| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 7/ Hoher Ping - Sehr langsames InternetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.11.2014, 16:58
| #1 |
| |  Windows 7/ Hoher Ping - Sehr langsames Internet Hallo liebes Trojaner Board Team, habe folgendes Problem : Meine Internetleistung schwankt sehr stark. Bin zwar in einem Wohnheim mit ca 60 Clients, aber habe im Vergleich zu anderen Usern einen ca. 100-300ms höheren Ping, der sich auf ca. 500ms einpendelt. Oft ist dann gar keine Verbindung mehr zum Netzwerk möglich. Deaktivieren/Aktivieren der Netzwerkverbindung geht dann auch nicht mehr, da nach längerer Wartezeit einfach nichts passiert. Wenn ich dann versuche den PC neu zu starten, ist das nur durch einen reset machbar, da der Pc automatisch nicht mehr herunter fährt. Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Dave (administrator) on DAVE-PC on 05-11-2014 16:05:54
Running from C:\Users\dave\Downloads
Loaded Profile: Dave (Available profiles: dave)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(C-MEDIA Electronics INC.) C:\Program Files\Cooler Master Storm Sirus\CPL\Storm Sirus.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
() C:\Users\Dave\Downloads\Defogger.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Cm106Sound] => C:\Program Files\Cooler Master Storm Sirus\CPL\Storm Sirus.exe [278016 2011-07-15] (C-MEDIA Electronics INC.)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124720 2014-10-09] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1429369569-4198421278-2418284756-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1938624 2014-10-21] (Valve Corporation)
HKU\S-1-5-21-1429369569-4198421278-2418284756-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-1429369569-4198421278-2418284756-1001\...\MountPoints2: {6d351eca-c711-11e3-b698-90fba62302a2} - J:\Install\Install.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-12-25] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x777D5FD0A55CCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
FireFox:
========
FF ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\9gyzcj8o.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\9gyzcj8o.default\Extensions\abs@avira.com [2014-09-30]
FF Extension: YouTube Unblocker - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\9gyzcj8o.default\Extensions\youtubeunblocker@unblocker.yt [2014-10-16]
FF Extension: Flashblock - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\9gyzcj8o.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-05-11]
FF Extension: Classic Theme Restorer - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\9gyzcj8o.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-11]
FF Extension: {790062c4-0ee5-402e-a33f-5b8d2a723123} - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\9gyzcj8o.default\Extensions\{790062c4-0ee5-402e-a33f-5b8d2a723123}.xpi [2014-07-27]
FF Extension: tab plugin - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\9gyzcj8o.default\Extensions\{91af9ff8-8f43-4484-8bec-1af2989cb6d9}.xpi [2014-07-31]
FF Extension: Adblock Plus - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\9gyzcj8o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-11]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [994096 2014-10-07] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [162096 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-07] (Avira Operations GmbH & Co. KG)
R3 CMUAC; C:\Windows\System32\DRIVERS\CMUAC.SYS [111104 2011-07-14] (C-Media Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 FXDrv32; \??\D:\FXDrv64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-05 16:05 - 2014-11-05 16:06 - 00013030 _____ () C:\Users\Dave\Downloads\FRST.txt
2014-11-05 16:05 - 2014-11-05 16:05 - 02114560 _____ (Farbar) C:\Users\Dave\Downloads\FRST64.exe
2014-11-05 16:05 - 2014-11-05 16:05 - 00000000 ____D () C:\FRST
2014-11-05 16:03 - 2014-11-05 16:04 - 00000470 _____ () C:\Users\Dave\Downloads\defogger_disable.log
2014-11-05 16:03 - 2014-11-05 16:03 - 00050477 _____ () C:\Users\Dave\Downloads\Defogger.exe
2014-11-05 16:03 - 2014-11-05 16:03 - 00000000 _____ () C:\Users\Dave\defogger_reenable
2014-11-05 15:39 - 2014-11-05 15:39 - 00000000 ____D () C:\Program Files\Google
2014-11-05 15:38 - 2014-11-05 15:39 - 00000000 ____D () C:\ProgramData\Google
2014-11-05 15:37 - 2014-11-05 15:49 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-05 15:37 - 2014-11-05 15:49 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-05 15:37 - 2014-11-05 15:44 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-05 15:37 - 2014-11-05 15:44 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-05 15:37 - 2014-11-05 15:39 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-05 15:37 - 2014-11-05 15:37 - 00000000 ____D () C:\Users\Dave\AppData\Local\Google
2014-11-05 15:36 - 2014-11-05 15:36 - 04976456 _____ (Piriform Ltd) C:\Users\Dave\Downloads\ccsetup419.exe
2014-11-05 15:30 - 2014-11-05 15:30 - 00339257 _____ () C:\Users\Dave\Downloads\CleanUp452.exe
2014-11-05 15:30 - 2014-11-05 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!
