Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Langsamer Laptop atiedxx.exe, csrss.exe und winlogon.exe

Langsamer Laptop atiedxx.exe, csrss.exe und winlogon.exe


Log-Analyse und Auswertung: Langsamer Laptop atiedxx.exe, csrss.exe und winlogon.exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 26.01.2015, 19:09   #7
UnholyConfes
 
Langsamer Laptop atiedxx.exe, csrss.exe und winlogon.exe - Standard

Langsamer Laptop atiedxx.exe, csrss.exe und winlogon.exe


Danke für den super schnellen und für meine Gefühle kompetente Hilfe! Aber ich glaube dass des irgendwie was Hartnäckiges ist ?

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=68a5a199c766b241aff23d1e5217940e
# engine=17865
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-04-14 07:28:46
# local_time=2014-04-14 09:28:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 66147 16109269 63389 0
# compatibility_mode=5893 16776574 100 94 15874191 149090376 0 0
# scanned=68764
# found=19
# cleaned=0
# scan_time=51230
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe"
sh=120DC13B4F5E666393F1DA9A07581F2BB3C8C8ED ft=1 fh=4a303e5d20f8d7e0 vn="Variante von Win32/HackTool.Crack.BL potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Southpark Stick of Truth\steam_api.dll"
sh=D93DFB48F135DD4DE95CB82544C3EDA3BAD2C753 ft=1 fh=d1199f70f2992f69 vn="Win32/Packed.ScrambleWrapper.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SAB LAP\AppData\Local\DownloadGuide\Offers\plus-hd-3-8.exe"
sh=E17CAE66109644F591CE5A08EB6BB7D8426E7F61 ft=1 fh=fc2dd634d5b1c6e4 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SAB LAP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CODY5D2T\Setup[1].exe"
sh=855AEEF55884E524E79084E3C8B96876A89E3756 ft=1 fh=0b1fb44a769485e9 vn="Variante von Win32/InstallBrain evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SAB LAP\AppData\Local\Temp\PCPerformer_Home_Setup.exe"
sh=1A376885858134D257064FD589715094441FB645 ft=1 fh=03df30316233ca53 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\SAB LAP\AppData\Local\Temp\is266438442\853410_stp.EXE"
sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SAB LAP\AppData\Local\Temp\is266438442\853437_stp\wajam_validate.exe"
sh=175A8A0C7650EF29B0E1AE7137F5F48FDFCD6588 ft=1 fh=deea2a09617af006 vn="Variante von Win32/AdWare.SpeedingUpMyPC.G Anwendung" ac=I fn="C:\Users\SAB LAP\AppData\Local\Temp\is266438442\853698_stp\PCSpeedMaximizer_AQDE_AFD_PPI.exe"
sh=82FCB8F238714B0CB9CB50A1D233BB876EAE1F8E ft=1 fh=0a28b37f82595fb9 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SAB LAP\AppData\Local\Temp\is266438442\853860_stp\whilokii_is.exe"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SAB LAP\AppData\Local\Temp\OCS\ocs_v71a.exe"
sh=1A376885858134D257064FD589715094441FB645 ft=1 fh=03df30316233ca53 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\SAB LAP\Downloads\foxit-pdf-reader [1].exe"
sh=4E65B7FCC34FF700E5812C0B44B4692DF889BB85 ft=1 fh=f735f6c30210c836 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\SAB LAP\Downloads\FreeAudioCDToMP3Converter (1).exe"
sh=4E65B7FCC34FF700E5812C0B44B4692DF889BB85 ft=1 fh=f735f6c30210c836 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\SAB LAP\Downloads\FreeAudioCDToMP3Converter.exe"
sh=AFFE6E9713E9A978FB02DDE2DC7B140AE7D49EEC ft=1 fh=ddacea57b1eca302 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SAB LAP\Downloads\iLividSetup-r484-n-bc.exe"
sh=1D9BE2046CA18FB0D5AA7881E5463C6171917309 ft=1 fh=d21aa5e713887d8e vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SAB LAP\Downloads\PC-Performer-lnstall.exe"
sh=AE58E6FF867B9784BF525716022E00D65B0AF0AD ft=1 fh=1d5dd040421ee558 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SAB LAP\Downloads\TeamViewer - CHIP-Downloader.exe"
