.2-codedownloader No Task File <==== ATTENTION
Task: {BBDB0E28-5ECD-4185-99CD-84493E11F9BF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-14] (Google Inc.)
Task: {BD1E2F96-56B0-4533-8E0C-155DB19EA75D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {C5D3EBA5-4034-40A6-9E03-C15C95BE075D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C66054EE-2B04-44D1-AD3D-CD9CF6E5A359} - System32\Tasks\{E366ACB3-02A0-4C0E-AC55-346B283314A1} => C:\Program Files\IPACS\easyfly\flyrun2.exe
Task: {D246E6F3-3386-4438-936A-4035CABD0585} - System32\Tasks\Advanced System Optimizer => C:\Program Files\Advanced System Optimizer 3\ASO3.exe
Task: {D620BCED-75D2-408D-B2A4-FACF966D6AB8} - \RegClean Pro_DEFAULT No Task File <==== ATTENTION
Task: {F309A23F-3C63-4C91-9DCA-029482333652} - \Plus-HD-2.2-updater No Task File <==== ATTENTION
Task: {F497AC99-0E43-4D45-89F6-8E80B840C574} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {F7037605-B8F0-44F4-A107-36481E91300F} - System32\Tasks\GoforFilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-10-25 18:53 - 2013-10-23 09:19 - 00092448 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2009-12-27 17:49 - 2008-09-16 21:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2011-11-17 20:51 - 2011-06-07 16:23 - 00271872 _____ () C:\Windows\system32\PWContextMenu.dll
2014-07-23 11:17 - 2014-09-25 11:42 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2011-12-27 10:55 - 2010-10-28 19:52 - 00948496 _____ () C:\Program Files\Ipswitch\WS_FTP 12\LIBEAY32.dll
2011-12-27 10:55 - 2010-10-28 19:52 - 00153360 _____ () C:\Program Files\Ipswitch\WS_FTP 12\SSLEAY32.dll
2014-09-15 10:53 - 2014-09-15 10:53 - 16825520 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:890CC2F3
AlternateDataStreams: C:\ProgramData\TEMP:F34493AA
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Franky^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Avira Systray => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
MSCONFIG\startupreg: Bonus.SSR.FR10 => "C:\Program Files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: FilterHost => C:\Users\Franky\AppData\Roaming\mmserver\FilterHost.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TrayServer => C:\PROGRA~1\MAGIX\VIDEO_~2\TrayServer.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-2434956288-1805249905-3065635734-500 - Administrator - Disabled)
Franky (S-1-5-21-2434956288-1805249905-3065635734-1000 - Administrator - Enabled) => C:\Users\Franky
Gaggä (S-1-5-21-2434956288-1805249905-3065635734-1005 - Limited - Enabled)
Gast (S-1-5-21-2434956288-1805249905-3065635734-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2434956288-1805249905-3065635734-1007 - Limited - Enabled)
UpdatusUser (S-1-5-21-2434956288-1805249905-3065635734-1006 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/15/2014 01:33:39 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/13/2014 00:35:49 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/08/2014 02:01:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/08/2014 09:48:09 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/08/2014 09:14:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/06/2014 09:38:09 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/05/2014 00:43:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/01/2014 07:07:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647
Name des fehlerhaften Moduls: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000795b
ID des fehlerhaften Prozesses: 0x12bc
Startzeit der fehlerhaften Anwendung: 0xipmGui.exe0
Pfad der fehlerhaften Anwendung: ipmGui.exe1
Pfad des fehlerhaften Moduls: ipmGui.exe2
Berichtskennung: ipmGui.exe3
Error: (10/01/2014 03:07:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647
Name des fehlerhaften Moduls: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000795b
ID des fehlerhaften Prozesses: 0xae4
Startzeit der fehlerhaften Anwendung: 0xipmGui.exe0
Pfad der fehlerhaften Anwendung: ipmGui.exe1
Pfad des fehlerhaften Moduls: ipmGui.exe2
Berichtskennung: ipmGui.exe3
Error: (09/29/2014 07:06:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647
Name des fehlerhaften Moduls: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000795b
ID des fehlerhaften Prozesses: 0xe08
Startzeit der fehlerhaften Anwendung: 0xipmGui.exe0
Pfad der fehlerhaften Anwendung: ipmGui.exe1
Pfad des fehlerhaften Moduls: ipmGui.exe2
Berichtskennung: ipmGui.exe3
System errors:
=============
Error: (10/15/2014 00:22:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (10/15/2014 11:50:24 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/13/2014 11:44:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (10/13/2014 11:44:03 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (10/13/2014 11:43:52 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}
Error: (10/13/2014 11:42:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (10/13/2014 09:10:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (10/13/2014 09:08:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (10/13/2014 09:08:18 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}
Error: (10/09/2014 08:57:21 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk3\DR3.
Microsoft Office Sessions:
=========================
Error: (06/17/2014 09:03:38 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 57 seconds with 0 seconds of active time. This session ended with a crash.
Error: (06/07/2014 07:45:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 20 seconds with 0 seconds of active time. This session ended with a crash.
Error: (07/13/2012 02:17:29 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23310 seconds with 1140 seconds of active time. This session ended with a crash.
Error: (05/27/2012 09:39:22 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 80 seconds with 60 seconds of active time. This session ended with a crash.
Error: (11/24/2011 10:55:52 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8675 seconds with 240 seconds of active time. This session ended with a crash.
Error: (09/02/2011 00:05:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12333 seconds with 120 seconds of active time. This session ended with a crash.
Error: (03/11/2010 01:03:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: AMD Athlon(tm) Dual Core Processor 5400B
Percentage of memory in use: 58%
Total physical RAM: 3070.49 MB
Available physical RAM: 1267.3 MB
Total Pagefile: 15068.78 MB
Available Pagefile: 12804.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.86 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:100 GB) (Free:1.51 GB) NTFS
Drive d: (Daten) (Fixed) (Total:132.79 GB) (Free:83.48 GB) NTFS
Drive g: (FreeAgent GoFlex Drive) (Fixed) (Total:931.51 GB) (Free:213.92 GB) NTFS
Drive h: (Seagate Backup Plus Drive) (Fixed) (Total:2794.51 GB) (Free:2537.22 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 2DAF2DAF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=132.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 2.
