|
Plagegeister aller Art und deren Bekämpfung: Anti Spyware+ Antivirus ohne funktion, PC langsam, "Setting.DisableTaskMgr", "Setting.DisableRegistryTools"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.12.2014, 14:12 | #1 |
| Anti Spyware+ Antivirus ohne funktion, PC langsam, "Setting.DisableTaskMgr", "Setting.DisableRegistryTools" Hallo liebes Trojaner Board Team. Gestern Abend lief der gute Rechner noch ohne Probleme, heute Plötzlich sehr langsames Ansprechen auf alle Befehle, einige Programme Startern gar nicht erst. MBAM verharrt Regungslos in der Taskleiste. Per Emsisoft hatte ich dann die oben genannten Trojaner? gefunden. Los werde ich die Plagegeister, trotz einiger Versuche aber nichtmehr, deswegen bitte ich um eure Hilfe. Anbei noch je die Addition.txt und die FRST.txt Vielen Dank im voraus!! Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014 Ran by Danny at 2014-12-05 14:07:52 Running from C:\Users\Danny\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Panda Free Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C} AS: Panda Free Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\{BCFB58FF-181E-472F-A9DB-827B75C1EDF7}) (Version: 12.0.4.144 - Adobe Systems, Inc) aerosoft's - German Airports 3 - Berlin-Tegel X (HKLM-x32\...\{3DAD565E-1275-4EE8-9568-932CB7B75FB8}) (Version: 1.00 - aerosoft) Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.6 - Sereby Corporation) Ashampoo Burning Studio 2013 v.11.0.6 (HKLM-x32\...\{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1) (Version: 11.0.6 - Ashampoo GmbH & Co. KG) Assassins Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version: - Ubisoft) Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB) Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - ) CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq2414) (Version: - Canon Inc.) Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.) FormatFactory 3.3.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.1.0 - Format Factory) FSDreamTeam GSX FSX (HKLM-x32\...\FSDreamTeam GSX FSX_is1) (Version: 1.8.4 - VIRTUALI s.a.s.) Ground Environment X Europe (HKLM-x32\...\Ground Environment X Europe) (Version: - ) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.9.254 - Intel Corporation) Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Juniper Networks Setup Client (HKU\S-1-5-21-1203117988-4294000735-3354723111-1000\...\Juniper_Setup_Client) (Version: 8.0.4.47117 - Juniper Networks) Junos Pulse 5.0 (HKLM-x32\...\Junos Pulse 5.0) (Version: 5.0.47117 - Juniper Networks, Inc.) Junos Pulse Core Components (x32 Version: 5.0.47117 - Juniper Networks) Hidden Junos Pulse Drivers Add-On (Version: 5.0.47117 - Juniper Networks) Hidden Junos Pulse Host Checker Plugin Add-On (x32 Version: 5.0.47117 - Juniper Networks) Hidden Junos Pulse Tunnel Manager Add-On (x32 Version: 5.0.47117 - Juniper Networks) Hidden Junos Pulse UAC/NC Components (x32 Version: 5.0.47117 - Juniper Networks) Hidden Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version: - ) Microsoft .NET Framework 1.1 SP1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: - ) Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Flight Simulator X Service Pack 2 (HKLM-x32\...\{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}) (Version: 10.0.61472.0 - Microsoft Game Studios) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60830 (HKLM-x32\...\{c7ed0d4c-89c5-47fc-9e89-1088affe63f3}) (Version: 11.0.60830.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60830 (HKLM-x32\...\{9dba0447-b749-41ea-90bc-2aa19a9eb580}) (Version: 11.0.60830.0 - Microsoft Corporation) Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation) Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) NVIDIA Grafiktreiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.) Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.03 - Panda Security) Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.01.0000 - Panda Security) Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden PDF-XChange Editor (HKLM-x32\...\{87738bc6-bdf0-4e55-86b5-32ddece8f51d}) (Version: 5.5.308.2 - Tracker Software Products (Canada) Ltd.) PDF-XChange Editor (Version: 5.5.308.2 - Tracker Software Products (Canada) Ltd.) Hidden PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.) Python 2.7.8 (64-bit) (HKLM\...\{61121B12-88BD-4261-A6EE-AB32610A56De}) (Version: 2.7.8150 - Python Software Foundation) Real Environment Xtreme Essential (HKLM-x32\...\{DBDF2E37-701F-416F-92F6-1A239C666AA3}) (Version: 3.0.2012.0522 - REX Game Studios, LLC.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6559 - Realtek Semiconductor Corp.) Samsung CLP-360 Series (HKLM-x32\...\Samsung CLP-360 Series) (Version: 1.10 (25.06.2013) - Samsung Electronics Co., Ltd.) Self-Service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden SkyMaxx Pro (HKLM-x32\...\SkyMaxx Pro 2.1) (Version: 2.1 - X-Aviation) StarMoney (x32 Version: 3.0.0.124 - StarFinanz) Hidden SteveFX DX10 Scenery Fixer (HKLM-x32\...\DX10SceneryFixer) (Version: - ) TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design) TS-Noise version 1.0.0.4 (HKLM-x32\...\{95F8797E-AA88-4DB2-B8C6-D57902B4F372}_is1) (Version: 1.0.0.4 - Froom) Uplay (HKLM-x32\...\Uplay) (Version: 4.0 - Ubisoft) VC8 CRT (Version: 8.0.50727.762 - Juniper Networks) Hidden VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Wise Care 365 version 2.45 (HKLM-x32\...\{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1) (Version: 2.45 - WiseCleaner.com, Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 05-12-2014 12:46:35 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2014-11-03 17:00 - 00000027 ___AC C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {C4CDF048-BB49-4D45-9500-A61A6CB3E0A8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-03] (Adobe Systems Incorporated) Task: {CC02857A-29B2-48D9-B108-1406B1BC99F1} - System32\Tasks\Wise Turbo Checker => D:\Wise\Wise Care 365\WiseTurbo.exe [2013-05-13] (WiseCleaner.COM) Task: {E965D363-E00C-4C60-9A1B-54EDE5ED8887} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Wise Turbo Checker.job => D:\Wise\Wise Care 365\WiseTurbo.exe ==================== Loaded Modules (whitelisted) ============= 2014-11-04 16:20 - 2014-11-12 22:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-03-28 11:13 - 2006-02-23 11:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll 2014-03-28 11:13 - 2006-02-22 10:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll 2013-11-30 16:40 - 2013-05-15 07:30 - 00034304 _____ () C:\Windows\System32\sst6clm.dll 2013-11-29 18:52 - 2010-06-03 13:36 - 00053248 _____ () C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () D:\Panda Security\Panda Security Protection\SQLite3.dll 2014-10-17 18:47 - 2014-10-17 18:47 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\712c383e9837b8c37b3107f22be9455c\PSIClient.ni.dll 2014-01-04 18:52 - 2013-09-16 20:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2014-11-11 12:07 - 2014-11-11 12:07 - 03649648 _____ () D:\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:74603393 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AxInstSV => 3 MSCONFIG\Services: wuauserv => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup MSCONFIG\startupreg: BCSSync => "D:\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup MSCONFIG\startupreg: D-Link D-Link Wireless N DWA-140 => C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 MSCONFIG\startupreg: JunosPulse => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe -tray MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-1203117988-4294000735-3354723111-500 - Administrator - Disabled) Danny (S-1-5-21-1203117988-4294000735-3354723111-1000 - Administrator - Enabled) => C:\Users\Danny Guest (S-1-5-21-1203117988-4294000735-3354723111-501 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/05/2014 01:56:15 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm FRST64.exe, Version 3.12.2014.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 135c Startzeit: 01d0108ac1f51281 Endzeit: 16 Anwendungspfad: C:\Users\Danny\Downloads\FRST64.exe Berichts-ID: 176cfebf-7c7e-11e4-bba3-bc5ff4534218 System errors: ============= Error: (12/05/2014 02:07:57 PM) (Source: cdrom) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden. Error: (12/05/2014 02:07:57 PM) (Source: cdrom) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden. Error: (12/05/2014 02:07:57 PM) (Source: cdrom) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden. Error: (12/05/2014 02:07:57 PM) (Source: cdrom) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden. Error: (12/05/2014 02:07:57 PM) (Source: cdrom) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden. Error: (12/05/2014 02:07:57 PM) (Source: cdrom) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden. Error: (12/05/2014 02:07:57 PM) (Source: cdrom) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden. Error: (12/05/2014 02:07:57 PM) (Source: cdrom) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden. Error: (12/05/2014 02:07:57 PM) (Source: cdrom) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden. Error: (12/05/2014 02:07:57 PM) (Source: cdrom) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden. Microsoft Office Sessions: ========================= Error: (12/05/2014 01:56:15 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: FRST64.exe3.12.2014.0135c01d0108ac1f5128116C:\Users\Danny\Downloads\FRST64.exe176cfebf-7c7e-11e4-bba3-bc5ff4534218 CodeIntegrity Errors: =================================== Date: 2014-11-10 10:50:42.952 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\FreshDevices\FreshDiagnose\FreshIO.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-11-10 10:50:42.924 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\FreshDevices\FreshDiagnose\FreshIO.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-10-17 16:12:30.097 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-10-17 16:12:30.066 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz Percentage of memory in use: 24% Total physical RAM: 8080.79 MB Available physical RAM: 6111.32 MB Total Pagefile: 8078.97 MB Available Pagefile: 5882.45 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Windows 7) (Fixed) (Total:45.02 GB) (Free:12.92 GB) NTFS Drive d: (Anwendungen) (Fixed) (Total:9.86 GB) (Free:7.72 GB) NTFS Drive e: (Games) (Fixed) (Total:74.12 GB) (Free:38.66 GB) NTFS Drive f: (Daten I) (Fixed) (Total:90.12 GB) (Free:64.93 GB) NTFS Drive g: (Daten II) (Fixed) (Total:90.12 GB) (Free:60.35 GB) NTFS Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014 Ran by Danny (administrator) on DANNY-PC on 05-12-2014 14:08:28 Running from C:\Users\Danny\Downloads Loaded Profile: Danny (Available profiles: Danny) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Englisch (USA) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Panda Security, S.L.) D:\Panda Security\Panda Security Protection\PSANHost.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe (Panda Security, S.L.) D:\Panda Security\Panda Security Protection\PSUAService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Panda Security, S.L.) D:\Panda Security\Panda Security Protection\PSUAMain.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Mozilla Corporation) D:\Mozilla Firefox\firefox.exe (Emsisoft GmbH) C:\EEK\bin\a2emergencykit.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-07-18] (Intel Corporation) HKLM-x32\...\Run: [PSUAMain] => D:\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-07-24] (Panda Security, S.L.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1203117988-4294000735-3354723111-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1203117988-4294000735-3354723111-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1203117988-4294000735-3354723111-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{4BE48BA1-BD85-438A-8C34-904AEFF55E29}: [NameServer] 172.28.64.1,172.28.64.2 FireFox: ======== FF ProfilePath: C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\6l2p3kmq.default FF SearchEngineOrder.1: SuchMaschine FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> D:\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> D:\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.1.1 -> d:\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> d:\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 -> d:\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> d:\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.) FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> D:\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-1203117988-4294000735-3354723111-1000: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> D:\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.) FF SearchPlugin: C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\6l2p3kmq.default\searchplugins\search_engine.xml FF Extension: FireShot - C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\6l2p3kmq.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-11-08] FF Extension: DownloadHelper - C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\6l2p3kmq.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06] FF StartMenuInternet: FIREFOX.EXE - D:\Mozilla Firefox\firefox.exe Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 D-Link Wireless N DWA-140_WPS; C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe [53248 2010-06-03] () [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) S3 Microsoft SharePoint Workspace Audit Service; D:\Microsoft Office\Office14\GROOVE.EXE [50942144 2013-12-19] (Microsoft Corporation) R2 NanoServiceMain; D:\Panda Security\Panda Security Protection\PSANHost.exe [141560 2014-07-24] (Panda Security, S.L.) R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [61688 2014-07-23] (Panda Security, S.L.) S3 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-07-01] () R2 PSUAService; D:\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-07-24] (Panda Security, S.L.