![]() |
|
Plagegeister aller Art und deren Bekämpfung: Windows 7/ Hoher Ping - Sehr langsames InternetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
| ![]() Windows 7/ Hoher Ping - Sehr langsames Internet Hallo liebes Trojaner Board Team, habe folgendes Problem : Meine Internetleistung schwankt sehr stark. Bin zwar in einem Wohnheim mit ca 60 Clients, aber habe im Vergleich zu anderen Usern einen ca. 100-300ms höheren Ping, der sich auf ca. 500ms einpendelt. Oft ist dann gar keine Verbindung mehr zum Netzwerk möglich. Deaktivieren/Aktivieren der Netzwerkverbindung geht dann auch nicht mehr, da nach längerer Wartezeit einfach nichts passiert. Wenn ich dann versuche den PC neu zu starten, ist das nur durch einen reset machbar, da der Pc automatisch nicht mehr herunter fährt. Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014 Ran by Dave (administrator) on DAVE-PC on 05-11-2014 16:05:54 Running from C:\Users\dave\Downloads Loaded Profile: Dave (Available profiles: dave) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (C-MEDIA Electronics INC.) C:\Program Files\Cooler Master Storm Sirus\CPL\Storm Sirus.exe (Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe () C:\Program Files (x86)\RocketDock\RocketDock.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Corporation) C:\Windows\System32\audiodg.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe () C:\Users\Dave\Downloads\Defogger.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.) HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Cm106Sound] => C:\Program Files\Cooler Master Storm Sirus\CPL\Storm Sirus.exe [278016 2011-07-15] (C-MEDIA Electronics INC.) HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-07] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124720 2014-10-09] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-1429369569-4198421278-2418284756-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1938624 2014-10-21] (Valve Corporation) HKU\S-1-5-21-1429369569-4198421278-2418284756-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\S-1-5-21-1429369569-4198421278-2418284756-1001\...\MountPoints2: {6d351eca-c711-11e3-b698-90fba62302a2} - J:\Install\Install.exe HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-12-25] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x777D5FD0A55CCA01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 FireFox: ======== FF ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\9gyzcj8o.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\9gyzcj8o.default\Extensions\abs@avira.com [2014-09-30] FF Extension: YouTube Unblocker - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\9gyzcj8o.default\Extensions\youtubeunblocker@unblocker.yt [2014-10-16] FF Extension: Flashblock - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\9gyzcj8o.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-05-11] FF Extension: Classic Theme Restorer - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\9gyzcj8o.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-11] FF Extension: {790062c4-0ee5-402e-a33f-5b8d2a723123} - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\9gyzcj8o.default\Extensions\{790062c4-0ee5-402e-a33f-5b8d2a723123}.xpi [2014-07-27] FF Extension: tab plugin - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\9gyzcj8o.default\Extensions\{91af9ff8-8f43-4484-8bec-1af2989cb6d9}.xpi [2014-07-31] FF Extension: Adblock Plus - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\9gyzcj8o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-11] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [994096 2014-10-07] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [162096 2014-10-09] (Avira Operations GmbH & Co. KG) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-07] (Avira Operations GmbH & Co. KG) R3 CMUAC; C:\Windows\System32\DRIVERS\CMUAC.SYS [111104 2011-07-14] (C-Media Inc.) R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) S3 FXDrv32; \??\D:\FXDrv64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-05 16:05 - 2014-11-05 16:06 - 00013030 _____ () C:\Users\Dave\Downloads\FRST.txt 2014-11-05 16:05 - 2014-11-05 16:05 - 02114560 _____ (Farbar) C:\Users\Dave\Downloads\FRST64.exe 2014-11-05 16:05 - 2014-11-05 16:05 - 00000000 ____D () C:\FRST 2014-11-05 16:03 - 2014-11-05 16:04 - 00000470 _____ () C:\Users\Dave\Downloads\defogger_disable.log 2014-11-05 16:03 - 2014-11-05 16:03 - 00050477 _____ () C:\Users\Dave\Downloads\Defogger.exe 2014-11-05 16:03 - 2014-11-05 16:03 - 00000000 _____ () C:\Users\Dave\defogger_reenable 2014-11-05 15:39 - 2014-11-05 15:39 - 00000000 ____D () C:\Program Files\Google 2014-11-05 15:38 - 2014-11-05 15:39 - 00000000 ____D () C:\ProgramData\Google 2014-11-05 15:37 - 2014-11-05 15:49 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-05 15:37 - 2014-11-05 15:49 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-05 15:37 - 2014-11-05 15:44 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-05 15:37 - 2014-11-05 15:44 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-11-05 15:37 - 2014-11-05 15:39 - 00000000 ____D () C:\Program Files (x86)\Google 2014-11-05 15:37 - 2014-11-05 15:37 - 00000000 ____D () C:\Users\Dave\AppData\Local\Google 2014-11-05 15:36 - 2014-11-05 15:36 - 04976456 _____ (Piriform Ltd) C:\Users\Dave\Downloads\ccsetup419.exe 2014-11-05 15:30 - 2014-11-05 15:30 - 00339257 _____ () C:\Users\Dave\Downloads\CleanUp452.exe 2014-11-05 