==================== End Of Log ============================
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:23 on 15/10/2014 (Franky)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-10-2014 Ran by Franky (administrator) on WIN7WS001 on 15-10-2014 16:25:48 Running from C:\Users\Franky\Desktop Loaded Profiles: Franky & UpdatusUser & (Available profiles: Franky & UpdatusUser) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Syntek America Inc.) C:\Windows\System32\StkASv2K.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Greenshot) C:\Program Files\Greenshot\Greenshot.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Ipswitch) C:\Program Files\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [499712 2013-05-20] (Greenshot) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-07] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-2434956288-1805249905-3065635734-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.) HKU\S-1-5-21-2434956288-1805249905-3065635734-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2434956288-1805249905-3065635734-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-2434956288-1805249905-3065635734-1000\...\Policies\Explorer: [] HKU\S-1-5-21-2434956288-1805249905-3065635734-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.) HKU\S-1-5-21-2434956288-1805249905-3065635734-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2434956288-1805249905-3065635734-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-2434956288-1805249905-3065635734-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [] GroupPolicyUsers\S-1-5-21-2434956288-1805249905-3065635734-1005\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF0A791FAEC86CA01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {CA308696-6AD8-40F9-9B74-E5612F1B637E} URL = hxxp://search.softonic.com/MOY00010/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=7cdb55b700000000000000226427ffea&toi=16044&r=413 SearchScopes: HKCU - {25EE155F-556B-4029-BB4E-FF8D6D1F18B8} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647 SearchScopes: HKCU - {70BA3E6B-1059-2266-0B2C-40E4A85231B8} URL = hxxp://www.ddlstart.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=750&product_id=872&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.5.0&install_country=IT&install_date=20120709&user_guid=1E3B44CBF58D4611A7C0F4C53F68FE4D&machine_id=486747aeaad42504c44a78df325377f9&browser=IE&os=win&os_version=6.1-x86-SP0&iesrc={referrer:source} SearchScopes: HKCU - {9892B06D-1990-4C2E-B15D-BF4468266AEB} URL = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} SearchScopes: HKCU - {C85111B2-CC63-47D9-82EA-D71930FB9AA9} URL = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms} SearchScopes: HKCU - {CA308696-6AD8-40F9-9B74-E5612F1B637E} URL = hxxp://search.softonic.com/MOY00010/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=7cdb55b700000000000000226427ffea&toi=16044&r=413 SearchScopes: HKCU - {EBC7DBC1-7235-488F-A388-7BE848029C0C} URL = hxxp://www.google.de/search?q={searchTerms} BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File Toolbar: HKCU - No Name - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No File Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ] Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Franky\AppData\Roaming\Mozilla\Firefox\Profiles\xzi5lclv.default FF Homepage: google.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF user.js: detected! => C:\Users\Franky\AppData\Roaming\Mozilla\Firefox\Profiles\xzi5lclv.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Adblock Plus - C:\Users\Franky\AppData\Roaming\Mozilla\Firefox\Profiles\xzi5lclv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-04] FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] FF HKCU\...\Firefox\Extensions: [{ff893d95-065a-4906-8049-1650c9a8d1e8}] - C:\Program Files\Re-markit\150.xpi Chrome: ======= CHR Profile: C:\Users\Franky\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (No Name) - C:\Users\Franky\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc [2012-11-10] CHR HKLM\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Franky\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [2012-08-26] CHR HKLM\...\Chrome\Extension: [lgnbhdnimikkoodkogjlcllngimhlapp] - C:\Program Files\FTDownloader.com\FTDownloader10.crx [2012-08-26] CHR HKCU\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Franky\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [2012-08-26] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2010-10-06] (Adobe Systems) [File not signed] R2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-07] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG) R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION) R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION) R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1064312 2013-11-18] (Flexera Software LLC) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 StkASSrv; C:\Windows\System32\StkASv2K.exe [24576 2006-05-24] (Syntek America Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG) S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [63464 2013-02-13] (FTDI Ltd.) S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) R3 Mach3; C:\Windows\System32\Drivers\Mach3.sys [108448 2010-02-08] (Your Corporation) [File not signed] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [110296 2014-10-15] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-26] (Avira GmbH) S3 StkAMini; C:\Windows\System32\Drivers\StkAMini.sys [241628 2006-09-27] (Syntek America Inc.) [File not signed] S3 StkScan; C:\Windows\System32\Drivers\StkScan.sys [4772 2006-08-02] (Syntek America Inc.) [File not signed] S3 TridVid; C:\Windows\System32\DRIVERS\TridVid.sys [168448 2007-10-16] (Trident Multimedia Technologies Co.,Ltd) [File not signed] S4 catchme; \??\C:\Users\Franky\AppData\Local\Temp\catchme.sys [X] S4 cpuz132; \??\C:\Users\Franky\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X] S4 WINFLASH; \??\C:\swsetup\sp46550\WinFlash.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-15 16:25 - 2014-10-15 16:26 - 00016785 _____ () C:\Users\Franky\Desktop\FRST.txt 2014-10-15 16:25 - 2014-10-15 16:25 - 01101824 _____ (Farbar) C:\Users\Franky\Desktop\FRST.exe 2014-10-15 16:25 - 2014-10-15 16:25 - 00000000 ____D () C:\FRST 2014-10-15 16:23 - 2014-10-15 16:24 - 00000474 _____ () C:\Users\Franky\Desktop\defogger_disable.log 2014-10-15 16:23 - 2014-10-15 16:23 - 00050477 _____ () C:\Users\Franky\Desktop\Defogger.exe 2014-10-15 16:23 - 2014-10-15 16:23 - 00000000 _____ () C:\Users\Franky\defogger_reenable 2014-10-15 12:51 - 2014-10-15 12:51 - 00000458 __RSH () C:\ProgramData\ntuser.pol 2014-10-15 12:24 - 2014-10-15 12:24 - 00000696 _____ () C:\Windows\PFRO.log 2014-10-15 12:24 - 2014-10-15 12:24 - 00000056 _____ () C:\Windows\setupact.log 2014-10-15 12:24 - 2014-10-15 12:24 - 00000000 _____ () C:\Windows\setuperr.log 2014-10-15 09:02 - 2014-10-15 09:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-10-15 09:02 - 2014-10-15 09:02 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-09-25 11:13 - 2014-10-15 12:53 - 00000000 ____D () C:\Users\Franky\Desktop\Michl 2014-09-17 19:53 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-17 19:53 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-17 19:53 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-17 19:53 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-17 19:53 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-17 19:53 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-17 19:53 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-17 19:53 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-17 19:53 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-17 19:53 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-17 19:53 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-17 19:53 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-17 19:53 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-17 19:53 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-17 19:53 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-17 19:53 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-17 19:53 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-17 19:53 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-17 19:53 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-17 19:53 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-17 19:53 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-17 19:53 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-17 19:53 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-17 19:53 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-17 19:53 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-17 19:53 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-17 19:53 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-17 19:53 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-17 19:53 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-17 19:53 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-15 09:22 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-15 09:22 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-15 16:26 - 2010-03-08 14:16 - 00000000 ____D () C:\Users\Franky\AppData\Roaming\Skype 2014-10-15 16:23 - 2009-12-27 13:55 - 00000000 ____D () C:\Users\Franky 2014-10-15 16:19 - 2012-12-29 18:04 - 01085468 _____ () C:\Windows\WindowsUpdate.log 2014-10-15 15:54 - 2009-07-14 06:34 - 00025216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-15 15:54 - 2009-07-14 06:34 - 00025216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-15 15:53 - 2012-09-11 09:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-15 15:50 - 2014-05-21 07:11 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-15 13:00 - 2010-03-14 20:42 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-15 13:00 - 2010-03-14 20:42 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-15 12:24 - 2011-07-08 15:55 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-10-15 12:24 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-15 12:21 - 2011-05-30 12:06 - 00000000 ____D () C:\Users\Franky\AppData\Local\ABBYY 2014-10-15 12:21 - 2011-05-30 12:06 - 00000000 ____D () C:\ProgramData\ABBYY 2014-10-15 09:07 - 2014-08-24 11:48 - 00001061 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-10-15 09:07 - 2014-08-08 09:10 - 00000000 ____D () C:\ProgramData\Package Cache 2014-10-15 09:07 - 2013-08-26 10:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-10-15 09:07 - 2013-08-26 10:30 - 00000000 ____D () C:\Program Files\Avira 2014-10-15 09:02 - 2011-09-16 17:44 - 00000000 ___RD () C:\Program Files\Skype 2014-10-15 09:02 - 2010-03-08 14:16 - 00000000 ____D () C:\ProgramData\Skype 2014-10-13 11:43 - 2010-11-08 22:34 - 00018944 _____ () C:\Users\Franky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-10-07 13:56 - 2013-08-26 16:37 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-10-07 13:56 - 2013-08-26 10:31 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-10-07 13:56 - 2013-08-26 10:31 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-10-04 17:56 - 2009-12-27 16:41 - 00000000 ____D () C:\Windows\Sun 2014-10-01 08:31 - 2013-07-09 16:29 - 00000000 ____D () C:\Users\Franky\AppData\Local\CrashDumps 2014-09-26 11:21 - 2014-01-04 12:10 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-09-25 11:42 - 2014-07-23 11:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-24 18:27 - 2014-07-29 10:02 - 00000000 ____D () C:\Users\Franky\AppData\Roaming\com.aspexsoftware.Silhouette_Studio 2014-09-24 15:48 - 2014-07-29 10:02 - 00000000 ____D () C:\ProgramData\boost_interprocess 2014-09-23 20:53 - 2012-03-31 07:33 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-09-23 20:53 - 2011-07-20 08:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-09-18 10:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-09-18 09:28 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-09-17 19:55 - 2009-12-27 15:06 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-17 19:53 - 2013-08-15 21:42 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-17 19:47 - 2009-12-27 15:38 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Some content of TEMP: ==================== C:\Users\Franky\AppData\Local\temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-06 09:33 ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-15 17:38:32
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000063 ST325031 rev.3.AH 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\Franky\AppData\Local\Temp\kxrirpod.sys
---- System - GMER 2.1 ----
SSDT 91A77B66 ZwCreateSection
SSDT 91A77B70 ZwRequestWaitReplyPort
SSDT 91A77B6B ZwSetContextThread
SSDT 91A77B75 ZwSetSecurityObject
SSDT 91A77B7A ZwSystemDebugControl
SSDT 91A77B07 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 8323FA15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83279212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 8328058C 4 Bytes [66, 7B, A7, 91] {JNP 0xffffffaa; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 832808E8 4 Bytes [70, 7B, A7, 91] {JO 0x7d; CMPSD ; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 8328092C 4 Bytes [6B, 7B, A7, 91] {IMUL EDI, [EBX-0x59], -0x6f}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 832809A8 4 Bytes [75, 7B, A7, 91] {JNZ 0x7d; CMPSD ; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 832809FC 4 Bytes [7A, 7B, A7, 91] {JP 0x7d; CMPSD ; XCHG ECX, EAX}
.text ...