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2014-12-05] (Emsisoft GmbH) R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] () S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96256 2013-07-05] (Advanced Micro Devices) [File not signed] R3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-12-05] (Emsisoft GmbH) S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation) R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] () R1 jnprns; C:\Windows\System32\DRIVERS\jnprns.sys [506160 2014-04-04] (Juniper Networks) S4 jnprTdi_804_47117; C:\Windows\system32\Drivers\jnprTdi_804_47117.sys [108344 2014-06-06] (Juniper Networks, Inc.) S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [30072 2013-10-12] (Juniper Networks, Inc.) R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [45352 2013-10-12] (Juniper Networks, Inc.) S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-05] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.) R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.) R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.) R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.) R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.) R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.) R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.) R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.) R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.) R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.) R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.) R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.) R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation) R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [160800 2014-07-24] (Panda Security, S.L.) R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [120352 2014-07-24] (Panda Security, S.L.) R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.) R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.) R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.) R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [106016 2014-07-24] (Panda Security, S.L.) R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.) R3 STTub203; C:\Windows\System32\Drivers\STTub203.sys [33280 2007-05-02] () S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X] S3 FreshIO; \??\D:\FreshDevices\FreshDiagnose\FreshIO.sys [X] S3 JNPRNA; system32\DRIVERS\jnprna6.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-05 14:07 - 2014-12-05 14:08 - 00017481 ____C () C:\Users\Danny\Downloads\FRST.txt 2014-12-05 14:07 - 2014-12-05 14:08 - 00000000 ___DC () C:\FRST 2014-12-05 14:07 - 2014-12-05 14:07 - 02117632 ____C (Farbar) C:\Users\Danny\Downloads\FRST64.exe 2014-12-05 14:07 - 2014-12-05 14:07 - 00023003 ____C () C:\Users\Danny\Downloads\Addition.txt 2014-12-05 13:53 - 2014-12-05 13:53 - 00000000 _SHDC () C:\Users\Danny\AppData\Local\EmieBrowserModeList 2014-12-05 13:21 - 2014-12-05 14:02 - 00000000 ___DC () C:\EEK 2014-12-05 13:21 - 2014-12-05 13:21 - 00000752 ____C () C:\Users\Danny\Desktop\Start Emsisoft Emergency Kit.lnk 2014-12-05 13:18 - 2014-03-25 14:15 - 00060400 ____C (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys 2014-12-05 12:18 - 2014-12-05 12:20 - 164316704 ____C () C:\Users\Danny\Downloads\EmsisoftEmergencyKit.exe 2014-12-05 12:05 - 2014-12-05 12:05 - 00000000 ___DC () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-05 12:03 - 2014-12-05 12:03 - 00000000 ___DC () C:\Program Files (x86)\ESET 2014-12-05 12:01 - 2014-12-05 13:53 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-05 12:01 - 2014-12-05 12:05 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-05 12:00 - 2014-12-05 12:00 - 20447072 ____C (Malwarebytes Corporation ) C:\Users\Danny\Downloads\mbam-setup-2.0.4.1028.exe 2014-12-05 12:00 - 2014-12-05 12:00 - 00000000 ___DC () C:\ProgramData\Malwarebytes 2014-12-05 12:00 - 2014-10-01 11:11 - 00093400 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-05 12:00 - 2014-10-01 11:11 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-05 12:00 - 2014-10-01 11:11 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-04 19:38 - 2014-12-05 13:57 - 00215336 ____C () C:\Windows\WindowsUpdate.log 2014-12-04 19:36 - 2014-12-05 13:54 - 00000560 ____C () C:\Windows\setupact.log 2014-12-04 19:36 - 2014-12-04 19:36 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7 2014-12-04 19:36 - 2014-12-04 19:36 - 00000000 ____C () C:\Windows\setuperr.log 2014-12-04 19:35 - 2014-12-05 13:18 - 00007122 ____C () C:\Windows\PFRO.log 2014-12-04 18:20 - 2014-11-13 01:20 - 31893136 ____C (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 24557712 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 20922512 ____C (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 19966344 ____C (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 17259664 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 16884632 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 14032984 ____C (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 13944952 ____C (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 13213512 ____C (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-12-04 18:20 - 2014-11-13 01:20 - 11397744 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 11336432 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 04292416 ____C (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 04011208 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 02874456 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 01876296 ____C (NVIDIA Corporation) C:\Windows\system32\nvdispco6434475.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 01540424 ____C (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434475.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00964928 ____C (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00935240 ____C (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00923792 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00900928 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00871648 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00500880 ____C (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00418112 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00393024 ____C (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00352016 ____C (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00348304 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00303600 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00174856 ____C (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00156840 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2014-12-04 18:20 - 2014-10-03 20:23 - 00038216 ____C (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-12-04 18:20 - 2014-10-03 20:23 - 00035144 ____C (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2014-12-04 18:20 - 2014-10-03 20:23 - 00032584 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-12-04 12:02 - 2014-12-04 12:20 - 00000000 ___DC () C:\Users\Danny\AppData\Roaming\DiskSpaceFan 2014-12-03 11:28 - 2014-12-03 11:28 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkyMaxx Pro 2014-11-19 20:18 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 20:18 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 20:18 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 20:18 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-15 19:43 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-15 19:43 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-15 19:43 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-15 19:43 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-15 19:43 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-11-15 19:43 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-15 19:43 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-15 19:43 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-15 19:43 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-15 19:43 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-15 19:43 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-15 19:43 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-15 19:43 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-15 19:43 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-15 19:43 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-15 19:43 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-15 19:43 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-15 19:43 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-15 19:43 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-15 19:43 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-15 19:43 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-15 19:43 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-15 19:43 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-15 19:43 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-15 19:43 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-15 19:43 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-15 19:43 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-15 19:43 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-15 19:43 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-15 19:43 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-15 19:43 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-15 19:43 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-15 19:43 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-15 19:43 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-15 19:43 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-15 19:43 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-15 19:43 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-15 19:43 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-15 19:43 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-15 19:43 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-11-15 19:43 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-15 19:43 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-15 19:43 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-15 19:43 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-15 19:43 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-15 19:43 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-15 19:43 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-15 19:43 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-15 19:43 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-15 19:43 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-15 19:43 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-15 19:43 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-15 19:43 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-15 19:43 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-15 19:43 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-15 19:43 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-15 19:43 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-15 19:43 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-15 19:43 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-15 19:43 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-15 19:43 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-15 19:43 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-15 19:43 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-15 19:43 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-15 19:43 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-15 19:43 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-15 19:43 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-15 19:43 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-15 19:42 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-15 19:42 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-15 19:42 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-15 19:42 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-15 19:42 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-15 19:42 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-15 19:42 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-15 19:42 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-15 19:42 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-15 19:42 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-15 19:42 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-15 19:42 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-15 19:42 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-15 19:42 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-15 19:42 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-15 19:42 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-15 19:42 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-15 19:42 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-15 19:42 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-15 19:42 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-15 19:42 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-15 19:42 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-15 19:42 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-15 19:42 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-15 19:42 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-15 19:42 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-15 19:42 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-15 19:42 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-15 19:42 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-15 19:42 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-15 19:42 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-15 19:42 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-15 19:42 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-12 12:53 - 2014-11-12 12:53 - 00000000 ___DC () C:\Users\Danny\AppData\Local\Froom 2014-11-11 20:09 - 2014-12-04 18:28 - 00000000 ___DC () C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\X-Plane Python Interface 2014-11-11 12:03 - 2014-11-04 01:04 - 01876296 ____C (NVIDIA Corporation) C:\Windows\system32\nvdispco6434465.dll 