15:30 - 2014-11-05 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp! 2014-11-05 15:18 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-11-05 15:18 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-11-05 15:18 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-11-05 15:18 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-11-05 15:18 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-11-05 15:18 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-11-05 15:18 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-11-05 15:18 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-11-05 15:07 - 2014-11-05 15:07 - 00008528 _____ () C:\Users\Dave\Downloads\hijackthis.log 2014-11-05 15:06 - 2014-11-05 15:07 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dave\Downloads\HijackThis.exe 2014-11-05 14:59 - 2014-11-05 14:59 - 00000000 ____D () C:\Windows\Sun 2014-11-04 13:12 - 2014-11-04 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-11-03 22:41 - 2014-11-03 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-11-03 22:41 - 2014-11-03 22:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-11-03 22:41 - 2014-11-03 22:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-11-03 22:40 - 2014-11-03 22:40 - 13087456 _____ (Microsoft Corporation) C:\Users\Dave\Downloads\Silverlight_x64.exe 2014-10-21 18:09 - 2014-10-21 18:09 - 29791494 _____ () C:\Users\Dave\Downloads\wetransfer-132581.zip 2014-10-19 17:33 - 2014-10-19 17:33 - 00000015 _____ () C:\Users\Dave\Desktop\2014-11-19 1733.txt 2014-10-17 20:54 - 2014-10-17 20:55 - 99011288 _____ () C:\Users\Dave\Downloads\Enisum - Samoht Nara (2014).rar 2014-10-15 17:51 - 2014-10-16 12:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-05 16:05 - 2013-12-23 15:58 - 01879274 _____ () C:\Windows\WindowsUpdate.log 2014-11-05 16:03 - 2013-12-23 16:03 - 00000000 ____D () C:\Users\Dave 2014-11-05 15:49 - 2009-07-14 18:58 - 00696832 _____ () C:\Windows\system32\perfh007.dat 2014-11-05 15:49 - 2009-07-14 18:58 - 00148128 _____ () C:\Windows\system32\perfc007.dat 2014-11-05 15:49 - 2009-07-14 06:13 - 01634396 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-05 15:42 - 2013-12-23 16:29 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-11-05 15:41 - 2013-12-24 15:20 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\TS3Client 2014-11-05 15:40 - 2014-07-30 14:24 - 00000000 ____D () C:\Windows\Minidump 2014-11-05 15:40 - 2013-12-23 15:54 - 00000000 ____D () C:\Windows\Panther 2014-11-05 15:35 - 2013-12-23 16:44 - 01590298 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-11-05 15:23 - 2013-12-23 18:04 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-05 14:35 - 2013-12-23 16:28 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-11-05 14:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-05 13:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-11-04 13:12 - 2014-09-19 09:57 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-11-04 13:12 - 2014-08-07 14:02 - 00000000 ____D () C:\ProgramData\Package Cache 2014-11-04 13:12 - 2013-12-23 16:12 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-11-04 00:27 - 2009-07-14 05:45 - 00012560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-04 00:27 - 2009-07-14 05:45 - 00012560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-28 23:15 - 2013-12-23 17:04 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\vlc 2014-10-22 22:30 - 2014-04-22 14:09 - 00000000 ___RD () C:\Users\Dave\Dropbox 2014-10-22 14:12 - 2014-04-22 14:08 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-10-22 14:12 - 2014-04-22 14:07 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Dropbox 2014-10-12 21:16 - 2013-12-23 16:58 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client 2014-10-07 11:31 - 2013-12-23 16:12 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-10-07 11:31 - 2013-12-23 16:12 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-10-07 11:31 - 2013-12-23 16:12 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys Some content of TEMP: ==================== C:\Users\Dave\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-26 17:15 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014 Ran by Dave at 2014-11-05 16:07:09 Running from C:\Users\Dave\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) AutoHotkey 1.1.13.00 (HKLM\...\AutoHotkey) (Version: 1.1.13.00 - Lexikos) Avira (HKLM-x32\...\{dc9a688a-12cb-4a22-b449-23d849d01dc7}) (Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira) Broadcom Gigabit Integrated Controller (HKLM\...\{9E325417-AE9C-4EE1-A158-13DF451A5987}) (Version: 11.44.04 - Broadcom Corporation) Broadcom Gigabit NetLink Controller (HKLM\...\{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}) (Version: 12.26.02 - Broadcom Corporation) Cooler Master Storm Sirus (HKLM-x32\...\{840C4737-CE18-4E8C-8DF7-584206A4B70C}) (Version: 1.0.0.5 - Cooler Master Co., Ltd.) Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve) Counter-Strike 1.6 (HKLM-x32\...\{13B792AA-C078-43A4-8A3A-8B12D629940D}) (Version: 1.00.0000 - ) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve) Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.) Fraps (HKLM-x32\...\Fraps) (Version: - ) GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 33.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla) NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation) NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH) VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes) VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) WinRAR 4.