---- User IAT/EAT - GMER 2.1 ----
IAT C:\Windows\Explorer.EXE[2976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [72CF249F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [72CD5652] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [72CD5710] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [72CF251A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [72CE857E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [72CE4D32] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [72CE50D9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [72CE51AE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [72CE66DB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [72CE82D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [72CE8824] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [72CE9085] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [72CEE228] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [72CE4C64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0x5B 0xF1 0x21 0x7F ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD ...
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 15.10.2014 Suchlauf-Zeit: 15:50:03 Logdatei: Log MB.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.10.15.03 Rootkit Datenbank: v2014.10.15.01 Lizenz: Premium Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Franky Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 389044 Verstrichene Zeit: 20 Min, 9 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristics: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 1 PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\SYSTWEAK\RegClean Pro, , [1ce3c252b8c439fdfb2d74b59c679c64], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Grüße Franky |
|
15.10.2014, 17:03
| #2 |
| /// the machine /// TB-Ausbilder    | Windows und Firefox werden immer langsamer hi,
__________________Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ |
|
15.10.2014, 18:02
| #3 |
| | Windows und Firefox werden immer langsamer Hallo Schrauber,
__________________Vielen Dank für die super schnelle Antwort. Kann die Toolbar nicht deinstallieren da kommt die Meldung The feature you are trying to use is on a CD-ROM or other removable disk that is not avalible Insert the disk and klick OK OK habs hinbekommen. Toolbar deinstalliert und hier der Combofix Log : Code:
ATTFilter ComboFix 14-10-15.01 - Franky 15.10.2014 18:45:15.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3070.1726 [GMT 2:00]
ausgeführt von:: c:\users\Franky\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\uninstall.exe
c:\users\Franky\AppData\Local\temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Franky\AppData\Roaming\Microsoft\Windows\Recent\Attiva e Disattiva Connessione.url
c:\users\Franky\AppData\Roaming\WtmCopyProtect
c:\users\Franky\AppData\Roaming\WtmCopyProtect\acopy.ini
c:\windows\IsUn0407.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\X86
c:\windows\system64
c:\windows\system64\msvcp100.dll
c:\windows\system64\msvcr100.dll
c:\windows\system64\vcomp100.dll
c:\windows\XSxS
g:\franky\Eigene Dateien\Documents\FAP2A05.tmp
g:\franky\Eigene Dateien\Documents\FAP4885.tmp
g:\franky\Eigene Dateien\Documents\FAP4E23.tmp
g:\franky\Eigene Dateien\Documents\FAP4E45.tmp
g:\franky\Eigene Dateien\Documents\FAP52BB.tmp
g:\franky\Eigene Dateien\Documents\FAP6979.tmp
g:\franky\Eigene Dateien\Documents\FAP6DEF.tmp
g:\franky\Eigene Dateien\Documents\FAP6F0B.tmp
g:\franky\Eigene Dateien\Documents\FAP6FAA.tmp
g:\franky\Eigene Dateien\Documents\FAP6FCC.tmp
g:\franky\Eigene Dateien\Documents\FAP8B29.tmp
g:\franky\Eigene Dateien\Documents\FAP8F70.tmp
g:\franky\Eigene Dateien\Documents\FAP9816.tmp
g:\franky\Eigene Dateien\Documents\FAP9D92.tmp
g:\franky\Eigene Dateien\Documents\FAP9DC4.tmp
g:\franky\Eigene Dateien\Documents\FAPB128.tmp
g:\franky\Eigene Dateien\Documents\FAPBE36.tmp
g:\franky\Eigene Dateien\Documents\FAPC96E.tmp
g:\franky\Eigene Dateien\Documents\FAPEA9B.tmp
g:\franky\Eigene Dateien\Documents\FAPF00B.tmp
g:\franky\Eigene Dateien\Documents\FAPF490.tmp
G:\install.exe
H:\Autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-09-15 bis 2014-10-15 ))))))))))))))))))))))))))))))
.
.
2014-10-15 16:53 . 2014-10-15 16:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-10-15 16:53 . 2014-10-15 16:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-10-15 16:53 . 2014-10-15 16:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-15 16:53 . 2014-10-15 16:53 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-10-15 14:25 . 2014-10-15 14:27 -------- d-----w- C:\FRST
2014-10-15 07:02 . 2014-10-15 07:02 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-15 16:57 . 2014-05-21 05:11 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-07 11:56 . 2013-08-26 14:37 37384 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-10-07 11:56 . 2013-08-26 08:31 98160 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-10-07 11:56 . 2013-08-26 08:31 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-09-23 18:53 . 2012-03-31 05:33 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-23 18:53 . 2011-07-20 06:55 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-01 06:52 . 2010-06-24 10:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-24 09:44 . 2014-08-24 09:44 110296 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-08-23 01:46 . 2014-08-28 08:50 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 00:42 . 2014-08-28 08:50 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-07-22 22:12 . 2014-07-22 22:12 875680 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\System32\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\System32\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Franky\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Franky\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Franky\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-08-27 22041192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Greenshot"="c:\program files\Greenshot\Greenshot.exe" [2013-05-20 499712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-10-07 703736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Franky^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk]
path=c:\users\Franky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
backup=c:\windows\pss\MyPC Backup.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 11:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-11-10 11:49 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-09-13 17:51 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2014-10-07 11:56 703736 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avira Systray]
2014-09-23 12:47 165168 ----a-w- c:\program files\Avira\My Avira\Avira.OE.Systray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FilterHost]
2010-01-18 14:35 827392 ----a-w- c:\users\Franky\AppData\Roaming\mmserver\FilterHost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 14:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
2008-08-07 14:18 90112 ----a-w- c:\progra~1\MAGIX\VIDEO_~2\Trayserver.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-08-18 108032]
R3 netr73;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
R3 TridVid;Trident Analog plus Digital Video;c:\windows\system32\DRIVERS\TridVid.sys [2007-10-16 168448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-12 1343400]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-10-07 37352]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-10-07 431920]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2014-10-07 994552]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-09-23 160560]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [2009-09-14 153600]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [2009-09-14 121856]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 MBAMScheduler;MBAMScheduler;c:\program files\ Malwarebytes Anti-Malware \mbamscheduler.exe [2014-05-12 1809720]
S2 MBAMService;MBAMService;c:\program files\ Malwarebytes Anti-Malware \mbamservice.exe [2014-05-12 860472]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
S3 Mach3;Mach3 Pulseing Service;c:\windows\system32\Drivers\Mach3.sys [2010-02-08 108448]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-05-12 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-10-15 110296]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-05-12 51928]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 18:53]
.
2014-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 18:42]
.
2014-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 18:42]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Franky\AppData\Roaming\Mozilla\Firefox\Profiles\xzi5lclv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.searchsunmy.info/?pid=1337&r=2014/01/04&hid=7343883511035229587&lg=EN&cc=IT&unqvl=45&l=1&q=
FF - prefs.js: browser.startup.homepage - google.de
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.iminent.id - 7cdb55b700000000000000226427ffea
FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
FF - user.js: extensions.iminent.instlDay - 16074
FF - user.js: extensions.iminent.vrsn - 1.8.28.3
FF - user.js: extensions.iminent.vrsni - 1.8.28.3
FF - user.js: extensions.iminent.vrsnTs - 1.8.28.317:58
FF - user.js: extensions.iminent.prtnrId - iminent
FF - user.js: extensions.iminent.prdct - iminent
FF - user.js: extensions.iminent.aflt - orgnl
FF - user.js: extensions.iminent.smplGrp - none
FF - user.js: extensions.iminent.tlbrId - YBCPCSTIPO
FF - user.js: extensions.iminent.instlRef -
FF - user.js: extensions.iminent.dfltLng -
FF - user.js: extensions.iminent.excTlbr - false
FF - user.js: extensions.iminent.ffxUnstlRst - false
FF - user.js: extensions.iminent.admin - false
FF - user.js: extensions.iminent.autoRvrt - false
FF - user.js: extensions.iminent.rvrt - false
FF - user.js: extensions.iminent.newTab - false
user_pref(extensions.autoDisableScopes,14);
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
WebBrowser-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
MSConfigStartUp-ApnTBMon - c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
MSConfigStartUp-Bonus.SSR - c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3320)
c:\program files\Google\Google SketchUp 8\LayOut\xerces-c_2_6.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\StkASv2K.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\ Malwarebytes Anti-Malware \mbam.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-10-15 19:03:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-10-15 17:03
.