2014-11-11 12:03 - 2014-11-04 01:04 - 01539272 ____C (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434465.dll 2014-11-11 10:32 - 2014-11-11 10:32 - 00000000 ___DC () C:\ProgramData\Licenses 2014-11-11 10:23 - 2014-11-11 10:35 - 00000000 ___DC () C:\Users\Danny\AppData\Roaming\Virtuali 2014-11-11 10:23 - 2014-11-11 10:23 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FsDreamTeam 2014-11-11 10:22 - 2014-11-11 10:33 - 00000000 ___DC () C:\ProgramData\Virtuali 2014-11-11 10:22 - 2014-11-11 10:22 - 00000000 ___DC () C:\ProgramData\Esellerate 2014-11-10 19:03 - 2014-11-12 13:43 - 00009749 ____C () C:\AEMODULE.LOG 2014-11-10 18:53 - 2014-11-10 18:53 - 00000000 ___DC () C:\Users\Danny\AppData\Local\World_of_AI 2014-11-10 18:41 - 2014-11-10 18:41 - 00000000 ___DC () C:\Users\Danny\AppData\Local\Flight1 Software 2014-11-10 18:37 - 2014-11-10 18:37 - 00000000 ___DC () C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flight One Software 2014-11-10 18:34 - 2014-11-10 18:34 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shockwave 3D Lights Redux 2014-11-10 18:34 - 2014-11-10 18:34 - 00000000 ___DC () C:\Program Files (x86)\Shockwave 3D Lights Redux 2014-11-10 17:22 - 2014-11-10 17:27 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REX Essential 2014-11-10 16:30 - 2014-11-10 18:37 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flight One Software 2014-11-10 14:55 - 2014-11-10 15:45 - 00000000 ___DC () C:\Program Files (x86)\DX10SceneryFixer 2014-11-10 14:55 - 2014-11-10 14:56 - 00000000 ___DC () C:\Users\Public\Documents\DX10SceneryFixer 2014-11-10 14:55 - 2014-11-10 14:55 - 00000000 ___DC () C:\Users\Danny\AppData\Local\DX10SceneryFixer 2014-11-10 14:55 - 2014-11-10 14:55 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteveFX 2014-11-10 14:55 - 2014-11-10 14:55 - 00000000 ___DC () C:\ProgramData\DX10SceneryFixer 2014-11-10 14:54 - 2014-11-10 14:54 - 00000000 ___DC () C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlyTampa 2014-11-10 14:13 - 2014-11-10 14:13 - 00000000 ___DC () C:\ProgramData\FLEXnet 2014-11-10 14:08 - 2014-11-10 14:08 - 00000000 ___DC () C:\Users\Danny\Documents\Flight Simulator X Files 2014-11-10 14:06 - 2014-11-10 14:06 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations 2014-11-10 13:18 - 2014-11-12 13:57 - 00000000 ___DC () C:\Users\Danny\Documents\Flight Simulator X-Dateien 2014-11-10 11:53 - 2014-11-10 11:53 - 00000000 ___DC () C:\Windows\PCHEALTH ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-05 14:01 - 2009-07-14 05:45 - 00023408 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-05 14:01 - 2009-07-14 05:45 - 00023408 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-05 13:58 - 2013-11-29 19:02 - 00712410 ____C () C:\Windows\system32\perfh007.dat 2014-12-05 13:58 - 2013-11-29 19:02 - 00155566 ____C () C:\Windows\system32\perfc007.dat 2014-12-05 13:58 - 2009-07-14 06:13 - 01661812 ____C () C:\Windows\system32\PerfStringBackup.INI 2014-12-05 13:54 - 2009-07-14 06:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT 2014-12-05 13:15 - 2013-12-24 18:11 - 00000884 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-05 13:13 - 2009-07-14 03:34 - 00000215 ____C () C:\Windows\system.ini 2014-12-05 13:12 - 2013-12-24 17:33 - 00000000 ___DC () C:\ProgramData\TEMP 2014-12-04 22:50 - 2013-12-02 19:29 - 00000073 ____C () C:\Users\Danny\AppData\Local\X-Plane_drm.prf 2014-12-04 19:35 - 2014-08-01 10:56 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-12-04 19:35 - 2013-11-29 20:51 - 00000000 ___DC () C:\Users\Danny\AppData\Roaming\Wise Care 365 2014-12-04 18:21 - 2014-11-04 16:20 - 00000000 ___DC () C:\ProgramData\NVIDIA 2014-12-04 18:21 - 2014-09-20 10:51 - 00000000 ___DC () C:\Temp 2014-12-04 18:20 - 2013-12-02 19:27 - 00000080 ____C () C:\Users\Danny\AppData\Local\X-Plane Installer.prf 2014-12-04 12:21 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-12-04 12:06 - 2014-06-04 17:10 - 00000000 ___DC () C:\Program Files (x86)\Java 2014-12-04 12:06 - 2013-11-29 20:58 - 00000000 ___DC () C:\ProgramData\Oracle 2014-12-04 12:05 - 2014-08-01 10:56 - 00098216 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-12-04 11:52 - 2013-11-29 17:26 - 00000000 ___DC () C:\Users\Danny 2014-12-03 11:24 - 2014-09-13 15:08 - 00003822 ____C () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-03 11:24 - 2013-11-29 20:58 - 00701104 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-03 11:24 - 2013-11-29 20:58 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-30 19:36 - 2013-12-02 18:23 - 00000072 ____C () C:\Users\Public\LMDebug.log 2014-11-24 19:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-11-19 19:59 - 2013-11-29 17:54 - 00088208 ____C () C:\Users\Danny\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-19 19:59 - 2009-07-14 05:45 - 00393072 ____C () C:\Windows\system32\FNTCACHE.DAT 2014-11-19 19:58 - 2014-05-30 10:10 - 00000000 __SDC () C:\Windows\system32\CompatTel 2014-11-15 19:59 - 2013-11-29 20:47 - 00000000 ___DC () C:\ProgramData\Microsoft Help 2014-11-15 19:58 - 2013-11-29 20:18 - 00000000 ___DC () C:\Windows\system32\MRT 2014-11-15 19:56 - 2013-11-29 20:18 - 103374192 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-13 01:20 - 2014-11-04 16:19 - 20986592 ____C (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2014-11-13 01:20 - 2014-11-04 16:19 - 18514616 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-11-13 01:20 - 2014-11-04 16:19 - 03262784 ____C (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2014-11-13 01:20 - 2014-11-04 16:19 - 00989056 ____C (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2014-11-13 01:20 - 2014-11-04 16:19 - 00027094 ____C () C:\Windows\system32\nvinfo.pb 2014-11-12 22:56 - 2014-11-04 16:20 - 06897352 ____C (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2014-11-12 22:56 - 2014-11-04 16:20 - 03534152 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2014-11-12 22:56 - 2014-11-04 16:20 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2014-11-12 22:56 - 2014-11-04 16:20 - 00934032 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2014-11-12 22:56 - 2014-11-04 16:20 - 00386368 ____C (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2014-11-12 22:56 - 2014-11-04 16:20 - 00062608 ____C (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2014-11-12 17:00 - 2014-09-03 16:39 - 00000322 ____C () C:\Windows\Tasks\Wise Turbo Checker.job 2014-11-12 13:24 - 2014-01-10 18:06 - 00000000 ___DC () C:\Users\Danny\AppData\Local\CrashDumps 2014-11-12 12:57 - 2013-12-11 19:38 - 00000261 ____C () C:\Users\Danny\AppData\Roaming\OpenSceneryX Installationsprogramm.plist 2014-11-11 14:40 - 2013-11-29 20:15 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-11 12:56 - 2013-12-08 18:43 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aerosoft 2014-11-11 12:56 - 2013-11-29 17:51 - 00000000 __HDC () C:\Program Files (x86)\InstallShield Installation Information 2014-11-11 12:04 - 2009-07-14 04:20 - 00000000 ___DC () C:\Windows\Help 2014-11-11 12:03 - 2014-11-04 16:18 - 00000000 ___DC () C:\Program Files\NVIDIA Corporation 2014-11-11 11:29 - 2014-11-04 16:20 - 04100776 ____C () C:\Windows\system32\nvcoproc.bin 2014-11-10 18:47 - 2013-12-06 14:27 - 00002048 ____C () C:\Windows\f1utii.lic 2014-11-10 18:43 - 2013-11-29 20:21 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thrustmaster HOTAS Cougar 2014-11-10 16:06 - 2013-12-26 18:23 - 00000000 __HDC () C:\Program Files (x86)\Temp 2014-11-10 16:03 - 2009-07-14 08:46 - 00000000 ___DC () C:\Windows\ShellNew 2014-11-10 16:03 - 2009-07-14 06:32 - 00000000 __RDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-11-10 16:03 - 2009-07-14 06:32 - 00000000 ___DC () C:\Program Files\DVD Maker 2014-11-10 16:03 - 2009-07-14 04:20 - 00000000 __RDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-11-10 16:03 - 2009-07-14 04:20 - 00000000 ___DC () C:\Windows\PolicyDefinitions 2014-11-10 14:54 - 2014-10-22 17:29 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlyTampa 2014-11-10 14:07 - 2013-12-02 17:46 - 00000000 ___DC () C:\Windows\SysWOW64\directx 2014-11-08 13:56 - 2013-12-03 21:45 - 00000000 ___DC () C:\Users\Danny\AppData\Roaming\vlc 2014-11-07 16:16 - 2013-12-11 17:13 - 00002389 ____C () C:\Users\Danny\AppData\Roaming\WED.prefs Some content of TEMP: ==================== C:\Users\Danny\AppData\Local\Temp\Quarantine.exe C:\Users\Danny\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-30 19:55 ==================== End Of Log ============================ |
05.12.2014, 15:12 | #2 |
/// the machine /// TB-Ausbilder | Anti Spyware+ Antivirus ohne funktion, PC langsam, "Setting.DisableTaskMgr", "Setting.DisableRegistryTools" hi,
__________________Scan mit Combofix
__________________ |
05.12.2014, 15:44 | #3 |
| Anti Spyware+ Antivirus ohne funktion, PC langsam, "Setting.DisableTaskMgr", "Setting.DisableRegistryTools" Hallo,
__________________vielen Dank für deine Hilfe. Nach dem Combofix musste ich per Reset-Knopf neu starten da ich einen leeren Desktop vor mir hatte. Anbei das Log: Code:
ATTFilter ComboFix 14-12-04.01 - Danny 05.12.2014 15:37:23.1.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1033.18.8081.6415 [GMT 1:00] ausgeführt von:: c:\users\Danny\Desktop\ComboFix.exe AV: Panda Free Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C} FW: Panda Firewall *Enabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117} SP: Panda Free Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((( Dateien erstellt von 2014-11-05 bis 2014-12-05 )))))))))))))))))))))))))))))) . . 2014-12-05 14:39 . 2014-12-05 14:39 -------- dc----w- c:\users\Public\AppData\Local\temp 2014-12-05 14:39 . 2014-12-05 14:39 -------- dc----w- c:\users\Default\AppData\Local\temp 2014-12-05 13:07 . 2014-12-05 13:08 -------- dc----w- C:\FRST 2014-12-05 12:53 . 2014-12-05 12:53 -------- dcsh--w- c:\users\Danny\AppData\Local\EmieBrowserModeList 2014-12-05 12:46 . 2014-11-02 04:20 11632448 -c--a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B92278A-3B8C-4E32-953F-BA03C717E164}\mpengine.dll 2014-12-05 12:21 . 2014-12-05 13:02 -------- dc----w- C:\EEK 2014-12-05 11:05 . 2014-12-05 11:05 -------- dc----w- c:\program files (x86)\ Malwarebytes Anti-Malware 2014-12-05 11:01 . 2014-12-05 12:53 129752 -c--a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-12-05 11:00 . 2014-12-05 11:00 -------- dc----w- c:\programdata\Malwarebytes 2014-12-05 11:00 . 2014-10-01 10:11 63704 -c--a-w- c:\windows\system32\drivers\mwac.sys 2014-12-05 11:00 . 2014-10-01 10:11 93400 -c--a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-12-05 11:00 . 2014-10-01 10:11 25816 -c--a-w- c:\windows\system32\drivers\mbam.sys 2014-12-04 11:06 . 2014-12-04 11:06 -------- dc----w- c:\program files (x86)\Common Files\Java 2014-12-04 11:02 . 2014-12-04 11:20 -------- dc----w- c:\users\Danny\AppData\Roaming\DiskSpaceFan 2014-11-19 19:18 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll 2014-11-19 19:18 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll 2014-11-19 19:18 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll 2014-11-19 19:18 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll 2014-11-15 18:42 . 2014-08-21 06:43 1882624 ----a-w- c:\windows\system32\msxml3.dll 2014-11-12 11:53 . 2014-11-12 11:53 -------- dc----w- c:\users\Danny\AppData\Local\Froom 2014-11-11 11:03 . 2014-11-04 00:04 1876296 -c--a-w- c:\windows\system32\nvdispco6434465.dll 2014-11-11 11:03 . 2014-11-04 00:04 1539272 -c--a-w- c:\windows\system32\nvdispgenco6434465.dll 2014-11-11 09:32 . 2014-11-11 09:32 -------- dc----w- c:\programdata\Licenses 2014-11-11 09:23 . 2014-11-11 09:35 -------- dc----w- c:\users\Danny\AppData\Roaming\Virtuali 2014-11-11 09:22 . 2014-11-11 09:22 -------- dc----w- c:\programdata\Esellerate 2014-11-11 09:22 . 2014-11-11 09:33 -------- dc----w- c:\programdata\Virtuali 2014-11-10 17:53 . 2014-11-10 17:53 -------- dc----w- c:\users\Danny\AppData\Local\World_of_AI 2014-11-10 17:41 . 2014-11-10 17:41 -------- dc----w- c:\users\Danny\AppData\Local\Flight1 Software 2014-11-10 17:34 . 2014-11-10 17:34 -------- dc----w- c:\program files (x86)\Shockwave 3D Lights Redux 2014-11-10 13:55 . 2014-11-10 14:45 -------- dc----w- c:\program files (x86)\DX10SceneryFixer 2014-11-10 13:55 . 2014-11-10 13:55 -------- dc----w- c:\users\Danny\AppData\Local\DX10SceneryFixer 2014-11-10 13:55 . 2014-11-10 13:55 -------- dc----w- c:\programdata\DX10SceneryFixer 2014-11-10 13:13 . 2014-11-10 13:13 -------- dc----w- c:\programdata\FLEXnet 2014-11-10 11:50 . 2014-11-10 11:50 -------- dc----w- c:\program files (x86)\Common Files\Microsoft Games 2014-11-10 10:53 . 2014-11-10 10:53 -------- dc----w- c:\windows\PCHEALTH . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-12-04 11:05 . 2014-08-01 09:56 98216 -c--a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-12-03 10:24 . 2013-11-29 19:58 71344 -c--a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-12-03 10:24 . 2013-11-29 19:58 701104 -c--a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-11-15 18:56 . 2013-11-29 19:18 103374192 -c--a-w- c:\windows\system32\MRT.exe 2014-11-13 00:20 . 2014-11-04 15:19 989056 -c--a-w- c:\windows\system32\nvumdshimx.dll 2014-11-13 00:20 . 2014-11-04 15:19 3262784 -c--a-w- c:\windows\system32\nvapi64.dll 2014-11-13 00:20 . 2014-11-04 15:19 20986592 -c--a-w- c:\windows\system32\nvwgf2umx.dll 2014-11-13 00:20 . 2014-11-04 15:19 18514616 -c--a-w- c:\windows\SysWow64\nvwgf2um.dll 2014-11-12 21:56 . 2014-11-04 15:20 6897352 -c--a-w- c:\windows\system32\nvcpl.dll 2014-11-12 21:56 . 2014-11-04 15:20 3534152 ----a-w- c:\windows\system32\nvsvc64.dll 2014-11-12 21:56 . 2014-11-04 15:20 934032 ----a-w- c:\windows\system32\nvvsvc.exe 2014-11-12 21:56 . 2014-11-04 15:20 62608 -c--a-w- c:\windows\system32\nvshext.dll 2014-11-12 21:56 . 2014-11-04 15:20 386368 -c--a-w- c:\windows\system32\nvmctray.dll 2014-11-12 21:56 . 2014-11-04 15:20 2559808 ----a-w- c:\windows\system32\nvsvcr.dll 2014-11-11 10:29 . 2014-11-04 15:20 4100776 -c--a-w- c:\windows\system32\nvcoproc.bin 2014-11-04 13:30 . 