2014-11-05 15:18 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-11-05 15:18 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-11-05 15:18 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-11-05 15:18 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-11-05 15:18 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-11-05 15:18 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-11-05 15:18 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-11-05 15:18 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-11-05 15:07 - 2014-11-05 15:07 - 00008528 _____ () C:\Users\Dave\Downloads\hijackthis.log
2014-11-05 15:06 - 2014-11-05 15:07 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dave\Downloads\HijackThis.exe
2014-11-05 14:59 - 2014-11-05 14:59 - 00000000 ____D () C:\Windows\Sun
2014-11-04 13:12 - 2014-11-04 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-03 22:41 - 2014-11-03 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-11-03 22:41 - 2014-11-03 22:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-11-03 22:41 - 2014-11-03 22:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-11-03 22:40 - 2014-11-03 22:40 - 13087456 _____ (Microsoft Corporation) C:\Users\Dave\Downloads\Silverlight_x64.exe
2014-10-21 18:09 - 2014-10-21 18:09 - 29791494 _____ () C:\Users\Dave\Downloads\wetransfer-132581.zip
2014-10-19 17:33 - 2014-10-19 17:33 - 00000015 _____ () C:\Users\Dave\Desktop\2014-11-19 1733.txt
2014-10-17 20:54 - 2014-10-17 20:55 - 99011288 _____ () C:\Users\Dave\Downloads\Enisum - Samoht Nara (2014).rar
2014-10-15 17:51 - 2014-10-16 12:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-05 16:05 - 2013-12-23 15:58 - 01879274 _____ () C:\Windows\WindowsUpdate.log
2014-11-05 16:03 - 2013-12-23 16:03 - 00000000 ____D () C:\Users\Dave
2014-11-05 15:49 - 2009-07-14 18:58 - 00696832 _____ () C:\Windows\system32\perfh007.dat
2014-11-05 15:49 - 2009-07-14 18:58 - 00148128 _____ () C:\Windows\system32\perfc007.dat
2014-11-05 15:49 - 2009-07-14 06:13 - 01634396 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-05 15:42 - 2013-12-23 16:29 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-05 15:41 - 2013-12-24 15:20 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\TS3Client
2014-11-05 15:40 - 2014-07-30 14:24 - 00000000 ____D () C:\Windows\Minidump
2014-11-05 15:40 - 2013-12-23 15:54 - 00000000 ____D () C:\Windows\Panther
2014-11-05 15:35 - 2013-12-23 16:44 - 01590298 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-11-05 15:23 - 2013-12-23 18:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-05 14:35 - 2013-12-23 16:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-05 14:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-05 13:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-04 13:12 - 2014-09-19 09:57 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-11-04 13:12 - 2014-08-07 14:02 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-04 13:12 - 2013-12-23 16:12 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-04 00:27 - 2009-07-14 05:45 - 00012560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-04 00:27 - 2009-07-14 05:45 - 00012560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-28 23:15 - 2013-12-23 17:04 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\vlc
2014-10-22 22:30 - 2014-04-22 14:09 - 00000000 ___RD () C:\Users\Dave\Dropbox
2014-10-22 14:12 - 2014-04-22 14:08 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-10-22 14:12 - 2014-04-22 14:07 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Dropbox
2014-10-12 21:16 - 2013-12-23 16:58 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-10-07 11:31 - 2013-12-23 16:12 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-07 11:31 - 2013-12-23 16:12 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-07 11:31 - 2013-12-23 16:12 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
Some content of TEMP:
====================
C:\Users\Dave\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-26 17:15
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by Dave at 2014-11-05 16:07:09
Running from C:\Users\Dave\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AutoHotkey 1.1.13.00 (HKLM\...\AutoHotkey) (Version: 1.1.13.00 - Lexikos)
Avira (HKLM-x32\...\{dc9a688a-12cb-4a22-b449-23d849d01dc7}) (Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Broadcom Gigabit Integrated Controller (HKLM\...\{9E325417-AE9C-4EE1-A158-13DF451A5987}) (Version: 11.44.04 - Broadcom Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}) (Version: 12.26.02 - Broadcom Corporation)
Cooler Master Storm Sirus (HKLM-x32\...\{840C4737-CE18-4E8C-8DF7-584206A4B70C}) (Version: 1.0.0.5 - Cooler Master Co., Ltd.)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