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1429369569-4198421278-2418284756-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1429369569-4198421278-2418284756-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1429369569-4198421278-2418284756-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1429369569-4198421278-2418284756-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1429369569-4198421278-2418284756-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1429369569-4198421278-2418284756-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1429369569-4198421278-2418284756-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1429369569-4198421278-2418284756-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1429369569-4198421278-2418284756-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 18-10-2014 23:37:06 Geplanter Prüfpunkt 26-10-2014 16:23:02 Geplanter Prüfpunkt 03-11-2014 15:51:00 Geplanter Prüfpunkt 05-11-2014 14:17:49 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {A8547597-CB39-49B9-824D-3C6A3F6D2F0F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-05] (Google Inc.) Task: {F88771CE-36EE-4989-BA90-42BA24C4F347} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-05] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-12-23 16:28 - 2014-05-20 02:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2011-01-08 17:12 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe 2014-11-05 16:03 - 2014-11-05 16:03 - 00050477 _____ () C:\Users\Dave\Downloads\Defogger.exe 2011-01-08 17:12 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll 2014-08-28 23:41 - 2014-08-21 19:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2014-08-28 23:41 - 2014-08-21 19:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2014-08-28 23:41 - 2014-08-21 19:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2013-11-06 13:48 - 2014-10-02 00:16 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2014-05-23 13:08 - 2014-10-21 20:22 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll 2014-08-28 23:41 - 2014-08-21 19:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2014-08-28 23:41 - 2014-08-21 19:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2013-12-11 11:40 - 2014-10-21 20:22 - 00682176 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2013-11-06 13:48 - 2014-09-05 00:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2014-11-05 15:41 - 2014-11-05 15:41 - 00014336 _____ () C:\Users\Dave\AppData\Local\Temp\WDE1D31.tmp\ml_online.lng 2014-11-05 15:41 - 2014-11-05 15:41 - 00036352 _____ () C:\Users\Dave\AppData\Local\Temp\WDE1D31.tmp\ombrowser.lng 2013-12-13 03:47 - 2013-12-13 03:47 - 00333824 _____ () C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac 2014-10-15 17:51 - 2014-10-15 17:51 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1429369569-4198421278-2418284756-500 - Administrator - Disabled) Dave (S-1-5-21-1429369569-4198421278-2418284756-1001 - Administrator - Enabled) => C:\Users\Dave Gast (S-1-5-21-1429369569-4198421278-2418284756-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-1429369569-4198421278-2418284756-1002 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: 802.11n-Drahtlos-LAN-Karte Description: 802.11n-Drahtlos-LAN-Karte Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Ralink Technology, Corp. Service: netr28x Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (11/05/2014 02:35:38 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005. Error: (11/05/2014 02:13:03 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005. Error: (11/05/2014 01:59:19 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Explorer.EXE, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 6cc Startzeit: 01cff8f7425be775 Endzeit: 206 Anwendungspfad: C:\Windows\Explorer.EXE Berichts-ID: Error: (11/05/2014 01:51:47 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005. Error: (11/05/2014 01:45:06 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Explorer.EXE, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 6dc Startzeit: 01cff8f5c502efba Endzeit: 14 Anwendungspfad: C:\Windows\Explorer.EXE Berichts-ID: Error: (11/05/2014 01:41:07 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005. Error: (11/05/2014 01:30:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.0.0.5397, Zeitstempel: 0x543924b1 Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.0.0.5397, Zeitstempel: 0x5438ffbb Ausnahmecode: 0x80000003 Fehleroffset: 0x00001425 ID des fehlerhaften Prozesses: 0x16c4 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (11/05/2014 11:28:05 AM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005. Error: (11/04/2014 01:06:20 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005. Error: (11/04/2014 00:12:54 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: ) Description: Fehler beim Lizenzaktivierungsplaner (sppuinotify.dll). Fehlercode: 0x80070005 System errors: ============= Error: (11/05/2014 02:13:13 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa8003a02040, 0xfffff8000445e510)C:\Windows\MEMORY.DMP110514-26504-01 Error: (11/05/2014 01:15:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht. Error: (11/04/2014 05:24:46 