2013-11-29 18:19 275080 -c----w- c:\windows\system32\MpSigStub.exe 2014-10-08 20:02 . 2014-10-08 20:03 244416 -c--a-w- c:\windows\system32\msflxgrd.ocx 2014-10-08 20:01 . 2014-10-08 20:03 108336 -c--a-w- c:\windows\system32\MSWINSCK.OCX 2014-10-08 20:01 . 2014-10-08 20:03 619008 -c--a-w- c:\windows\system32\dx7vb.dll 2014-09-25 02:08 . 2014-10-01 14:44 371712 ----a-w- c:\windows\system32\qdvd.dll 2014-09-25 01:40 . 2014-10-01 14:44 519680 ----a-w- c:\windows\SysWow64\qdvd.dll 2014-09-17 04:51 . 2014-09-19 16:54 31520 -c--a-w- c:\windows\system32\nvhdap64.dll 2014-09-17 04:51 . 2014-09-19 16:54 197408 -c--a-w- c:\windows\system32\drivers\nvhda64v.sys 2014-09-17 04:51 . 2014-01-07 20:01 1538880 -c--a-w- c:\windows\system32\nvhdagenco6420103.dll 2014-09-13 23:48 . 2014-09-19 16:54 1876296 -c--a-w- c:\windows\system32\nvdispco6434411.dll 2014-09-13 23:48 . 2014-09-19 16:54 1539272 -c--a-w- c:\windows\system32\nvdispgenco6434411.dll 2014-09-09 22:11 . 2014-09-26 10:58 2048 ----a-w- c:\windows\system32\tzres.dll 2014-09-09 21:47 . 2014-09-26 10:58 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-07-18 292088] "PSUAMain"="d:\panda security\Panda Security Protection\PSUAMain.exe" [2014-07-24 37624] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 NanoServiceMain;Panda Free Antivirus Service;d:\panda security\Panda Security Protection\PSANHost.exe;d:\panda security\Panda Security Protection\PSANHost.exe [x] R2 PandaAgent;Panda Devices Agent;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [x] R2 PSUAService;Panda Product Service;d:\panda security\Panda Security Protection\PSUAService.exe;d:\panda security\Panda Security Protection\PSUAService.exe [x] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] R3 cleanhlp;cleanhlp;c:\eek\bin\cleanhlp64.sys;c:\eek\bin\cleanhlp64.sys [x] R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x] R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x] R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x] R3 iumsvc;Intel(R) Update Manager;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [x] R3 JNPRNA;Juniper Network Agent Miniport;c:\windows\system32\DRIVERS\jnprna6.sys;c:\windows\SYSNATIVE\DRIVERS\jnprna6.sys [x] R3 jnprva;Juniper Networks Virtual Adapter Service;c:\windows\system32\DRIVERS\jnprva.sys;c:\windows\SYSNATIVE\DRIVERS\jnprva.sys [x] R3 JuniperAccessService;Juniper Unified Network Service;c:\program files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe;c:\program files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe [x] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;tsusbhub [x] R4 jnprTdi_804_47117;Juniper Networks TDI Filter Driver (jnprTdi_804_47117);c:\windows\system32\Drivers\jnprTdi_804_47117.sys;c:\windows\SYSNATIVE\Drivers\jnprTdi_804_47117.sys [x] S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x] S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x] S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys;c:\windows\SYSNATIVE\DRIVERS\anodlwfx.sys [x] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x] S1 jnprns;Juniper Network Service;c:\windows\system32\DRIVERS\jnprns.sys;c:\windows\SYSNATIVE\DRIVERS\jnprns.sys [x] S1 NNSALPC;NNSAlpc;c:\windows\system32\DRIVERS\NNSAlpc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSAlpc.sys [x] S1 NNSHTTP;NNSHttp;c:\windows\system32\DRIVERS\NNSHttp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttp.sys [x] S1 NNSHTTPS;NNSHttps;c:\windows\system32\DRIVERS\NNSHttps.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttps.sys [x] S1 NNSIDS;NNSids;c:\windows\system32\DRIVERS\NNSIds.sys;c:\windows\SYSNATIVE\DRIVERS\NNSIds.sys [x] S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys;c:\windows\SYSNATIVE\DRIVERS\NNSNAHSL.sys [x] S1 NNSPICC;NNSPicc;c:\windows\system32\DRIVERS\NNSPicc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPicc.sys [x] S1 NNSPIHSW;NNSPihsw;c:\windows\system32\DRIVERS\NNSPihsw.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPihsw.sys [x] S1 NNSPOP3;NNSPop3;c:\windows\system32\DRIVERS\NNSPop3.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPop3.sys [x] S1 NNSPROT;NNSProt;c:\windows\system32\DRIVERS\NNSProt.sys;c:\windows\SYSNATIVE\DRIVERS\NNSProt.sys [x] S1 NNSPRV;NNSPrv;c:\windows\system32\DRIVERS\NNSPrv.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPrv.sys [x] S1 NNSSMTP;NNSSmtp;c:\windows\system32\DRIVERS\NNSSmtp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSSmtp.sys [x] S1 NNSSTRM;NNSStrm;c:\windows\system32\DRIVERS\NNSStrm.sys;c:\windows\SYSNATIVE\DRIVERS\NNSStrm.sys [x] S1 NNSTLSC;NNSTlsc;c:\windows\system32\DRIVERS\NNSTlsc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSTlsc.sys [x] S1 PSINKNC;PSINKnc;c:\windows\system32\DRIVERS\psinknc.sys;c:\windows\SYSNATIVE\DRIVERS\psinknc.sys [x] S2 D-Link Wireless N DWA-140_WPS;D-Link Wireless N DWA-140_WPS Service;c:\program files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe;c:\program files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINAflt.sys [x] S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys;c:\windows\SYSNATIVE\DRIVERS\PSINFile.sys [x] S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProc.sys [x] S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProt.sys [x] S2 PSINReg;PSINReg;c:\windows\system32\DRIVERS\PSINReg.sys;c:\windows\SYSNATIVE\DRIVERS\PSINReg.sys [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x] S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x] S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;c:\windows\system32\DRIVERS\jnprvamgr.sys;c:\windows\SYSNATIVE\DRIVERS\jnprvamgr.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 STTub203;Thrustmaster HOTAS USB Bulk In;c:\windows\system32\Drivers\STTub203.sys;c:\windows\SYSNATIVE\Drivers\STTub203.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *Deregistered* - PSKMAD . Inhalt des "geplante Tasks" Ordners . 2014-12-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-29 10:24] . 2014-11-12 c:\windows\Tasks\Wise Turbo Checker.job - d:\wise\Wise Care 365\WiseTurbo.exe [2013-11-29 15:40] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-15 391152] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-15 771056] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: Nach Microsoft E&xcel exportieren - d:\micros~1\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.178.1 TCP: Interfaces\{4BE48BA1-BD85-438A-8C34-904AEFF55E29}: NameServer = 172.28.64.1,172.28.64.2 FF - ProfilePath - c:\users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\6l2p3kmq.default\ FF - prefs.js: browser.startup.homepage - about:home . - - - - Entfernte verwaiste Registrierungseinträge - - - - . SafeBoot-CleanHlp SafeBoot-CleanHlp.sys ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) AddRemove-DX10SceneryFixer - i:\microsoft games\DX10SceneryFixer\Uninstall.exe AddRemove-FSDreamTeam GSX FSX_is1 - i:\microsoft games\Microsoft Flight Simulator X\unins000.exe AddRemove-Ground Environment X Europe - i:\microsoft games\UninstalEurope.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.14" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2014-12-05 15:40:20 ComboFix-quarantined-files.txt 2014-12-05 14:40 . Vor Suchlauf: 12 Verzeichnis(se), 13.712.625.664 Bytes frei Nach Suchlauf: 13 Verzeichnis(se), 13.565.988.864 Bytes frei . - - End Of File - - 92BDA024063F9BF165D03EDA8CA10027 A36C5E4F47E84449FF07ED3517B43A31 |
06.12.2014, 15:47 | #4 |
/// the machine /// TB-Ausbilder | Anti Spyware+ Antivirus ohne funktion, PC langsam, "Setting.DisableTaskMgr", "Setting.DisableRegistryTools" Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
06.12.2014, 16:56 | #5 |
| Anti Spyware+ Antivirus ohne funktion, PC langsam, "Setting.DisableTaskMgr", "Setting.DisableRegistryTools" MBAM verharrt nach wie vor Regungs- und Funktionslos im Tray neben der Uhr, ein klick darauf bewirkt leider nichts. Der rest lief soweit Problemlos. Code:
ATTFilter # AdwCleaner v4.104 - Report created 06/12/2014 at 16:47:45 # Updated 05/12/2014 by Xplode # Database : 2014-12-03.1 [Live] # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits) # Username : Danny - DANNY-PC # Running from : C:\Users\Danny\Downloads\AdwCleaner_4.104.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17420 -\\ Mozilla Firefox v33.1 (x86 de) ************************* AdwCleaner[R0].txt - [751 octets] - [06/12/2014 16:46:57] AdwCleaner[S0].txt - [673 octets] - [06/12/2014 16:47:45] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [732 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.0 (11.29.2014:1) OS: Windows 7 Ultimate x64 Ran by Danny on 06.12.2014 at 16:49:43,14 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 06.12.2014 at 16:51:00,08 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-12-2014 Ran by Danny (administrator) on DANNY-PC on 06-12-2014 16:52:25 Running from C:\Users\Danny\Downloads Loaded Profile: Danny (Available profiles: Danny) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Englisch (USA) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Panda Security, S.L.) D:\Panda Security\Panda Security Protection\PSANHost.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe (Panda Security, S.L.) D:\Panda Security\Panda Security Protection\PSUAService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Panda Security, S.L.) D:\Panda Security\Panda Security Protection\PSUAMain.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Mozilla Corporation) D:\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-07-18] (Intel Corporation) HKLM-x32\...\Run: [PSUAMain] => D:\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-07-24] (Panda Security, S.L.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1203117988-4294000735-3354723111-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1203117988-4294000735-3354723111-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1203117988-4294000735-3354723111-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{4BE48BA1-BD85-438A-8C34-904AEFF55E29}: [NameServer] 172.28.64.1,172.28.64.2 FireFox: ======== FF ProfilePath: C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\6l2p3kmq.default FF SearchEngineOrder.1: SuchMaschine FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> D:\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.1.1 -> d:\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> d:\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 -> d:\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> d:\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.) FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> D:\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-1203117988-4294000735-3354723111-1000: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> D:\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.) FF SearchPlugin: C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\6l2p3kmq.default\searchplugins\search_engine.xml FF Extension: FireShot - C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\6l2p3kmq.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-11-08] FF Extension: DownloadHelper - C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\6l2p3kmq.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06] FF StartMenuInternet: FIREFOX.EXE - D:\Mozilla Firefox\firefox.exe Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 D-Link Wireless N DWA-140_WPS; C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe [53248 2010-06-03] () [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) R2 NanoServiceMain; D:\Panda Security\Panda Security Protection\PSANHost.exe [141560 2014-07-24] (Panda Security, S.L.) R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [61688 2014-07-23] (Panda Security, S.L.) S3 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-07-01] () R2 PSUAService; D:\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-07-24] (Panda Security, S.L.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] () S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96256 2013-07-05] (Advanced Micro Devices) [File not signed] S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-12-05] (Emsisoft GmbH) S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation) R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] () R1 jnprns; C:\Windows\System32\DRIVERS\jnprns.sys [506160 2014-04-04] (Juniper Networks) S4 jnprTdi_804_47117; C:\Windows\system32\Drivers\jnprTdi_804_47117.sys [108344 2014-06-06] (Juniper Networks, Inc.) S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [30072 2013-10-12] (Juniper Networks, Inc.) R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [45352 2013-10-12] (Juniper Networks, Inc.) S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-06] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.) R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.) R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.) R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.) R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.) R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.) R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.) R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.) R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.) R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.) R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.) R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.) R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation) R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [160800 2014-07-24] (Panda Security, S.L.) R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [120352 2014-07-24] (Panda Security, S.L.) R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.) R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.) R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.) R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [106016 2014-07-24] (Panda Security, S.L.) U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.) R3 STTub203; C:\Windows\System32\Drivers\STTub203.sys [33280 2007-05-02] () S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X] S3 FreshIO; \??