Counter-Strike 1.6 (HKLM-x32\...\{13B792AA-C078-43A4-8A3A-8B12D629940D}) (Version: 1.00.0000 - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Fraps (HKLM-x32\...\Fraps) (Version: - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinRAR 4.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1429369569-4198421278-2418284756-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1429369569-4198421278-2418284756-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1429369569-4198421278-2418284756-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1429369569-4198421278-2418284756-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1429369569-4198421278-2418284756-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1429369569-4198421278-2418284756-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1429369569-4198421278-2418284756-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1429369569-4198421278-2418284756-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1429369569-4198421278-2418284756-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
18-10-2014 23:37:06 Geplanter Prüfpunkt
26-10-2014 16:23:02 Geplanter Prüfpunkt
03-11-2014 15:51:00 Geplanter Prüfpunkt
05-11-2014 14:17:49 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {A8547597-CB39-49B9-824D-3C6A3F6D2F0F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-05] (Google Inc.)
Task: {F88771CE-36EE-4989-BA90-42BA24C4F347} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-05] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-12-23 16:28 - 2014-05-20 02:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-01-08 17:12 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2014-11-05 16:03 - 2014-11-05 16:03 - 00050477 _____ () C:\Users\Dave\Downloads\Defogger.exe
2011-01-08 17:12 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2014-08-28 23:41 - 2014-08-21 19:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-28 23:41 - 2014-08-21 19:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-28 23:41 - 2014-08-21 19:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2013-11-06 13:48 - 2014-10-02 00:16 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-23 13:08 - 2014-10-21 20:22 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-28 23:41 - 2014-08-21 19:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-28 23:41 - 2014-08-21 19:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-12-11 11:40 - 2014-10-21 20:22 - 00682176 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-11-06 13:48 - 2014-09-05 00:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-11-05 15:41 - 2014-11-05 15:41 - 00014336 _____ () C:\Users\Dave\AppData\Local\Temp\WDE1D31.tmp\ml_online.lng
2014-11-05 15:41 - 2014-11-05 15:41 - 00036352 _____ () C:\Users\Dave\AppData\Local\Temp\WDE1D31.tmp\ombrowser.lng
2013-12-13 03:47 - 2013-12-13 03:47 - 00333824 _____ () C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
2014-10-15 17:51 - 2014-10-15 17:51 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1429369569-4198421278-2418284756-500 - Administrator - Disabled)
Dave (S-1-5-21-1429369569-4198421278-2418284756-1001 - Administrator - Enabled) => C:\Users\Dave
Gast (S-1-5-21-1429369569-4198421278-2418284756-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1429369569-4198421278-2418284756-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: 802.11n-Drahtlos-LAN-Karte
Description: 802.11n-Drahtlos-LAN-Karte
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/05/2014 02:35:38 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
Error: (11/05/2014 02:13:03 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
Error: (11/05/2014 01:59:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 6cc
Startzeit: 01cff8f7425be775
Endzeit: 206
Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID:
Error: (11/05/2014 01:51:47 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
Error: (11/05/2014 01:45:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 6dc
Startzeit: 01cff8f5c502efba
Endzeit: 14
Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID:
Error: (11/05/2014 01:41:07 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
Error: (11/05/2014 01:30:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.0.0.5397, Zeitstempel: 0x543924b1
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.0.0.5397, Zeitstempel: 0x5438ffbb
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x16c4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (11/05/2014 11:28:05 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
Error: (11/04/2014 01:06:20 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
Error: (11/04/2014 00:12:54 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Fehler beim Lizenzaktivierungsplaner (sppuinotify.dll). Fehlercode:
0x80070005
System errors:
=============
Error: (11/05/2014 02:13:13 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa8003a02040, 0xfffff8000445e510)C:\Windows\MEMORY.DMP110514-26504-01
Error: (11/05/2014 01:15:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.