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "MARINA-PC", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{F2ED052D-886C-41DC-B8CC-D8B9AF251C2E}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (11/03/2014 03:12:53 PM) (Source: DCOM) (EventID: 10001) (User: ) Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} Error: (11/01/2014 05:16:35 PM) (Source: BROWSER) (EventID: 8032) (User: ) Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{F2ED052D-886C-41DC-B8CC-D8B9AF251C2E}" zu oft fehl. Der Sicherungssuchdienst wird beendet. Error: (11/01/2014 01:14:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht. Error: (10/26/2014 07:54:43 PM) (Source: DCOM) (EventID: 10001) (User: ) Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} Error: (10/24/2014 07:44:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (10/24/2014 07:44:57 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht. Error: (10/23/2014 06:12:22 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "MARINA-PC", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{F2ED052D-886C-41DC-B8CC-D8B9AF251C2E}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Microsoft Office Sessions: ========================= Error: (11/05/2014 02:35:38 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: 0x800700050x00000000 Error: (11/05/2014 02:13:03 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: 0x800700050x00000000 Error: (11/05/2014 01:59:19 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Explorer.EXE6.1.7601.175146cc01cff8f7425be775206C:\Windows\Explorer.EXE Error: (11/05/2014 01:51:47 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: 0x800700050x00000000 Error: (11/05/2014 01:45:06 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Explorer.EXE6.1.7601.175146dc01cff8f5c502efba14C:\Windows\Explorer.EXE Error: (11/05/2014 01:41:07 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: 0x800700050x00000000 Error: (11/05/2014 01:30:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe33.0.0.5397543924b1mozalloc.dll33.0.0.53975438ffbb800000030000142516c401cff8f2192a5fd3C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll7c257e18-64e7-11e4-bc48-90fba62302a2 Error: (11/05/2014 11:28:05 AM) (Source: Winlogon) (EventID: 4103) (User: ) Description: 0x800700050x00000000 Error: (11/04/2014 01:06:20 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: 0x800700050x00000000 Error: (11/04/2014 00:12:54 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: ) Description: 0x80070005 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz Percentage of memory in use: 75% Total physical RAM: 4087.12 MB Available physical RAM: 1002.2 MB Total Pagefile: 8172.41 MB Available Pagefile: 3938.52 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:366.47 GB) NTFS Drive i: (Hitlers mum) (Fixed) (Total:1863.01 GB) (Free:46.93 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6C873FCD) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0003990F) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-11-05 16:32:58 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD502HJ rev.1AJ100E4 465,76GB Running: Gmer-19357.exe; Driver: C:\Users\Dave\AppData\Local\Temp\kxldapow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003201000 45 bytes [49, 6F, 20, 20, 0C, 00, 00, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff8000320102f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\RocketDock\RocketDock.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075261465 2 bytes [26, 75] .text C:\Program Files (x86)\RocketDock\RocketDock.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752614bb 2 bytes [26, 75] .text ... * 2 .text C:\Users\Dave\Downloads\Gmer-19357.exe[5600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075261465 2 bytes [26, 75] .text C:\Users\Dave\Downloads\Gmer-19357.exe[5600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752614bb 2 bytes [26, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5852:2688] 0000000076e97587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5852:2996] 000000005ba40cb3 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5852:5696] 0000000077822e65 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5852:4928] 0000000077823e85 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5852:3360] 0000000077823e85 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5852:5832] 0000000077823e85 ---- EOF - GMER 2.1 ---- Code:
ATTFilter Die Datei 'C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\9gyzcj8o.default\cache2\entries\2227A3AB48E8CDABFD0A883B07F43D5AD6677594' enthielt einen Virus oder unerwünschtes Programm 'HTML/Crypted.Gen' [virus]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50e070ee.qua' verschoben! In der Datei 'C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\9gyzcj8o.default\cache2\entries\2227A3AB48E8CDABFD0A883B07F43D5AD6677594' wurde ein Virus oder unerwünschtes Programm 'HTML/Crypted.Gen' [virus] gefunden. Ausgeführte Aktion: Übergeben an Scanner Bis hierhin schonmal vielen Dank ![]() Mfg Dave465 |
Themen zu Windows 7/ Hoher Ping - Sehr langsames Internet |
bluescreen 0x0000009f, bluescreen 0x800700050, ccsetup, computer, fehlercode 0x0, fehlercode 0x80000003, fehlercode 22, fehlercode windows, flash player, html/crypted.gen, memory.dmp, problem, rocketdock - detected unsignedfile.multi.generic, security, starten, svchost.exe, teamspeak, this device is disabled. (code 22), trojaner, trojaner board, win32/downloadsponsor.a, win32/packed.vmprotect.aaa, windows xp |