\D:\FreshDevices\FreshDiagnose\FreshIO.sys [X] S3 JNPRNA; system32\DRIVERS\jnprna6.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-06 16:52 - 2014-12-06 16:52 - 00000000 ___DC () C:\Users\Danny\Downloads\FRST-OlderVersion 2014-12-06 16:51 - 2014-12-06 16:51 - 00000621 ____C () C:\Users\Danny\Downloads\JRT.txt 2014-12-06 16:51 - 2014-12-06 16:51 - 00000621 ____C () C:\Users\Danny\Desktop\JRT.txt 2014-12-06 16:49 - 2014-03-25 14:15 - 00060400 ____C (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys 2014-12-06 16:46 - 2014-12-06 16:47 - 00000000 ___DC () C:\AdwCleaner 2014-12-06 16:46 - 2014-12-06 16:46 - 00000055 ____C () C:\AdwCleanerDebug.txt 2014-12-06 16:45 - 2014-12-06 16:45 - 00001115 ____C () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-06 16:44 - 2014-12-06 16:44 - 20447072 ____C (Malwarebytes Corporation ) C:\Users\Danny\Downloads\mbam-setup-2.0.4.1028(1).exe 2014-12-06 16:44 - 2014-12-06 16:44 - 02153472 ____C () C:\Users\Danny\Downloads\AdwCleaner_4.104.exe 2014-12-06 16:44 - 2014-12-06 16:44 - 01707646 ____C (Thisisu) C:\Users\Danny\Downloads\JRT.exe 2014-12-05 15:40 - 2014-12-05 15:40 - 00023262 ____C () C:\ComboFix.txt 2014-12-05 15:36 - 2011-06-26 07:45 - 00256000 ____C () C:\Windows\PEV.exe 2014-12-05 15:36 - 2010-11-07 18:20 - 00208896 ____C () C:\Windows\MBR.exe 2014-12-05 15:36 - 2009-04-20 05:56 - 00060416 ____C (NirSoft) C:\Windows\NIRCMD.exe 2014-12-05 15:36 - 2000-08-31 01:00 - 00518144 ____C (SteelWerX) C:\Windows\SWREG.exe 2014-12-05 15:36 - 2000-08-31 01:00 - 00406528 ____C (SteelWerX) C:\Windows\SWSC.exe 2014-12-05 15:36 - 2000-08-31 01:00 - 00098816 ____C () C:\Windows\sed.exe 2014-12-05 15:36 - 2000-08-31 01:00 - 00080412 ____C () C:\Windows\grep.exe 2014-12-05 15:36 - 2000-08-31 01:00 - 00068096 ____C () C:\Windows\zip.exe 2014-12-05 15:35 - 2014-12-05 15:40 - 00000000 ___DC () C:\Qoobox 2014-12-05 15:34 - 2014-12-05 15:34 - 05600479 ___RC (Swearware) C:\Users\Danny\Desktop\ComboFix.exe 2014-12-05 14:07 - 2014-12-06 16:52 - 02118144 ____C (Farbar) C:\Users\Danny\Downloads\FRST64.exe 2014-12-05 14:07 - 2014-12-06 16:52 - 00016411 ____C () C:\Users\Danny\Downloads\FRST.txt 2014-12-05 14:07 - 2014-12-06 16:52 - 00000000 ___DC () C:\FRST 2014-12-05 14:07 - 2014-12-05 14:07 - 00023003 ____C () C:\Users\Danny\Downloads\Addition.txt 2014-12-05 13:53 - 2014-12-05 13:53 - 00000000 _SHDC () C:\Users\Danny\AppData\Local\EmieBrowserModeList 2014-12-05 13:21 - 2014-12-05 14:02 - 00000000 ___DC () C:\EEK 2014-12-05 13:21 - 2014-12-05 13:21 - 00000752 ____C () C:\Users\Danny\Desktop\Start Emsisoft Emergency Kit.lnk 2014-12-05 12:18 - 2014-12-05 12:20 - 164316704 ____C () C:\Users\Danny\Downloads\EmsisoftEmergencyKit.exe 2014-12-05 12:05 - 2014-12-06 16:45 - 00000000 ___DC () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-05 12:01 - 2014-12-06 16:51 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-05 12:01 - 2014-12-06 16:45 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-05 12:00 - 2014-12-05 12:00 - 00000000 ___DC () C:\ProgramData\Malwarebytes 2014-12-05 12:00 - 2014-11-21 06:14 - 00093400 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-05 12:00 - 2014-11-21 06:14 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-05 12:00 - 2014-11-21 06:14 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-04 19:38 - 2014-12-06 16:45 - 00238665 ____C () C:\Windows\WindowsUpdate.log 2014-12-04 19:36 - 2014-12-06 16:49 - 00000840 ____C () C:\Windows\setupact.log 2014-12-04 19:36 - 2014-12-04 19:36 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7 2014-12-04 19:36 - 2014-12-04 19:36 - 00000000 ____C () C:\Windows\setuperr.log 2014-12-04 19:35 - 2014-12-06 16:49 - 00007984 ____C () C:\Windows\PFRO.log 2014-12-04 18:20 - 2014-11-13 01:20 - 31893136 ____C (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 24557712 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 20922512 ____C (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 19966344 ____C (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 17259664 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 16884632 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 14032984 ____C (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 13944952 ____C (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 13213512 ____C (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-12-04 18:20 - 2014-11-13 01:20 - 11397744 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 11336432 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 04292416 ____C (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 04011208 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 02874456 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 01876296 ____C (NVIDIA Corporation) C:\Windows\system32\nvdispco6434475.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 01540424 ____C (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434475.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00964928 ____C (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00935240 ____C (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00923792 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00900928 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00871648 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00500880 ____C (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00418112 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00393024 ____C (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00352016 ____C (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00348304 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00303600 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00174856 ____C (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00156840 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2014-12-04 18:20 - 2014-10-03 20:23 - 00038216 ____C (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-12-04 18:20 - 2014-10-03 20:23 - 00035144 ____C (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2014-12-04 18:20 - 2014-10-03 20:23 - 00032584 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-12-04 12:02 - 2014-12-04 12:20 - 00000000 ___DC () C:\Users\Danny\AppData\Roaming\DiskSpaceFan 2014-12-03 11:28 - 2014-12-03 11:28 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkyMaxx Pro 2014-11-19 20:18 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 20:18 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 20:18 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 20:18 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-15 19:43 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-15 19:43 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-15 19:43 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-15 19:43 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-15 19:43 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-11-15 19:43 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-15 19:43 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-15 19:43 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-15 19:43 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-15 19:43 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-15 19:43 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-15 19:43 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-15 19:43 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-15 19:43 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-15 19:43 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-15 19:43 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-15 19:43 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-15 19:43 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-15 19:43 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-15 19:43 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-15 19:43 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-15 19:43 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-15 19:43 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-15 19:43 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-15 19:43 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-15 19:43 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-15 19:43 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-15 19:43 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-15 19:43 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-15 19:43 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-15 19:43 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-15 19:43 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-15 19:43 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-15 19:43 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-15 19:43 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-15 19:43 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-15 19:43 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-15 19:43 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-15 19:43 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-15 19:43 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-11-15 19:43 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-15 19:43 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-15 19:43 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-15 19:43 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-15 19:43 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-15 19:43 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-15 19:43 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-15 19:43 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-15 19:43 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-15 19:43 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-15 19:43 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-15 19:43 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-15 19:43 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-15 19:43 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-15 19:43 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-15 19:43 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-15 19:43 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-15 19:43 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-15 19:43 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-15 19:43 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-15 19:43 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-15 19:43 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-15 19:43 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-15 19:43 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-15 19:43 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-15 19:43 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-15 19:43 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-15 19:43 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-15 19:42 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-15 19:42 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-15 19:42 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-15 19:42 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-15 19:42 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-15 19:42 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-15 19:42 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-15 19:42 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-15 19:42 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-15 19:42 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-15 19:42 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-15 19:42 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-15 19:42 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-15 19:42 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-15 19:42 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-15 19:42 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-15 19:42 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-15 19:42 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-15 19:42 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-15 19:42 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-15 19:42 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-15 19:42 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-15 19:42 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-15 19:42 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-15 19:42 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-15 19:42 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-15 19:42 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-15 19:42 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-15 19:42 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-15 19:42 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-15 19:42 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-15 19:42 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-15 19:42 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-12 12:53 - 2014-11-12 12:53 - 00000000 ___DC () C:\Users\Danny\AppData\Local\Froom 2014-11-11 20:09 - 2014-12-04 18:28 - 00000000 ___DC () C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\X-Plane Python Interface 2014-11-11 12:03 - 2014-11-04 01:04 - 01876296 ____C (NVIDIA Corporation) C:\Windows\system32\nvdispco6434465.dll 2014-11-11 12:03 - 2014-11-04 01:04 - 01539272 ____C (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434465.dll 2014-11-11 10:32 - 2014-11-11 10:32 - 00000000 ___DC () C:\ProgramData\Licenses 2014-11-11 10:23 - 2014-11-11 10:35 - 00000000 ___DC () C:\Users\Danny\AppData\Roaming\Virtuali 2014-11-11 10:23 - 2014-11-11 10:23 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FsDreamTeam 2014-11-11 10:22 - 2014-11-11 10:33 - 00000000 ___DC () C:\ProgramData\Virtuali 2014-11-11 10:22 - 2014-11-11 10:22 - 00000000 ___DC () C:\ProgramData\Esellerate 2014-11-10 19:03 - 2014-11-12 13:43 - 00009749 ____C () C:\AEMODULE.LOG 2014-11-10 18:53 - 2014-11-10 