Error: (11/04/2014 05:24:46 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "MARINA-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{F2ED052D-886C-41DC-B8CC-D8B9AF251C2E}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (11/03/2014 03:12:53 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}
Error: (11/01/2014 05:16:35 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{F2ED052D-886C-41DC-B8CC-D8B9AF251C2E}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (11/01/2014 01:14:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Error: (10/26/2014 07:54:43 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}
Error: (10/24/2014 07:44:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/24/2014 07:44:57 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.
Error: (10/23/2014 06:12:22 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "MARINA-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{F2ED052D-886C-41DC-B8CC-D8B9AF251C2E}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Microsoft Office Sessions:
=========================
Error: (11/05/2014 02:35:38 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000
Error: (11/05/2014 02:13:03 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000
Error: (11/05/2014 01:59:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.175146cc01cff8f7425be775206C:\Windows\Explorer.EXE
Error: (11/05/2014 01:51:47 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000
Error: (11/05/2014 01:45:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.175146dc01cff8f5c502efba14C:\Windows\Explorer.EXE
Error: (11/05/2014 01:41:07 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000
Error: (11/05/2014 01:30:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.0.0.5397543924b1mozalloc.dll33.0.0.53975438ffbb800000030000142516c401cff8f2192a5fd3C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll7c257e18-64e7-11e4-bc48-90fba62302a2
Error: (11/05/2014 11:28:05 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000
Error: (11/04/2014 01:06:20 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000
Error: (11/04/2014 00:12:54 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 75%
Total physical RAM: 4087.12 MB
Available physical RAM: 1002.2 MB
Total Pagefile: 8172.41 MB
Available Pagefile: 3938.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:366.47 GB) NTFS
Drive i: (Hitlers mum) (Fixed) (Total:1863.01 GB) (Free:46.93 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6C873FCD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0003990F)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-05 16:32:58
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD502HJ rev.1AJ100E4 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Dave\AppData\Local\Temp\kxldapow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003201000 45 bytes [49, 6F, 20, 20, 0C, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff8000320102f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\RocketDock\RocketDock.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075261465 2 bytes [26, 75]
.text C:\Program Files (x86)\RocketDock\RocketDock.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752614bb 2 bytes [26, 75]
.text ... * 2
.text C:\Users\Dave\Downloads\Gmer-19357.exe[5600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075261465 2 bytes [26, 75]
.text C:\Users\Dave\Downloads\Gmer-19357.exe[5600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752614bb 2 bytes [26, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5852:2688] 0000000076e97587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5852:2996] 000000005ba40cb3
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5852:5696] 0000000077822e65
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5852:4928] 0000000077823e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5852:3360] 0000000077823e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5852:5832] 0000000077823e85
---- EOF - GMER 2.1 ----
Code:
ATTFilter Die Datei 'C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\9gyzcj8o.default\cache2\entries\2227A3AB48E8CDABFD0A883B07F43D5AD6677594'
enthielt einen Virus oder unerwünschtes Programm 'HTML/Crypted.Gen' [virus].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50e070ee.qua' verschoben!
In der Datei 'C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\9gyzcj8o.default\cache2\entries\2227A3AB48E8CDABFD0A883B07F43D5AD6677594'
wurde ein Virus oder unerwünschtes Programm 'HTML/Crypted.Gen' [virus] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
Bis hierhin schonmal vielen Dank  Mfg Dave465 |
| Themen zu Windows 7/ Hoher Ping - Sehr langsames Internet |
| bluescreen 0x0000009f, bluescreen 0x800700050, ccsetup, computer, fehlercode 0x0, fehlercode 0x80000003, fehlercode 22, fehlercode windows, flash player, html/crypted.gen, memory.dmp, problem, rocketdock - detected unsignedfile.multi.generic, security, starten, svchost.exe, teamspeak, this device is disabled. (code 22), trojaner, trojaner board, win32/downloadsponsor.a, win32/packed.vmprotect.aaa, windows xp |
Baum-Darstellung