Vor Suchlauf: 5.389.053.952 Bytes frei
Nach Suchlauf: 5.191.045.120 Bytes frei
.
- - End Of File - - 0546416773380379A77829265A419EAB
A36C5E4F47E84449FF07ED3517B43A31
|
|
16.10.2014, 12:58
| #4 |
| /// the machine /// TB-Ausbilder | Windows und Firefox werden immer langsamer Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.10.2014, 16:18
| #5 |
| | Windows und Firefox werden immer langsamer Hallo Schrauber, hier die Logs : Adware : Code:
ATTFilter # AdwCleaner v4.000 - Bericht erstellt am 16/10/2014 um 17:02:32
# DB v2014-10-15.7
# Aktualisiert 12/10/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Franky - WIN7WS001
# Gestartet von : C:\Users\Franky\Desktop\AdwCleaner_4.000.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Franky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1clickmoviedownloader.com
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\Windows\system32\ARFC
Ordner Gelöscht : C:\Users\Franky\AppData\Local\BeamriseUninstall
Ordner Gelöscht : C:\Users\Franky\AppData\Local\cool_mirage
Ordner Gelöscht : C:\Device
Ordner Gelöscht : C:\Users\Franky\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freestar
Ordner Gelöscht : C:\Program Files\freestar
Ordner Gelöscht : C:\Users\Franky\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Franky\AppData\Roaming\goforfiles
Ordner Gelöscht : C:\Users\Franky\AppData\Roaming\Gutscheinmieze
Ordner Gelöscht : C:\Users\Franky\AppData\Local\Mobogenie
Ordner Gelöscht : G:\Franky\Eigene Dateien\Documents\Mobogenie
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\Program Files\NCH Software
Ordner Gelöscht : C:\Users\Franky\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\Franky\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Franky\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Ordner Gelöscht : C:\Users\Franky\AppData\Roaming\SimpleFiles
Ordner Gelöscht : C:\ProgramData\SoftWarehouse
Ordner Gelöscht : C:\Users\Franky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
Ordner Gelöscht : C:\Users\Franky\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Franky\AppData\Roaming\Uniblue
Ordner Gelöscht : C:\Program Files\WebCake
Ordner Gelöscht : C:\Program Files\Enigma Software Group
Ordner Gelöscht : C:\Users\Franky\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Datei Gelöscht : C:\Users\Franky\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx
Datei Gelöscht : C:\Users\Franky\daemonprocess.txt
Datei Gelöscht : C:\Windows\system32\dmwu.exe
Datei Gelöscht : C:\Windows\system32\ImhxxpComm.dll
Datei Gelöscht : C:\Users\Franky\AppData\Roaming\LiveSupport.exe_log.txt
Datei Gelöscht : C:\Users\Franky\AppData\Roaming\regsvr32.exe_log.txt
Datei Gelöscht : C:\Users\Franky\AppData\LocalLow\SkwConfig.bin
Datei Gelöscht : C:\Users\Franky\AppData\Roaming\Mozilla\Firefox\Profiles\xzi5lclv.default\user.js
***** [ Tasks ] *****
Task Gelöscht : GoforFilesUpdate
Task Gelöscht : RegClean Pro_DEFAULT
Task Gelöscht : RegClean Pro_UPDATES
Task Gelöscht : Your File Updater
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{ff893d95-065a-4906-8049-1650c9a8d1e8}]
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lgnbhdnimikkoodkogjlcllngimhlapp
Schlüssel Gelöscht : HKCU\Software\Classes\Applications\lollipop.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FTDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\dmwu_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\dmwu_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ftdownloader v4_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ftdownloader v4_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FTDownloader_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FTDownloader_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\plus-hd-2_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\plus-hd-2_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\registrybooster_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\registrybooster_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic-de3AutoUpdaterHelper_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic-de3AutoUpdaterHelper_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateKozaka_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateKozaka_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader49341_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader49341_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_zip-repair-tool_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_zip-repair-tool_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_abbyy-finereader_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_abbyy-finereader_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_anvil-studio_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_anvil-studio_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_camstudio_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_camstudio_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_delogo-filter-for-virtualdub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_delogo-filter-for-virtualdub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_file-repair_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_file-repair_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_flaskmpeg_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_flaskmpeg_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-youtube-download_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-youtube-download_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_hamster-free-video-converter_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_hamster-free-video-converter_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_lesefixpro_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_lesefixpro_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_librecad_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_librecad_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_logo-design-studio_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_logo-design-studio_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_pamela-for-skype_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_pamela-for-skype_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_virtual-dj-free-home-edition_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_virtual-dj-free-home-edition_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3AE26843-9171-4F23-A8E5-5421701276A4}
Schlüssel Gelöscht : HKCU\Software\Bitberry
Schlüssel Gelöscht : HKCU\Software\GoforFiles
Schlüssel Gelöscht : HKCU\Software\Grand Virtual
Schlüssel Gelöscht : HKCU\Software\LiveSupport
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SimpleFiles
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKLM\SOFTWARE\GoforFiles
Schlüssel Gelöscht : HKLM\SOFTWARE\SimpleFiles
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\EnigmaSoftwareGroup
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17280
-\\ Mozilla Firefox v32.0.3 (x86 de)
[xzi5lclv.default] - Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://websearch.searchsunmy.info/?pid=1337&r=2014/01/04&hid=7343883511035229587&lg=EN&cc=IT&unqvl=45&l=1&q=");
[xzi5lclv.default] - Zeile gelöscht : user_pref("browser.search.selectedEngine,S", "WebSearch");
[xzi5lclv.default] - Zeile gelöscht : user_pref("extensions.iminent.admin", false);
[xzi5lclv.default] - Zeile gelöscht : user_pref("extensions.iminent.aflt", "orgnl");
[xzi5lclv.default] - Zeile gelöscht : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
[xzi5lclv.default] - Zeile gelöscht : user_pref("extensions.iminent.autoRvrt", "false");
[xzi5lclv.default] - Zeile gelöscht : user_pref("extensions.iminent.dfltLng", "");
[xzi5lclv.default] - Zeile gelöscht : user_pref("extensions.iminent.excTlbr", false);
[xzi5lclv.default] - Zeile gelöscht : user_pref("extensions.iminent.ffxUnstlRst", false);
[xzi5lclv.default] - Zeile gelöscht : user_pref("extensions.iminent.id", "7cdb55b700000000000000226427ffea");
[xzi5lclv.default] - Zeile gelöscht : user_pref("extensions.iminent.instlDay", "16074");
[xzi5lclv.default] - Zeile gelöscht : user_pref("extensions.iminent.instlRef", "");
[xzi5lclv.default] - Zeile gelöscht : user_pref("extensions.iminent.newTab", false);
[xzi5lclv.default] - Zeile gelöscht : user_pref("extensions.iminent.prdct", "iminent");
[xzi5lclv.default] - Zeile gelöscht : user_pref("extensions.iminent.prtnrId", "iminent");
[xzi5lclv.default] - Zeile gelöscht : user_pref("extensions.iminent.rvrt", "false");
[xzi5lclv.default] - Zeile gelöscht : user_pref("extensions.iminent.smplGrp", "none");
[xzi5lclv.default] - Zeile gelöscht : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
[xzi5lclv.default] - Zeile gelöscht : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
[xzi5lclv.default] - Zeile gelöscht : user_pref("extensions.iminent.vrsn", "1.8.28.3");
[xzi5lclv.default] - Zeile gelöscht : user_pref("extensions.iminent.vrsnTs", "1.8.28.317:58:42");
[xzi5lclv.default] - Zeile gelöscht : user_pref("extensions.iminent.vrsni", "1.8.28.3");
[xzi5lclv.default] - Zeile gelöscht : user_pref("iminent.LayoutId", "1");
[xzi5lclv.default] - Zeile gelöscht : user_pref("iminent.adapters", "{\"iminent\":{\"CountryCode\":\"IT\",\"NoAds\":false,\"Status\":1,\"expireTime\":\"1388854745482250966\"},\"beamrise\":{\"CountryCode\":\"IT\",\"NoAds\":false,\"Status\"[...]