18:53 - 00000000 ___DC () C:\Users\Danny\AppData\Local\World_of_AI 2014-11-10 18:41 - 2014-11-10 18:41 - 00000000 ___DC () C:\Users\Danny\AppData\Local\Flight1 Software 2014-11-10 18:37 - 2014-11-10 18:37 - 00000000 ___DC () C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flight One Software 2014-11-10 18:34 - 2014-11-10 18:34 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shockwave 3D Lights Redux 2014-11-10 18:34 - 2014-11-10 18:34 - 00000000 ___DC () C:\Program Files (x86)\Shockwave 3D Lights Redux 2014-11-10 17:22 - 2014-11-10 17:27 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REX Essential 2014-11-10 16:30 - 2014-11-10 18:37 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flight One Software 2014-11-10 14:55 - 2014-11-10 15:45 - 00000000 ___DC () C:\Program Files (x86)\DX10SceneryFixer 2014-11-10 14:55 - 2014-11-10 14:56 - 00000000 ___DC () C:\Users\Public\Documents\DX10SceneryFixer 2014-11-10 14:55 - 2014-11-10 14:55 - 00000000 ___DC () C:\Users\Danny\AppData\Local\DX10SceneryFixer 2014-11-10 14:55 - 2014-11-10 14:55 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteveFX 2014-11-10 14:55 - 2014-11-10 14:55 - 00000000 ___DC () C:\ProgramData\DX10SceneryFixer 2014-11-10 14:54 - 2014-11-10 14:54 - 00000000 ___DC () C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlyTampa 2014-11-10 14:13 - 2014-11-10 14:13 - 00000000 ___DC () C:\ProgramData\FLEXnet 2014-11-10 14:08 - 2014-11-10 14:08 - 00000000 ___DC () C:\Users\Danny\Documents\Flight Simulator X Files 2014-11-10 14:06 - 2014-11-10 14:06 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations 2014-11-10 13:18 - 2014-11-12 13:57 - 00000000 ___DC () C:\Users\Danny\Documents\Flight Simulator X-Dateien ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-06 16:49 - 2009-07-14 06:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT 2014-12-06 16:48 - 2009-07-14 05:45 - 00023408 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-06 16:48 - 2009-07-14 05:45 - 00023408 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-06 16:46 - 2013-11-29 19:02 - 00712410 ____C () C:\Windows\system32\perfh007.dat 2014-12-06 16:46 - 2013-11-29 19:02 - 00155566 ____C () C:\Windows\system32\perfc007.dat 2014-12-06 16:46 - 2009-07-14 06:13 - 01661812 ____C () C:\Windows\system32\PerfStringBackup.INI 2014-12-05 18:15 - 2013-12-24 18:11 - 00000884 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-05 18:07 - 2013-11-29 17:54 - 00086192 ____C () C:\Users\Danny\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-05 18:07 - 2009-07-14 05:45 - 00389952 ____C () C:\Windows\system32\FNTCACHE.DAT 2014-12-05 17:57 - 2013-11-29 20:47 - 00000000 ___DC () C:\ProgramData\Microsoft Help 2014-12-05 17:57 - 2009-07-14 08:46 - 00000000 ___DC () C:\Windows\ShellNew 2014-12-05 17:57 - 2009-07-14 04:20 - 00000000 ___DC () C:\Program Files\Common Files\System 2014-12-05 17:57 - 2009-07-14 04:20 - 00000000 ___DC () C:\Program Files\Common Files\Microsoft Shared 2014-12-05 17:57 - 2009-07-14 03:34 - 00000387 ____C () C:\Windows\win.ini 2014-12-05 15:40 - 2014-01-10 18:06 - 00000000 ___DC () C:\Users\Danny\AppData\Local\CrashDumps 2014-12-05 15:39 - 2009-07-14 03:34 - 00000215 ____C () C:\Windows\system.ini 2014-12-05 13:12 - 2013-12-24 17:33 - 00000000 ___DC () C:\ProgramData\TEMP 2014-12-04 22:50 - 2013-12-02 19:29 - 00000073 ____C () C:\Users\Danny\AppData\Local\X-Plane_drm.prf 2014-12-04 19:35 - 2014-08-01 10:56 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-12-04 19:35 - 2013-11-29 20:51 - 00000000 ___DC () C:\Users\Danny\AppData\Roaming\Wise Care 365 2014-12-04 18:21 - 2014-11-04 16:20 - 00000000 ___DC () C:\ProgramData\NVIDIA 2014-12-04 18:21 - 2014-09-20 10:51 - 00000000 ___DC () C:\Temp 2014-12-04 18:20 - 2013-12-02 19:27 - 00000080 ____C () C:\Users\Danny\AppData\Local\X-Plane Installer.prf 2014-12-04 12:21 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-12-04 12:06 - 2014-06-04 17:10 - 00000000 ___DC () C:\Program Files (x86)\Java 2014-12-04 12:06 - 2013-11-29 20:58 - 00000000 ___DC () C:\ProgramData\Oracle 2014-12-04 12:05 - 2014-08-01 10:56 - 00098216 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-12-04 11:52 - 2013-11-29 17:26 - 00000000 ___DC () C:\Users\Danny 2014-12-03 11:24 - 2014-09-13 15:08 - 00003822 ____C () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-03 11:24 - 2013-11-29 20:58 - 00701104 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-03 11:24 - 2013-11-29 20:58 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-30 19:36 - 2013-12-02 18:23 - 00000072 ____C () C:\Users\Public\LMDebug.log 2014-11-24 19:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-11-19 19:58 - 2014-05-30 10:10 - 00000000 __SDC () C:\Windows\system32\CompatTel 2014-11-15 19:58 - 2013-11-29 20:18 - 00000000 ___DC () C:\Windows\system32\MRT 2014-11-15 19:56 - 2013-11-29 20:18 - 103374192 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-13 01:20 - 2014-11-04 16:19 - 20986592 ____C (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2014-11-13 01:20 - 2014-11-04 16:19 - 18514616 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-11-13 01:20 - 2014-11-04 16:19 - 03262784 ____C (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2014-11-13 01:20 - 2014-11-04 16:19 - 00989056 ____C (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2014-11-13 01:20 - 2014-11-04 16:19 - 00027094 ____C () C:\Windows\system32\nvinfo.pb 2014-11-12 22:56 - 2014-11-04 16:20 - 06897352 ____C (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2014-11-12 22:56 - 2014-11-04 16:20 - 03534152 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2014-11-12 22:56 - 2014-11-04 16:20 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2014-11-12 22:56 - 2014-11-04 16:20 - 00934032 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2014-11-12 22:56 - 2014-11-04 16:20 - 00386368 ____C (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2014-11-12 22:56 - 2014-11-04 16:20 - 00062608 ____C (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2014-11-12 17:00 - 2014-09-03 16:39 - 00000322 ____C () C:\Windows\Tasks\Wise Turbo Checker.job 2014-11-12 12:57 - 2013-12-11 19:38 - 00000261 ____C () C:\Users\Danny\AppData\Roaming\OpenSceneryX Installationsprogramm.plist 2014-11-11 14:40 - 2013-11-29 20:15 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-11 12:56 - 2013-12-08 18:43 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aerosoft 2014-11-11 12:56 - 2013-11-29 17:51 - 00000000 __HDC () C:\Program Files (x86)\InstallShield Installation Information 2014-11-11 12:04 - 2009-07-14 04:20 - 00000000 ___DC () C:\Windows\Help 2014-11-11 12:03 - 2014-11-04 16:18 - 00000000 ___DC () C:\Program Files\NVIDIA Corporation 2014-11-11 11:29 - 2014-11-04 16:20 - 04100776 ____C () C:\Windows\system32\nvcoproc.bin 2014-11-10 18:47 - 2013-12-06 14:27 - 00002048 ____C () C:\Windows\f1utii.lic 2014-11-10 18:43 - 2013-11-29 20:21 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thrustmaster HOTAS Cougar 2014-11-10 16:06 - 2013-12-26 18:23 - 00000000 __HDC () C:\Program Files (x86)\Temp 2014-11-10 16:03 - 2009-07-14 06:32 - 00000000 __RDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-11-10 16:03 - 2009-07-14 06:32 - 00000000 ___DC () C:\Program Files\DVD Maker 2014-11-10 16:03 - 2009-07-14 04:20 - 00000000 __RDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-11-10 16:03 - 2009-07-14 04:20 - 00000000 ___DC () C:\Windows\PolicyDefinitions 2014-11-10 14:54 - 2014-10-22 17:29 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlyTampa 2014-11-10 14:07 - 2013-12-02 17:46 - 00000000 ___DC () C:\Windows\SysWOW64\directx 2014-11-08 13:56 - 2013-12-03 21:45 - 00000000 ___DC () C:\Users\Danny\AppData\Roaming\vlc 2014-11-07 16:16 - 2013-12-11 17:13 - 00002389 ____C () C:\Users\Danny\AppData\Roaming\WED.prefs Some content of TEMP: ==================== C:\Users\Danny\AppData\Local\Temp\Quarantine.exe C:\Users\Danny\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-05 15:06 ==================== End Of Log ============================ --- --- --- |
07.12.2014, 13:48 | #6 |
/// the machine /// TB-Ausbilder | Anti Spyware+ Antivirus ohne funktion, PC langsam, "Setting.DisableTaskMgr", "Setting.DisableRegistryTools" Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] () C:\Windows\System32\DRIVERS\anodlwfx.sys Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Anti Spyware+ Antivirus ohne funktion, PC langsam, "Setting.DisableTaskMgr", "Setting.DisableRegistryTools" |
08.12.2014, 01:48 | #7 |
| Anti Spyware+ Antivirus ohne funktion, PC langsam, "Setting.DisableTaskMgr", "Setting.DisableRegistryTools" Guten Abend Die Probleme sind leider noch zu spüren. Sehr verlangsamtes System, Neustart dauert mehrere Minuten, manche Programme starten gar nicht erst. Der Security Check dauert Scheinbar stunden, weiß nicht ob das normal ist. Er verbleibt ewig beim punkt "Performing System Health Check" Anbei noch die logs die ich bekommen konnte: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-12-2014 01 Ran by Danny at 2014-12-07 14:49:10 Run:1 Running from C:\Users\Danny\Downloads Loaded Profile: Danny (Available profiles: Danny) Boot Mode: Normal ============================================== Content of fixlist: ***************** R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] () C:\Windows\System32\DRIVERS\anodlwfx.sys ***************** anodlwf => Service stopped successfully. anodlwf => Service deleted successfully. C:\Windows\System32\DRIVERS\anodlwfx.sys => Moved successfully. ==== End of Fixlog ==== Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=9d3a5f6c16220b4486dec9fbddc70c6f # engine=21440 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-12-07 03:35:23 # local_time=2014-12-07 04:35:23 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Panda Cloud Antivirus' # compatibility_mode=1552 16777214 75 93 8211346 204162497 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 182920 169596373 0 0 # scanned=316757 # found=2 # cleaned=0 # scan_time=6157 sh=39124F7BD6F91DA2179011F51AF1B068D6FEE8A9 ft=1 fh=c719b2fe67e3bb02 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="D:\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe" sh=8F0A8A7C00BAA6171B058133B39D58FB6FEBFB76 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="Y:\Dateien\Programme\Ashampoo Burning Studio 2012 v10.0.15.rar" FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-12-2014 Ran by Danny (administrator) on DANNY-PC on 06-12-2014 16:52:25 Running from C:\Users\Danny\Downloads Loaded Profile: Danny (Available profiles: Danny) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Englisch (USA) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Panda Security, S.L.) D:\Panda Security\Panda Security Protection\PSANHost.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe (Panda Security, S.L.) D:\Panda Security\Panda Security Protection\PSUAService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Panda Security, S.L.) D:\Panda Security\Panda Security Protection\PSUAMain.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Mozilla Corporation) D:\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-07-18] (Intel Corporation) HKLM-x32\...\Run: [PSUAMain] => D:\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-07-24] (Panda Security, S.L.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1203117988-4294000735-3354723111-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1203117988-4294000735-3354723111-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1203117988-4294000735-3354723111-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{4BE48BA1-BD85-438A-8C34-904AEFF55E29}: [NameServer] 172.28.64.1,172.28.64.2 FireFox: ======== FF ProfilePath: C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\6l2p3kmq.default FF SearchEngineOrder.1: SuchMaschine FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> D:\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.1.1 -> d:\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> d:\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 -> d:\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> d:\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.) FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> D:\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-1203117988-4294000735-3354723111-1000: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> D:\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.) FF SearchPlugin: C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\6l2p3kmq.default\searchplugins\search_engine.xml FF Extension: FireShot - C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\6l2p3kmq.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-11-08] FF Extension: DownloadHelper - C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\6l2p3kmq.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06] FF StartMenuInternet: FIREFOX.EXE - D:\Mozilla Firefox\firefox.exe Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 D-Link Wireless N DWA-140_WPS; C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe [53248 2010-06-03] () [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) R2 NanoServiceMain; D:\Panda Security\Panda Security Protection\PSANHost.exe [141560 2014-07-24] (Panda Security, S.L.) R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [61688 2014-07-23] (Panda Security, S.L.) S3 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-07-01] () R2 PSUAService; D:\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-07-24] (Panda Security, S.L.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] () S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96256 2013-07-05] (Advanced Micro Devices) [File not signed] S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-12-05] (Emsisoft GmbH) S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation) R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] () R1 jnprns; C:\Windows\System32\DRIVERS\jnprns.sys [506160 2014-04-04] (Juniper Networks) S4 jnprTdi_804_47117; C:\Windows\system32\Drivers\jnprTdi_804_47117.sys [108344 2014-06-06] (Juniper Networks, Inc.) S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [30072 2013-10-12] (Juniper Networks, Inc.) R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [45352 2013-10-12] (Juniper Networks, Inc.) S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-06] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.) R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.) R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.) R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.) R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.) R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.) R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.) R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.) R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.) R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.) R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.) R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.) R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation) R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [160800 2014-07-24] (Panda Security, S.L.) R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [120352 2014-07-24] (Panda Security, S.L.) R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.) R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.) R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.) R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [106016 2014-07-24] (Panda Security, S.L.) U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.) R3 STTub203; C:\Windows\System32\Drivers\STTub203.sys [33280 2007-05-02] () S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X] S3 FreshIO; \??\D:\FreshDevices\FreshDiagnose\FreshIO.sys [X] S3 JNPRNA; system32\DRIVERS\jnprna6.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-06 16:52 - 2014-12-06 16:52 - 00000000 ___DC () C:\Users\Danny\Downloads\FRST-OlderVersion 2014-12-06 16:51 - 2014-12-06 16:51 - 00000621 ____C () C:\Users\Danny\Downloads\JRT.txt 2014-12-06 16:51 - 2014-12-06 16:51 - 00000621 ____C () C:\Users\Danny\Desktop\JRT.txt 2014-12-06 16:49 - 2014-03-25 14:15 - 00060400 ____C (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys 2014-12-06 16:46 - 2014-12-06 16:47 - 00000000 ___DC () C:\AdwCleaner 2014-12-06 16:46 - 2014-12-06 16:46 - 00000055 ____C () C:\AdwCleanerDebug.txt 2014-12-06 16:45 - 2014-12-06 16:45 - 00001115 ____C () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-06 16:44 - 2014-12-06 16:44 - 20447072 ____C (Malwarebytes Corporation ) C:\Users\Danny\Downloads\mbam-setup-2.0.4.1028(1).exe 2014-12-06 16:44 - 2014-12-06 16:44 - 02153472 ____C () C:\Users\Danny\Downloads\AdwCleaner_4.104.exe 2014-12-06 16:44 - 2014-12-06 16:44 - 01707646 ____C (Thisisu) C:\Users\Danny\Downloads\JRT.exe 2014-12-05 15:40 - 2014-12-05 15:40 - 00023262 ____C () C:\ComboFix.txt 2014-12-05 15:36 - 2011-06-26 07:45 - 00256000 ____C () C:\Windows\PEV.exe 2014-12-05 15:36 - 2010-11-07 18:20 - 00208896 ____C () C:\Windows\MBR.exe 2014-12-05 15:36 - 2009-04-20 05:56 - 00060416 ____C (NirSoft) C:\Windows\NIRCMD.exe 2014-12-05 15:36 - 2000-08-31 01:00 - 00518144 ____C (SteelWerX) C:\Windows\SWREG.exe 2014-12-05 15:36 - 2000-08-31 01:00 - 00406528 ____C (SteelWerX) C:\Windows\SWSC.exe 2014-12-05 15:36 - 2000-08-31 01:00 - 00098816 ____C () C:\Windows\sed.exe 2014-12-05 15:36 - 2000-08-31 01:00 - 00080412 ____C () C:\Windows\grep.exe 2014-12-05 15:36 - 2000-08-31 01:00 - 00068096 ____C () C:\Windows\zip.exe 2014-12-05 15:35 - 2014-12-05 15:40 - 00000000 ___DC () C:\Qoobox 2014-12-05 15:34 - 2014-12-05 15:34 - 05600479 ___RC (Swearware) C:\Users\Danny\Desktop\ComboFix.exe 2014-12-05 14:07 - 2014-12-06 16:52 - 02118144 ____C (Farbar) C:\Users\Danny\Downloads\FRST64.exe 2014-12-05 14:07 - 2014-12-06 16:52 - 00016411 ____C () C:\Users\Danny\Downloads\FRST.txt 2014-12-05 14:07 - 2014-12-06 16:52 - 00000000 ___DC () C:\FRST 2014-12-05 14:07 - 2014-12-05 14:07 - 00023003 ____C () C:\Users\Danny\Downloads\Addition.txt 2014-12-05 13:53 - 2014-12-05 13:53 - 00000000 _SHDC () C:\Users\Danny\AppData\Local\EmieBrowserModeList 2014-12-05 13:21 - 2014-12-05 14:02 - 00000000 ___DC () C:\EEK 2014-12-05 13:21 - 2014-12-05 13:21 - 00000752 ____C () C:\Users\Danny\Desktop\Start Emsisoft Emergency Kit.lnk 2014-12-05 12:18 - 2014-12-05 12:20 - 164316704 ____C () C:\Users\Danny\Downloads\EmsisoftEmergencyKit.exe 2014-12-05 12:05 - 2014-12-06 16:45 - 00000000 ___DC () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-05 12:01 - 2014-12-06 16:51 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-05 12:01 - 2014-12-06 16:45 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-05 12:00 - 2014-12-05 12:00 - 00000000 ___DC () C:\ProgramData\Malwarebytes 2014-12-05 12:00 - 2014-11-21 06:14 - 00093400 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-05 12:00 - 2014-11-21 06:14 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-05 12:00 - 2014-11-21 06:14 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-04 19:38 - 2014-12-06 16:45 - 00238665 ____C () C:\Windows\WindowsUpdate.log 2014-12-04 19:36 - 2014-12-06 16:49 - 00000840 ____C () C:\Windows\setupact.log 2014-12-04 19:36 - 2014-12-04 19:36 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7 2014-12-04 19:36 - 2014-12-04 19:36 - 00000000 ____C () C:\Windows\setuperr.log 2014-12-04 19:35 - 2014-12-06 16:49 - 00007984 ____C () C:\Windows\PFRO.log 2014-12-04 18:20 - 2014-11-13 01:20 - 31893136 ____C (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 24557712 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 20922512 ____C (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 19966344 ____C (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 17259664 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 16884632 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 14032984 ____C (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 13944952 ____C (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 13213512 ____C (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-12-04 18:20 - 2014-11-13 01:20 - 11397744 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 11336432 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 04292416 ____C (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 04011208 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 02874456 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 01876296 ____C (NVIDIA Corporation) C:\Windows\system32\nvdispco6434475.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 01540424 ____C (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434475.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00964928 ____C (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00935240 ____C (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00923792 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00900928 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00871648 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00500880 ____C (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00418112 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00393024 ____C (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00352016 ____C (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00348304 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00303600 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00174856 ____C (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2014-12-04 18:20 - 2014-11-13 01:20 - 00156840 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2014-12-04 18:20 - 2014-10-03 20:23 - 00038216 ____C (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-12-04 18:20 - 2014-10-03 20:23 - 00035144 ____C (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2014-12-04 18:20 - 2014-10-03 20:23 - 00032584 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-12-04 12:02 - 2014-12-04 12:20 - 00000000 ___DC () C:\Users\Danny\AppData\Roaming\DiskSpaceFan 2014-12-03 11:28 - 2014-12-03 11:28 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkyMaxx Pro 2014-11-19 20:18 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 20:18 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 20:18 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 20:18 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-15 19:43 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-15 19:43 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-15 19:43 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-15 19:43 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-15 19:43 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-11-15 19:43 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-15 19:43 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-15 19:43 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-15 19:43 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-15 19:43 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-15 19:43 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-15 19:43 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-15 19:43 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-15 19:43 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-15 19:43 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-15 19:43 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-15 19:43 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-15 19:43 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-15 19:43 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-15 19:43 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-15 19:43 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-15 19:43 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-15 19:43 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-15 19:43 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-15 19:43 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-15 19:43 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-15 19:43 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-15 19:43 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-15 19:43 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-15 19:43 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-15 19:43 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-15 19:43 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-15 19:43 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-15 19:43 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-15 19:43 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-15 19:43 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-15 19:43 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-15 19:43 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-15 19:43 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-15 19:43 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-11-15 19:43 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-15 19:43 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-15 19:43 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-15 19:43 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-15 19:43 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-15 19:43 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-15 19:43 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-15 19:43 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-15 19:43 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-15 19:43 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-15 19:43 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-15 19:43 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-15 19:43 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-15 19:43 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-15 19:43 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-15 19:43 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-15 19:43 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-15 19:43 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-15 19:43 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-15 19:43 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-15 19:43 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-15 19:43 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-15 19:43 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-15 19:43 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-15 19:43 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-15 19:43 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-15 19:43 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-15 19:43 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-15 19:42 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-15 19:42 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-15 19:42 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-15 19:42 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-15 19:42 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-15 19:42 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-15 19:42 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-15 19:42 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-15 19:42 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-15 19:42 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-15 19:42 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-15 19:42 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-15 19:42 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-15 19:42 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-15 19:42 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-15 19:42 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-15 19:42 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-15 19:42 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-15 19:42 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-15 19:42 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-15 19:42 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-15 19:42 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-15 