[xzi5lclv.default] - Zeile gelöscht : user_pref("iminent.enabledAds", "false");
[xzi5lclv.default] - Zeile gelöscht : user_pref("iminent.version", "7.51.3.1");
[xzi5lclv.default] - Zeile gelöscht : user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.51.3.1\",\"InstallEventCTime\":1388854731681,\"InstallEvent\":\"True\"}");
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [14002 octets] - [16/10/2014 16:58:13]
AdwCleaner[S0].txt - [13828 octets] - [16/10/2014 17:02:32]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13889 octets] ##########
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 16.10.2014 Suchlauf-Zeit: 16:33:54 Logdatei: MB 16.01..txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.10.16.04 Rootkit Datenbank: v2014.10.15.01 Lizenz: Premium Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Franky Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 389721 Verstrichene Zeit: 20 Min, 44 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristics: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 7 Professional x86
Ran by Franky on 16.10.2014 at 17:09:47,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update secretsauce
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util atuzi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealio_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealio_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateSecretSauce_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateSecretSauce_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonic_chr_1-8-16-10_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonic_chr_1-8-16-10_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_chr_1-8-19-3_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_chr_1-8-19-3_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{25EE155F-556B-4029-BB4E-FF8D6D1F18B8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{70BA3E6B-1059-2266-0B2C-40E4A85231B8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CA308696-6AD8-40F9-9B74-E5612F1B637E}
~~~ Files
Successfully deleted: [File] C:\Windows\System32\Tasks\Advanced System Optimizer
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Franky\AppData\Roaming\getrighttogo"
Successfully deleted: [Empty Folder] C:\Users\Franky\appdata\local\{B3F71B17-A182-48E5-B5BF-F1642DA5638E}
Successfully deleted: [Empty Folder] C:\Users\Franky\appdata\local\{E255AA1B-44DC-4D2F-9FD1-51D05B77B423}
~~~ FireFox
Emptied folder: C:\Users\Franky\AppData\Roaming\mozilla\firefox\profiles\xzi5lclv.default\minidumps [68 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.10.2014 at 17:11:44,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-10-2014 02 Ran by Franky (administrator) on WIN7WS001 on 16-10-2014 17:17:21 Running from C:\Users\Franky\Desktop Loaded Profiles: Franky & UpdatusUser (Available profiles: Franky & UpdatusUser) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Syntek America Inc.) C:\Windows\System32\StkASv2K.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Greenshot) C:\Program Files\Greenshot\Greenshot.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [499712 2013-05-20] (Greenshot) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-07] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-2434956288-1805249905-3065635734-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.) HKU\S-1-5-21-2434956288-1805249905-3065635734-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2434956288-1805249905-3065635734-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-2434956288-1805249905-3065635734-1000\...\Policies\Explorer: [] GroupPolicyUsers\S-1-5-21-2434956288-1805249905-3065635734-1005\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF0A791FAEC86CA01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de SearchScopes: HKCU - {9892B06D-1990-4C2E-B15D-BF4468266AEB} URL = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} SearchScopes: HKCU - {C85111B2-CC63-47D9-82EA-D71930FB9AA9} URL = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms} SearchScopes: HKCU - {EBC7DBC1-7235-488F-A388-7BE848029C0C} URL = hxxp://www.google.de/search?q={searchTerms} BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0071-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ] Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Franky\AppData\Roaming\Mozilla\Firefox\Profiles\xzi5lclv.default FF Homepage: google.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Adblock Plus - C:\Users\Franky\AppData\Roaming\Mozilla\Firefox\Profiles\xzi5lclv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-04] FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] Chrome: ======= CHR Profile: C:\Users\Franky\AppData\Local\Google\Chrome\User Data\Default ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2010-10-06] (Adobe Systems) [File not signed] R2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-07] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG) R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION) R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION) R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1064312 2013-11-18] (Flexera Software LLC) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 StkASSrv; C:\Windows\System32\StkASv2K.exe [24576 2006-05-24] (Syntek America Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG) S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [63464 2013-02-13] (FTDI Ltd.) S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) R3 Mach3; C:\Windows\System32\Drivers\Mach3.sys [108448 2010-02-08] (Your Corporation) [File not signed] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-26] (Avira GmbH) S3 StkAMini; C:\Windows\System32\Drivers\StkAMini.sys [241628 2006-09-27] (Syntek America Inc.) [File not signed] S3 StkScan; C:\Windows\System32\Drivers\StkScan.sys [4772 2006-08-02] (Syntek America Inc.) [File not signed] S3 TridVid; C:\Windows\System32\DRIVERS\TridVid.sys [168448 2007-10-16] (Trident Multimedia Technologies Co.,Ltd) [File not signed] S4 catchme; \??\C:\Users\Franky\AppData\Local\Temp\catchme.sys [X] S4 cpuz132; \??\C:\Users\Franky\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X] S4 WINFLASH; \??\C:\swsetup\sp46550\WinFlash.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-16 17:17 - 2014-10-16 17:17 - 00000000 ____D () C:\Users\Franky\Desktop\FRST-OlderVersion 2014-10-16 17:11 - 2014-10-16 17:11 - 00002713 _____ () C:\Users\Franky\Desktop\JRT.txt 2014-10-16 17:09 - 2014-10-16 17:09 - 00000000 ____D () C:\Windows\ERUNT 2014-10-16 17:08 - 2014-10-16 17:02 - 00013970 _____ () C:\Users\Franky\Desktop\AdwCleaner[S0].txt 2014-10-16 16:58 - 2014-10-16 17:02 - 00000000 ____D () C:\AdwCleaner 2014-10-16 16:56 - 2014-10-16 16:56 - 00001154 _____ () C:\Users\Franky\Desktop\MB 16.01..txt 2014-10-16 16:32 - 2014-10-16 16:32 - 01976320 _____ () C:\Users\Franky\Desktop\AdwCleaner_4.000.exe 2014-10-16 16:32 - 2014-10-16 16:32 - 01705698 _____ (Thisisu) C:\Users\Franky\Desktop\JRT.exe 2014-10-15 20:29 - 2014-10-15 20:29 - 00000011 ____R () C:\Windows\amunres.lsl 2014-10-15 20:18 - 2014-10-15 20:18 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-10-15 20:17 - 2014-09-26 18:42 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-10-15 20:17 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-10-15 20:17 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-10-15 20:17 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-10-15 20:16 - 2014-10-15 20:17 - 00005906 _____ () C:\Windows\system32\jupdate-1.7.0_71-b14.log 2014-10-15 19:03 - 2014-10-15 19:03 - 00015942 _____ () C:\ComboFix.txt 2014-10-15 18:22 - 2014-10-15 18:22 - 05583559 ____R (Swearware) C:\Users\Franky\Desktop\ComboFix.exe 2014-10-15 18:11 - 2014-10-15 18:11 - 00001192 _____ () C:\Users\Franky\Desktop\Revo Uninstaller.lnk 2014-10-15 18:10 - 2014-10-15 18:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Franky\Desktop\revosetup95.exe 2014-10-15 17:38 - 2014-10-15 17:38 - 00013293 _____ () C:\Users\Franky\Desktop\Gmer.txt 2014-10-15 17:17 - 2014-10-15 17:18 - 00161336 _____ () C:\Windows\Minidump\101514-30732-01.dmp 2014-10-15 16:26 - 2014-10-15 16:27 - 00045970 _____ () C:\Users\Franky\Desktop\Addition.txt 2014-10-15 16:26 - 2014-10-15 16:26 - 00380416 _____ () C:\Users\Franky\Desktop\Gmer-19357.exe 2014-10-15 16:25 - 2014-10-16 17:17 - 01102848 _____ (Farbar) C:\Users\Franky\Desktop\FRST.exe 2014-10-15 16:25 - 2014-10-16 17:17 - 00013914 _____ () C:\Users\Franky\Desktop\FRST.txt 2014-10-15 16:25 - 2014-10-16 17:17 - 00000000 ____D () C:\FRST 2014-10-15 16:23 - 2014-10-15 16:24 - 00000474 _____ () C:\Users\Franky\Desktop\defogger_disable.log 2014-10-15 16:23 - 2014-10-15 16:23 - 00050477 _____ () C:\Users\Franky\Desktop\Defogger.exe 2014-10-15 16:23 - 2014-10-15 16:23 - 00000000 _____ () C:\Users\Franky\defogger_reenable 2014-10-15 12:51 - 2014-10-16 17:04 - 00000458 __RSH () C:\ProgramData\ntuser.pol 2014-10-15 12:24 - 2014-10-16 17:13 - 00000280 _____ () C:\Windows\setupact.log 2014-10-15 12:24 - 2014-10-16 17:04 - 00001568 _____ () C:\Windows\PFRO.log 2014-10-15 12:24 - 2014-10-15 12:24 - 00000000 _____ () C:\Windows\setuperr.log 2014-10-15 09:02 - 2014-10-15 09:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-10-15 09:02 - 2014-10-15 09:02 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-09-25 11:13 - 2014-10-15 12:53 - 00000000 ____D () C:\Users\Franky\Desktop\Michl 2014-09-17 19:53 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-17 19:53 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-17 19:53 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-17 19:53 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-17 19:53 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-17 19:53 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-17 19:53 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-17 19:53 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-17 19:53 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-17 19:53 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-17 19:53 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-17 19:53 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-17 19:53 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-17 19:53 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-17 19:53 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-17 19:53 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-17 19:53 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-17 19:53 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-17 19:53 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-17 19:53 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-17 19:53 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-17 19:53 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-17 19:53 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-17 19:53 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-17 19:53 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-17 19:53 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-17 19:53 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-17 19:53 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-17 19:53 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-17 19:53 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-16 17:16 - 2014-05-21 07:11 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-16 17:15 - 2010-03-08 14:16 - 00000000 ____D () C:\Users\Franky\AppData\Roaming\Skype 2014-10-16 17:13 - 2011-07-08 15:55 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-10-16 17:13 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-16 17:12 - 2012-12-29 18:04 - 01344978 _____ () C:\Windows\WindowsUpdate.log 2014-10-16 17:12 - 2009-07-14 06:34 - 00025584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-16 17:12 - 2009-07-14 06:34 - 00025584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-16 17:02 - 2012-11-10 19:35 - 00000000 ____D () C:\Users\Franky\AppData\Local\CRE 2014-10-16 17:02 - 2009-12-27 13:55 - 00000000 ____D () C:\Users\Franky 2014-10-16 16:53 - 2012-09-11 09:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-15 20:30 - 2012-07-15 12:54 - 00000000 ____D () C:\Program Files\eRightSoft 2014-10-15 20:19 - 2014-07-23 11:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-10-15 20:19 - 2013-12-18 16:37 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-15 20:17 - 2009-12-27 16:11 - 00000000 ____D () C:\Program Files\Java 2014-10-15 19:03 - 2010-11-08 15:22 - 00000000 ____D () C:\Qoobox 2014-10-15 18:57 - 2009-07-14 04:04 - 00000231 _____ () C:\Windows\system.ini 2014-10-15 17:17 - 2013-04-11 09:46 - 00000000 ____D () C:\Windows\Minidump 2014-10-15 17:17 - 2010-03-14 20:42 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-15 17:17 - 2010-03-14 20:42 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-15 12:21 - 2011-05-30 12:06 - 00000000 ____D () C:\Users\Franky\AppData\Local\ABBYY 2014-10-15 12:21 - 2011-05-30 12:06 - 00000000 ____D () C:\ProgramData\ABBYY 2014-10-15 09:07 - 2014-08-24 11:48 - 00001061 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-10-15 09:07 - 2014-08-08 09:10 - 00000000 ____D () C:\ProgramData\Package Cache 2014-10-15 09:07 - 2013-08-26 10:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-10-15 09:07 - 2013-08-26 10:30 - 00000000 ____D () C:\Program Files\Avira 2014-10-15 09:02 - 2011-09-16 17:44 - 00000000 ___RD () C:\Program Files\Skype 2014-10-15 09:02 - 2010-03-08 14:16 - 00000000 ____D () C:\ProgramData\Skype 2014-10-13 11:43 - 2010-11-08 22:34 - 00018944 _____ () C:\Users\Franky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-10-07 13:56 - 2013-08-26 16:37 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-10-07 13:56 - 2013-08-26 10:31 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-10-07 13:56 - 2013-08-26 10:31 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-10-04 17:56 - 2009-12-27 16:41 - 00000000 ____D () C:\Windows\Sun 2014-10-01 08:31 - 2013-07-09 16:29 - 00000000 ____D () C:\Users\Franky\AppData\Local\CrashDumps 2014-09-26 11:21 - 2014-01-04 12:10 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-09-24 18:27 - 2014-07-29 10:02 - 00000000 ____D () C:\Users\Franky\AppData\Roaming\com.aspexsoftware.Silhouette_Studio 2014-09-24 15:48 - 2014-07-29 10:02 - 00000000 ____D () C:\ProgramData\boost_interprocess 2014-09-23 20:53 - 2012-03-31 07:33 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-09-23 20:53 - 2011-07-20 08:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-09-18 10:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-09-18 09:28 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-09-17 19:55 - 2009-12-27 15:06 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-17 19:53 - 2013-08-15 21:42 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-17 19:47 - 2009-12-27 15:38 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Some content of TEMP: ==================== C:\Users\Franky\AppData\Local\temp\avgnt.exe C:\Users\Franky\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe C:\Users\Franky\AppData\Local\temp\Quarantine.exe C:\Users\Franky\AppData\Local\temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-16 00:57 ==================== End Of Log ============================ Wie sieht es aus ? Was hat mein Sohn angestellt ? ist der Rechner noch zu retten ? Gruß Franky |
|
17.10.2014, 08:26
| #6 |
| /// the machine /// TB-Ausbilder | Windows und Firefox werden immer langsamer Sind fast fertig, nur noch Kontrollscans. ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Windows und Firefox werden immer langsamer |
|
17.10.2014, 12:52
| #7 |
| | Windows und Firefox werden immer langsamer Hallo Schrauber, hier die neuen Logs : Code:
ATTFilter Results of screen317's Security Check version 0.99.87 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Out of date HijackThis installed! HijackThis 2.0.2 CCleaner Java 7 Update 71 Java version out of Date! Adobe Flash Player 15.0.0.152 Mozilla Firefox (32.0.3) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=449b407f3d04954899f95f40ee35b8aa
# engine=20646
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-17 11:40:10
# local_time=2014-10-17 01:40:10 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 16490 36040313 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 39975329 165177201 0 0
# scanned=302752
# found=9
# cleaned=0
# scan_time=8051
sh=E766D277786182095AD81EF90D6BF17F469A13A2 ft=1 fh=6b027b76c2fcd001 vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\dmwu.exe.vir"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe"
sh=4370E4F60FB96627C6AD4F4820A4FA8A61F8EC29 ft=1 fh=3b60eb1472d7e959 vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\cbsidlm-cbsi213-Silhouette_Studio-SEO-75959919.exe"
sh=821C1F4A738F27DFD2A7CBC8381534417B7482C9 ft=1 fh=1402a39b9dd7026c vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\Inkscape - CHIP-Installer(1).exe"
sh=75331228B60D1DD10EDE6004133F46C96B8042D2 ft=1 fh=24af9c86817ff8c3 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\Inkscape - CHIP-Installer.exe"
sh=13A8A134684A7FFF03869EC6566B2F21C65A8867 ft=1 fh=6e72f5520e6782f3 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\Paint NET - CHIP-Installer.exe"
sh=B0394DC5173F7569BB44DAF3E8C6BB2C55492883 ft=1 fh=f4ef3ba008c0460a vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\XnView Komplett - CHIP-Installer.exe"
sh=2A88FC6509FDC3B22587F6E97AC12F70E4F75DC8 ft=1 fh=86e0df17c19558fd vn="Variante von Win32/Bundled.Toolbar.Ask.E potenziell unsichere Anwendung" ac=I fn="G:\Franky\Eigene Dateien\Documents\APNSetup.exe"
sh=1220D333E050599DAABDE7F725C6D35E757CAF94 ft=1 fh=5633ec667cbd688d vn="Variante von Win32/Amonetize.BM evtl. unerwünschte Anwendung" ac=I fn="G:\Privat Franky\Musik\Neuer Ordner\ACDC 01 ACDC Thunderstruck__3818_il3165228.exe"