19:42 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-15 19:42 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-15 19:42 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-15 19:42 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-15 19:42 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-15 19:42 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-15 19:42 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-15 19:42 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-15 19:42 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-15 19:42 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-15 19:42 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-12 12:53 - 2014-11-12 12:53 - 00000000 ___DC () C:\Users\Danny\AppData\Local\Froom 2014-11-11 20:09 - 2014-12-04 18:28 - 00000000 ___DC () C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\X-Plane Python Interface 2014-11-11 12:03 - 2014-11-04 01:04 - 01876296 ____C (NVIDIA Corporation) C:\Windows\system32\nvdispco6434465.dll 2014-11-11 12:03 - 2014-11-04 01:04 - 01539272 ____C (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434465.dll 2014-11-11 10:32 - 2014-11-11 10:32 - 00000000 ___DC () C:\ProgramData\Licenses 2014-11-11 10:23 - 2014-11-11 10:35 - 00000000 ___DC () C:\Users\Danny\AppData\Roaming\Virtuali 2014-11-11 10:23 - 2014-11-11 10:23 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FsDreamTeam 2014-11-11 10:22 - 2014-11-11 10:33 - 00000000 ___DC () C:\ProgramData\Virtuali 2014-11-11 10:22 - 2014-11-11 10:22 - 00000000 ___DC () C:\ProgramData\Esellerate 2014-11-10 19:03 - 2014-11-12 13:43 - 00009749 ____C () C:\AEMODULE.LOG 2014-11-10 18:53 - 2014-11-10 18:53 - 00000000 ___DC () C:\Users\Danny\AppData\Local\World_of_AI 2014-11-10 18:41 - 2014-11-10 18:41 - 00000000 ___DC () C:\Users\Danny\AppData\Local\Flight1 Software 2014-11-10 18:37 - 2014-11-10 18:37 - 00000000 ___DC () C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flight One Software 2014-11-10 18:34 - 2014-11-10 18:34 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shockwave 3D Lights Redux 2014-11-10 18:34 - 2014-11-10 18:34 - 00000000 ___DC () C:\Program Files (x86)\Shockwave 3D Lights Redux 2014-11-10 17:22 - 2014-11-10 17:27 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REX Essential 2014-11-10 16:30 - 2014-11-10 18:37 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flight One Software 2014-11-10 14:55 - 2014-11-10 15:45 - 00000000 ___DC () C:\Program Files (x86)\DX10SceneryFixer 2014-11-10 14:55 - 2014-11-10 14:56 - 00000000 ___DC () C:\Users\Public\Documents\DX10SceneryFixer 2014-11-10 14:55 - 2014-11-10 14:55 - 00000000 ___DC () C:\Users\Danny\AppData\Local\DX10SceneryFixer 2014-11-10 14:55 - 2014-11-10 14:55 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteveFX 2014-11-10 14:55 - 2014-11-10 14:55 - 00000000 ___DC () C:\ProgramData\DX10SceneryFixer 2014-11-10 14:54 - 2014-11-10 14:54 - 00000000 ___DC () C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlyTampa 2014-11-10 14:13 - 2014-11-10 14:13 - 00000000 ___DC () C:\ProgramData\FLEXnet 2014-11-10 14:08 - 2014-11-10 14:08 - 00000000 ___DC () C:\Users\Danny\Documents\Flight Simulator X Files 2014-11-10 14:06 - 2014-11-10 14:06 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations 2014-11-10 13:18 - 2014-11-12 13:57 - 00000000 ___DC () C:\Users\Danny\Documents\Flight Simulator X-Dateien ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-06 16:49 - 2009-07-14 06:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT 2014-12-06 16:48 - 2009-07-14 05:45 - 00023408 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-06 16:48 - 2009-07-14 05:45 - 00023408 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-06 16:46 - 2013-11-29 19:02 - 00712410 ____C () C:\Windows\system32\perfh007.dat 2014-12-06 16:46 - 2013-11-29 19:02 - 00155566 ____C () C:\Windows\system32\perfc007.dat 2014-12-06 16:46 - 2009-07-14 06:13 - 01661812 ____C () C:\Windows\system32\PerfStringBackup.INI 2014-12-05 18:15 - 2013-12-24 18:11 - 00000884 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-05 18:07 - 2013-11-29 17:54 - 00086192 ____C () C:\Users\Danny\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-05 18:07 - 2009-07-14 05:45 - 00389952 ____C () C:\Windows\system32\FNTCACHE.DAT 2014-12-05 17:57 - 2013-11-29 20:47 - 00000000 ___DC () C:\ProgramData\Microsoft Help 2014-12-05 17:57 - 2009-07-14 08:46 - 00000000 ___DC () C:\Windows\ShellNew 2014-12-05 17:57 - 2009-07-14 04:20 - 00000000 ___DC () C:\Program Files\Common Files\System 2014-12-05 17:57 - 2009-07-14 04:20 - 00000000 ___DC () C:\Program Files\Common Files\Microsoft Shared 2014-12-05 17:57 - 2009-07-14 03:34 - 00000387 ____C () C:\Windows\win.ini 2014-12-05 15:40 - 2014-01-10 18:06 - 00000000 ___DC () C:\Users\Danny\AppData\Local\CrashDumps 2014-12-05 15:39 - 2009-07-14 03:34 - 00000215 ____C () C:\Windows\system.ini 2014-12-05 13:12 - 2013-12-24 17:33 - 00000000 ___DC () C:\ProgramData\TEMP 2014-12-04 22:50 - 2013-12-02 19:29 - 00000073 ____C () C:\Users\Danny\AppData\Local\X-Plane_drm.prf 2014-12-04 19:35 - 2014-08-01 10:56 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-12-04 19:35 - 2013-11-29 20:51 - 00000000 ___DC () C:\Users\Danny\AppData\Roaming\Wise Care 365 2014-12-04 18:21 - 2014-11-04 16:20 - 00000000 ___DC () C:\ProgramData\NVIDIA 2014-12-04 18:21 - 2014-09-20 10:51 - 00000000 ___DC () C:\Temp 2014-12-04 18:20 - 2013-12-02 19:27 - 00000080 ____C () C:\Users\Danny\AppData\Local\X-Plane Installer.prf 2014-12-04 12:21 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-12-04 12:06 - 2014-06-04 17:10 - 00000000 ___DC () C:\Program Files (x86)\Java 2014-12-04 12:06 - 2013-11-29 20:58 - 00000000 ___DC () C:\ProgramData\Oracle 2014-12-04 12:05 - 2014-08-01 10:56 - 00098216 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-12-04 11:52 - 2013-11-29 17:26 - 00000000 ___DC () C:\Users\Danny 2014-12-03 11:24 - 2014-09-13 15:08 - 00003822 ____C () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-03 11:24 - 2013-11-29 20:58 - 00701104 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-03 11:24 - 2013-11-29 20:58 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-30 19:36 - 2013-12-02 18:23 - 00000072 ____C () C:\Users\Public\LMDebug.log 2014-11-24 19:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-11-19 19:58 - 2014-05-30 10:10 - 00000000 __SDC () C:\Windows\system32\CompatTel 2014-11-15 19:58 - 2013-11-29 20:18 - 00000000 ___DC () C:\Windows\system32\MRT 2014-11-15 19:56 - 2013-11-29 20:18 - 103374192 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-13 01:20 - 2014-11-04 16:19 - 20986592 ____C (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2014-11-13 01:20 - 2014-11-04 16:19 - 18514616 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-11-13 01:20 - 2014-11-04 16:19 - 03262784 ____C (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2014-11-13 01:20 - 2014-11-04 16:19 - 00989056 ____C (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2014-11-13 01:20 - 2014-11-04 16:19 - 00027094 ____C () C:\Windows\system32\nvinfo.pb 2014-11-12 22:56 - 2014-11-04 16:20 - 06897352 ____C (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2014-11-12 22:56 - 2014-11-04 16:20 - 03534152 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2014-11-12 22:56 - 2014-11-04 16:20 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2014-11-12 22:56 - 2014-11-04 16:20 - 00934032 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2014-11-12 22:56 - 2014-11-04 16:20 - 00386368 ____C (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2014-11-12 22:56 - 2014-11-04 16:20 - 00062608 ____C (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2014-11-12 17:00 - 2014-09-03 16:39 - 00000322 ____C () C:\Windows\Tasks\Wise Turbo Checker.job 2014-11-12 12:57 - 2013-12-11 19:38 - 00000261 ____C () C:\Users\Danny\AppData\Roaming\OpenSceneryX Installationsprogramm.plist 2014-11-11 14:40 - 2013-11-29 20:15 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-11 12:56 - 2013-12-08 18:43 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aerosoft 2014-11-11 12:56 - 2013-11-29 17:51 - 00000000 __HDC () C:\Program Files (x86)\InstallShield Installation Information 2014-11-11 12:04 - 2009-07-14 04:20 - 00000000 ___DC () C:\Windows\Help 2014-11-11 12:03 - 2014-11-04 16:18 - 00000000 ___DC () C:\Program Files\NVIDIA Corporation 2014-11-11 11:29 - 2014-11-04 16:20 - 04100776 ____C () C:\Windows\system32\nvcoproc.bin 2014-11-10 18:47 - 2013-12-06 14:27 - 00002048 ____C () C:\Windows\f1utii.lic 2014-11-10 18:43 - 2013-11-29 20:21 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thrustmaster HOTAS Cougar 2014-11-10 16:06 - 2013-12-26 18:23 - 00000000 __HDC () C:\Program Files (x86)\Temp 2014-11-10 16:03 - 2009-07-14 06:32 - 00000000 __RDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-11-10 16:03 - 2009-07-14 06:32 - 00000000 ___DC () C:\Program Files\DVD Maker 2014-11-10 16:03 - 2009-07-14 04:20 - 00000000 __RDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-11-10 16:03 - 2009-07-14 04:20 - 00000000 ___DC () C:\Windows\PolicyDefinitions 2014-11-10 14:54 - 2014-10-22 17:29 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlyTampa 2014-11-10 14:07 - 2013-12-02 17:46 - 00000000 ___DC () C:\Windows\SysWOW64\directx 2014-11-08 13:56 - 2013-12-03 21:45 - 00000000 ___DC () C:\Users\Danny\AppData\Roaming\vlc 2014-11-07 16:16 - 2013-12-11 17:13 - 00002389 ____C () C:\Users\Danny\AppData\Roaming\WED.prefs Some content of TEMP: ==================== C:\Users\Danny\AppData\Local\Temp\Quarantine.exe C:\Users\Danny\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-05 15:06 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Wie gesagt das Security Check bekommm ich nicht oder erst morgen sofern das Programm wirklich Stunden braucht? Was mir grad noch einfällt, hab noch das Log vom Emsisoft Emergency Kit das ich noch erstellt habe bevor ich mich hier gemeldet hab. Code:
ATTFilter Emsisoft Emergency Kit - Version 9.0 Letztes Update: 05.12.2014 13:21:59 Benutzerkonto: Danny-PC\Danny Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\, E:\, F:\, G:\, Y:\ PUPs-Erkennung: An Archiv Scan: An ADS Scan: An Dateitypen-Filter: Aus Erweitertes Caching: An Direkter Festplattenzugriff: Aus Scan Beginn: 05.12.2014 13:22:21 Value: HKEY_USERS\S-1-5-21-1203117988-4294000735-3354723111-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR gefunden: Setting.DisableTaskMgr (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS gefunden: Setting.DisableRegistryTools (A) Value: HKEY_USERS\S-1-5-21-1203117988-4294000735-3354723111-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS gefunden: Setting.DisableRegistryTools (A) Gescannt 253178 Gefunden 3 Scan Ende: 05.12.2014 13:52:06 Scan Zeit: 0:29:45 Value: HKEY_USERS\S-1-5-21-1203117988-4294000735-3354723111-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantäne Setting.DisableRegistryTools (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantäne Setting.DisableRegistryTools (A) Value: HKEY_USERS\S-1-5-21-1203117988-4294000735-3354723111-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantäne Setting.DisableTaskMgr (A) Quarantäne 3 MFG Danny Nach einigen Stunden hier noch das Security Check Log: Code:
ATTFilter Results of screen317's Security Check version 0.99.91 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Panda Free Antivirus WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 8 Update 25 Java version 32-bit out of Date! Adobe Flash Player 15.0.0.239 Mozilla Firefox (33.1) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbam.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 08.12.2014 Scan Time: 01:42:00 Logfile: mbam.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2014.12.08.01 Rootkit Database: v2014.12.03.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Danny Scan Type: Threat Scan Result: Completed Objects Scanned: 342412 Time Elapsed: 3 min, 36 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) |
09.12.2014, 01:37 | #8 |
/// the machine /// TB-Ausbilder | Anti Spyware+ Antivirus ohne funktion, PC langsam, "Setting.DisableTaskMgr", "Setting.DisableRegistryTools" Die EAM Funde kannste entfernen lassen, das sind nur Registry Einträge. Gewusst wie: Durchführen eines sauberen Neustarts in Windows Bitte einen Clean Boot machen. Wenn das Problem dann weg ist, einzeln wieder Dienste aktivieren, dazwischen immer einen Reboot machen. Solange bis Du weißt welcher Dienst die Probleme macht. Diesen dann hier benennen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
09.12.2014, 20:31 | #9 |
| Anti Spyware+ Antivirus ohne funktion, PC langsam, "Setting.DisableTaskMgr", "Setting.DisableRegistryTools" Guten Abend, Also der Clean Boot brachte leider auch nicht den gewünschten Erfolg, auch ohne die aktivierten Dienste bestehen die Probleme noch. Ich weiß nicht wie Ehrgeizig du bist aber wegen mir können wir gerne an der Stelle Schluss machen und ich setz das System neu auf. Es läuft mittlerweile schon seit über 2 Jahren und so hat es sich den ruhestand verdient. Daten währen soweit gesichert und alles vorbereitet. Wenn du denn fall allerdings knacken willst, dann will ich dir gerne behilflich sein Ansonsten werden ich nach kurzer Antwort morgen einfach mit der Neuinstallation starten. MFG Danny |
10.12.2014, 15:29 | #10 |
/// the machine /// TB-Ausbilder | Anti Spyware+ Antivirus ohne funktion, PC langsam, "Setting.DisableTaskMgr", "Setting.DisableRegistryTools" Mein nächster Tipp wäre neuaufsetzen. Wenn der Clean Boot nichts bringt ist WIndows ansich das Problem
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Anti Spyware+ Antivirus ohne funktion, PC langsam, "Setting.DisableTaskMgr", "Setting.DisableRegistryTools" |
adware, antivirus, browser, combofix, cpu, defender, desktop, firefox, flash player, helper, homepage, iexplore.exe, langsam, performance, scan, security, services.exe, spyware, svchost.exe, tracker, trojaner, trojaner board, trojaner?, tunnel, uplay, usb, windows, wiso |