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-10-2014 02 Ran by Franky (administrator) on WIN7WS001 on 17-10-2014 13:51:44 Running from C:\Users\Franky\Desktop Loaded Profiles: Franky & UpdatusUser (Available profiles: Franky & UpdatusUser) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Syntek America Inc.) C:\Windows\System32\StkASv2K.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [499712 2013-05-20] (Greenshot) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-07] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-2434956288-1805249905-3065635734-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.) HKU\S-1-5-21-2434956288-1805249905-3065635734-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2434956288-1805249905-3065635734-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-2434956288-1805249905-3065635734-1000\...\Policies\Explorer: [] HKU\S-1-5-21-2434956288-1805249905-3065635734-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.) HKU\S-1-5-21-2434956288-1805249905-3065635734-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2434956288-1805249905-3065635734-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-2434956288-1805249905-3065635734-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [] GroupPolicyUsers\S-1-5-21-2434956288-1805249905-3065635734-1005\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF0A791FAEC86CA01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de SearchScopes: HKCU - {9892B06D-1990-4C2E-B15D-BF4468266AEB} URL = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} SearchScopes: HKCU - {C85111B2-CC63-47D9-82EA-D71930FB9AA9} URL = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms} SearchScopes: HKCU - {EBC7DBC1-7235-488F-A388-7BE848029C0C} URL = hxxp://www.google.de/search?q={searchTerms} BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0071-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ] Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Franky\AppData\Roaming\Mozilla\Firefox\Profiles\xzi5lclv.default FF Homepage: google.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Adblock Plus - C:\Users\Franky\AppData\Roaming\Mozilla\Firefox\Profiles\xzi5lclv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-04] FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] Chrome: ======= CHR Profile: C:\Users\Franky\AppData\Local\Google\Chrome\User Data\Default ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2010-10-06] (Adobe Systems) [File not signed] R2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-07] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG) R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION) R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION) R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1064312 2013-11-18] (Flexera Software LLC) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 StkASSrv; C:\Windows\System32\StkASv2K.exe [24576 2006-05-24] (Syntek America Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG) S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [63464 2013-02-13] (FTDI Ltd.) S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) R3 Mach3; C:\Windows\System32\Drivers\Mach3.sys [108448 2010-02-08] (Your Corporation) [File not signed] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-17] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-26] (Avira GmbH) S3 StkAMini; C:\Windows\System32\Drivers\StkAMini.sys [241628 2006-09-27] (Syntek America Inc.) [File not signed] S3 StkScan; C:\Windows\System32\Drivers\StkScan.sys [4772 2006-08-02] (Syntek America Inc.) [File not signed] S3 TridVid; C:\Windows\System32\DRIVERS\TridVid.sys [168448 2007-10-16] (Trident Multimedia Technologies Co.,Ltd) [File not signed] S4 catchme; \??\C:\Users\Franky\AppData\Local\Temp\catchme.sys [X] S4 cpuz132; \??\C:\Users\Franky\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X] S4 WINFLASH; \??\C:\swsetup\sp46550\WinFlash.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-17 13:45 - 2014-10-17 13:45 - 00854417 _____ () C:\Users\Franky\Desktop\SecurityCheck.exe 2014-10-17 11:19 - 2014-10-17 11:19 - 00000000 ____D () C:\Program Files\ESET 2014-10-17 11:18 - 2014-10-17 11:18 - 02347384 _____ (ESET) C:\Users\Franky\Desktop\esetsmartinstaller_deu.exe 2014-10-16 17:17 - 2014-10-16 17:17 - 00000000 ____D () C:\Users\Franky\Desktop\FRST-OlderVersion 2014-10-16 17:11 - 2014-10-16 17:11 - 00002713 _____ () C:\Users\Franky\Desktop\JRT.txt 2014-10-16 17:09 - 2014-10-16 17:09 - 00000000 ____D () C:\Windows\ERUNT 2014-10-16 17:08 - 2014-10-16 17:02 - 00013970 _____ () C:\Users\Franky\Desktop\AdwCleaner[S0].txt 2014-10-16 16:58 - 2014-10-16 17:02 - 00000000 ____D () C:\AdwCleaner 2014-10-16 16:56 - 2014-10-16 16:56 - 00001154 _____ () C:\Users\Franky\Desktop\MB 16.01..txt 2014-10-16 16:32 - 2014-10-16 16:32 - 01976320 _____ () C:\Users\Franky\Desktop\AdwCleaner_4.000.exe 2014-10-16 16:32 - 2014-10-16 16:32 - 01705698 _____ (Thisisu) C:\Users\Franky\Desktop\JRT.exe 2014-10-16 04:16 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-16 04:16 - 2014-09-29 02:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-16 04:16 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-16 04:16 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-16 04:16 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-16 04:16 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-16 04:16 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-16 04:16 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-16 04:16 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-16 04:16 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-16 04:16 - 2014-09-19 03:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-16 04:16 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-16 04:16 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-16 04:16 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-16 04:16 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-16 04:16 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-16 04:16 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-16 04:16 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-16 04:16 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-16 04:16 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-16 04:16 - 2014-09-19 02:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-16 04:16 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-16 04:16 - 2014-09-19 02:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-16 04:16 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-16 04:16 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-16 04:16 - 2014-09-19 02:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-16 04:16 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-16 04:16 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-16 04:16 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-16 04:16 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-16 04:16 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-16 04:16 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-16 04:15 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-16 04:15 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-16 04:15 - 2014-07-17 03:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-16 04:15 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-16 04:15 - 2014-07-17 03:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-16 04:15 - 2014-07-17 03:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-16 04:15 - 2014-07-17 03:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2014-10-16 04:15 - 2014-07-17 03:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-16 04:15 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-16 04:15 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-16 04:15 - 2014-07-17 03:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-16 04:15 - 2014-07-17 03:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-16 04:15 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-16 04:15 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-16 04:15 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-16 04:15 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-10-16 04:15 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-10-16 04:15 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-10-16 04:15 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-10-15 20:29 - 2014-10-15 20:29 - 00000011 ____R () C:\Windows\amunres.lsl 2014-10-15 20:18 - 2014-10-15 20:18 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-10-15 20:17 - 2014-09-26 18:42 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-10-15 20:17 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-10-15 20:17 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-10-15 20:17 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-10-15 20:16 - 2014-10-15 20:17 - 00005906 _____ () C:\Windows\system32\jupdate-1.7.0_71-b14.log 2014-10-15 19:03 - 2014-10-15 19:03 - 00015942 _____ () C:\ComboFix.txt 2014-10-15 18:22 - 2014-10-15 18:22 - 05583559 ____R (Swearware) C:\Users\Franky\Desktop\ComboFix.exe 2014-10-15 18:11 - 2014-10-15 18:11 - 00001192 _____ () C:\Users\Franky\Desktop\Revo Uninstaller.lnk 2014-10-15 18:10 - 2014-10-15 18:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Franky\Desktop\revosetup95.exe 2014-10-15 17:38 - 2014-10-15 17:38 - 00013293 _____ () C:\Users\Franky\Desktop\Gmer.txt 2014-10-15 17:17 - 2014-10-15 17:18 - 00161336 _____ () C:\Windows\Minidump\101514-30732-01.dmp 2014-10-15 16:26 - 2014-10-15 16:27 - 00045970 _____ () C:\Users\Franky\Desktop\Addition.txt 2014-10-15 16:26 - 2014-10-15 16:26 - 00380416 _____ () C:\Users\Franky\Desktop\Gmer-19357.exe 2014-10-15 16:25 - 2014-10-17 13:51 - 00014397 _____ () C:\Users\Franky\Desktop\FRST.txt 2014-10-15 16:25 - 2014-10-17 13:51 - 00000000 ____D () C:\FRST 2014-10-15 16:25 - 2014-10-16 17:17 - 01102848 _____ (Farbar) C:\Users\Franky\Desktop\FRST.exe 2014-10-15 16:23 - 2014-10-15 16:24 - 00000474 _____ () C:\Users\Franky\Desktop\defogger_disable.log 2014-10-15 16:23 - 2014-10-15 16:23 - 00050477 _____ () C:\Users\Franky\Desktop\Defogger.exe 2014-10-15 16:23 - 2014-10-15 16:23 - 00000000 _____ () C:\Users\Franky\defogger_reenable 2014-10-15 12:51 - 2014-10-16 17:04 - 00000458 __RSH () C:\ProgramData\ntuser.pol 2014-10-15 12:24 - 2014-10-16 19:20 - 00000336 _____ () C:\Windows\setupact.log 2014-10-15 12:24 - 2014-10-16 17:04 - 00001568 _____ () C:\Windows\PFRO.log 2014-10-15 12:24 - 2014-10-15 12:24 - 00000000 _____ () C:\Windows\setuperr.log 2014-10-15 09:02 - 2014-10-15 09:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-10-15 09:02 - 2014-10-15 09:02 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-09-25 11:13 - 2014-10-15 12:53 - 00000000 ____D () C:\Users\Franky\Desktop\Michl ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-17 12:53 - 2012-09-11 09:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-17 12:42 - 2014-05-21 07:11 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-17 11:25 - 2012-12-29 18:04 - 01469789 _____ () C:\Windows\WindowsUpdate.log 2014-10-17 11:16 - 2010-03-08 14:16 - 00000000 ____D () C:\Users\Franky\AppData\Roaming\Skype 2014-10-16 20:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-10-16 19:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-10-16 19:26 - 2009-07-14 06:34 - 00025216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-16 19:26 - 2009-07-14 06:34 - 00025216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-16 19:20 - 2011-07-08 15:55 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-10-16 19:20 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-16 19:20 - 2009-07-14 06:33 - 03899624 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-16 19:17 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-10-16 19:16 - 2009-12-27 15:06 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-16 19:12 - 2013-08-15 21:42 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-16 19:06 - 2009-12-27 15:38 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-16 17:02 - 2012-11-10 19:35 - 00000000 ____D () C:\Users\Franky\AppData\Local\CRE 2014-10-16 17:02 - 2009-12-27 13:55 - 00000000 ____D () C:\Users\Franky 2014-10-15 20:30 - 2012-07-15 12:54 - 00000000 ____D () C:\Program Files\eRightSoft 2014-10-15 20:19 - 2014-07-23 11:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-10-15 20:19 - 2013-12-18 16:37 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-15 20:17 - 2009-12-27 16:11 - 00000000 ____D () C:\Program Files\Java 2014-10-15 19:03 - 2010-11-08 15:22 - 00000000 ____D () C:\Qoobox 2014-10-15 18:57 - 2009-07-14 04:04 - 00000231 _____ () C:\Windows\system.ini 2014-10-15 17:17 - 2013-04-11 09:46 - 00000000 ____D () C:\Windows\Minidump 2014-10-15 17:17 - 2010-03-14 20:42 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-15 17:17 - 2010-03-14 20:42 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-15 12:21 - 2011-05-30 12:06 - 00000000 ____D () C:\Users\Franky\AppData\Local\ABBYY 2014-10-15 12:21 - 2011-05-30 12:06 - 00000000 ____D () C:\ProgramData\ABBYY 2014-10-15 09:07 - 2014-08-24 11:48 - 00001061 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-10-15 09:07 - 2014-08-08 09:10 - 00000000 ____D () C:\ProgramData\Package Cache 2014-10-15 09:07 - 2013-08-26 10:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-10-15 09:07 - 2013-08-26 10:30 - 00000000 ____D () C:\Program Files\Avira 2014-10-15 09:02 - 2011-09-16 17:44 - 00000000 ___RD () C:\Program Files\Skype 2014-10-15 09:02 - 2010-03-08 14:16 - 00000000 ____D () C:\ProgramData\Skype 2014-10-13 11:43 - 2010-11-08 22:34 - 00018944 _____ () C:\Users\Franky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-10-07 13:56 - 2013-08-26 16:37 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-10-07 13:56 - 2013-08-26 10:31 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-10-07 13:56 - 2013-08-26 10:31 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-10-04 17:56 - 2009-12-27 16:41 - 00000000 ____D () C:\Windows\Sun 2014-10-01 08:31 - 2013-07-09 16:29 - 00000000 ____D () C:\Users\Franky\AppData\Local\CrashDumps 2014-09-26 11:21 - 2014-01-04 12:10 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-09-24 18:27 - 2014-07-29 10:02 - 00000000 ____D () C:\Users\Franky\AppData\Roaming\com.aspexsoftware.Silhouette_Studio 2014-09-24 15:48 - 2014-07-29 10:02 - 00000000 ____D () C:\ProgramData\boost_interprocess 2014-09-23 20:53 - 2012-03-31 07:33 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-09-23 20:53 - 2011-07-20 08:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl Some content of TEMP: ==================== C:\Users\Franky\AppData\Local\temp\avgnt.exe C:\Users\Franky\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe C:\Users\Franky\AppData\Local\temp\Quarantine.exe C:\Users\Franky\AppData\Local\temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-16 00:57 ==================== End Of Log ============================ Vielen Dank, so wie es aussieht läuft der Rechner besser.Eine deutliche Verbesserung konnte ich aber noch nicht feststellen.Ich starte jetzt nochmal neu und berichte Dir im nächsten Post. Gruß Franky |
|
18.10.2014, 09:47
| #8 |
| /// the machine /// TB-Ausbilder | Windows und Firefox werden immer langsamer Dann berichte mal genau was noch nit richtig tut
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.10.2014, 10:28
| #9 |
| | Windows und Firefox werden immer langsamer Hallo Schrauber, also was mir auffällt ist, das Starten von Windows dauer sehr lange, auch das Starten von Anwendungen wie z.B. Outlook dauert lange. Beim öffnen neuer Seiten im Firefox dauert der Seitenaufbau extrem lange und die Seite öffnet sich oft erst nach einmal abbrechen und dann aktualisieren.An der I-net-Verbindung liegt es nicht da mein Netbook über W-lan wesentlich schneller Seiten aufbaut.Auch das abrufen von E-Mails dauert länger als sonst.Hab mal das Netbook via Lan an den Router gestöpselt, um sicher zu gehen das die Sache mit der Verbindung nicht am Router liegt.Ergebnis : Netbook ist 4 X schneller als der Rechner. Das Problem kam auch schleichend, jeden Tag wurde Der Rechner ein bischen langsamer.Jetzt nach unseren Operationen kommt mir vor das es leicht besser geworden ist, bin mir aber nicht sicher.Vieleicht liegt es an meinem Optimismus ! Vielen Dank für Deine Bemühungen. Gruß Franky |
|
18.10.2014, 16:25
| #10 |
| /// the machine /// TB-Ausbilder | Windows und Firefox werden immer langsamer Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicyUsers\S-1-5-21-2434956288-1805249905-3065635734-1005\User: Group Policy restriction detected <======= ATTENTION
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.10.2014, 18:51
| #11 |
| | Windows und Firefox werden immer langsamer Frst fixlist : Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-10-2014 01
Ran by Franky at 2014-10-18 18:32:17 Run:2
Running from C:\Users\Franky\Desktop
Loaded Profiles: Franky & UpdatusUser (Available profiles: Franky & UpdatusUser)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
GroupPolicyUsers\S-1-5-21-2434956288-1805249905-3065635734-1005\User: Group Policy restriction detected <======= ATTENTION
Emptytemp:
*****************
"C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2434956288-1805249905-3065635734-1005\User" => File/Directory not found.
EmptyTemp: => Removed 15.8 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
Merci dawei (bist ja aus München) melde mich dann wieder Hallo Schrauber, unglaublich der Rechner ist wieder schnell wie am ersten Tag.Schon nach dem Fix wurde er deutlich schneller.Ich bin total happy, vielen Dank für Deine Hilfe.Echt geiles Board hier, da lohnt sich das spenden. Gruß Franky |
|
19.10.2014, 08:57
| #12 |
| /// the machine /// TB-Ausbilder | Windows und Firefox werden immer langsamer Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.10.2014, 11:19
| #13 |
| | Windows und Firefox werden immer langsamer Alles erledigt ! Nochmals vielen Dank ! Fragen gibts keine, nur respekt und Dank an Schrauber. Gruß Franky |
|
20.10.2014, 07:32
| #14 |
| /// the machine /// TB-Ausbilder | Windows und Firefox werden immer langsamer Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows und Firefox werden immer langsamer |
| adware, avira, converter, error, excel, fehlercode 0x5, fehlercode 0xc0000005, fehlercode 24, fehlercode windows, firefox, ftp, homepage, lightning, mobogenie, mobogenie entfernen, programm, pup.optional.regcleanpro.a, security, svchost.exe, win32/amonetize.bm, win32/bundled.toolbar.ask.d, win32/bundled.toolbar.ask.e, win32/cnetinstaller.b, win32/downloadsponsor.a, win32/toolbar.perion.g |
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