sh=9EEDBBFCC0A9F576F1F6E26759CE7F0AD3087568 ft=1 fh=8721c084f4185b37 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\SAB LAP\Downloads\winamp565_full_emusic-7plus_de-de.exe"
sh=9AE68FFAE53C4FC53C5623585D9DCC5BF30CFFD5 ft=1 fh=fc8d0a209d3b7b0c vn="Win32/HackTool.WinActivator.I potenziell unsichere Anwendung" ac=I fn="C:\Users\SAB LAP\Downloads\Windows_Loader_v2.2.1.exe"
sh=3B6BDCA414A53DF7C8C5096B953C4DF87A1091C7 ft=1 fh=55ca6504931631dc vn="Win32/HackTool.WinActivator.I potenziell unsichere Anwendung" ac=I fn="C:\Users\SAB LAP\Downloads\Windows_Loader_v2.2.1\Windows Loader.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=68a5a199c766b241aff23d1e5217940e
# engine=22150
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-26 05:40:10
# local_time=2015-01-26 06:40:10 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 18006 40942695 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 40707675 173923860 0 0
# scanned=175574
# found=12
# cleaned=0
# scan_time=14053
sh=BD4F87271566180D7F6322F27F15323A1DAC4215 ft=1 fh=fcff36e489966752 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SAB LAP\AppData\Local\DownloadGuide\Offers\vis.exe.vir"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SABLAP~1\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
sh=D4B66D63BDB5B1E3B008FCEC0339D4EFEF9ACBC3 ft=1 fh=b8d78b984d4f7d1a vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=E17CAE66109644F591CE5A08EB6BB7D8426E7F61 ft=1 fh=fc2dd634d5b1c6e4 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SAB LAP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CODY5D2T\Setup[1].exe"
sh=B2CE135FD5B5CE13607231BBCD2C6598512D231B ft=1 fh=b5de49b1a3280b69 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\Users\SAB LAP\AppData\Local\Temp\securitascout_3.exe"
sh=B2CE135FD5B5CE13607231BBCD2C6598512D231B ft=1 fh=b5de49b1a3280b69 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\Users\SAB LAP\AppData\Local\Temp\2c3f58eb53411028bee59d7bce3aff52\securitascout_3.exe"
sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SAB LAP\AppData\Local\Temp\is266438442\853437_stp\wajam_validate.exe"
sh=175A8A0C7650EF29B0E1AE7137F5F48FDFCD6588 ft=1 fh=deea2a09617af006 vn="Variante von Win32/AdWare.SpeedingUpMyPC.G Anwendung" ac=I fn="C:\Users\SAB LAP\AppData\Local\Temp\is266438442\853698_stp\PCSpeedMaximizer_AQDE_AFD_PPI.exe"
sh=82FCB8F238714B0CB9CB50A1D233BB876EAE1F8E ft=1 fh=0a28b37f82595fb9 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SAB LAP\AppData\Local\Temp\is266438442\853860_stp\whilokii_is.exe"
sh=959F98A3EFDDF93AF186D090F49697BD2F39530E ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="D:\LAPTOP\Backup Set 2011-10-22 083455\Backup Files 2011-10-24 130847\Backup files 1.zip"
sh=0DD0CF8E279607B420AE2F5081D80E19BBEC10DA ft=0 fh=0000000000000000 vn="JS/Kryptik.EN Trojaner" ac=I fn="D:\LAPTOP\Backup Set 2011-10-22 083455\Backup Files 2011-10-30 190002\Backup files 1.zip"
sh=B8A3FF98CFF5D0D19DD965B6411AED40986EF780 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\LAPTOP\Backup Set 2011-10-22 083455\Backup Files 2011-10-30 190002\Backup files 2.zip"


Die gefundenen Bedrohungen habe ich nicht gelöscht, da der Hacken in dem Bild nicht gesetzt war.

Das kam beim SecruityCeck wurde allerdings in Notepad ++ geöffnet!

UNSUPPORTED OPERATING SYSTEM! ABORTED!
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by SAB LAP (administrator) on SABLAP-PC on 26-01-2015 19:07:56
Running from C:\Users\SAB LAP\Desktop
Loaded Profiles: SAB LAP (Available profiles: SAB LAP)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Novell, Inc.) C:\Windows\System32\iprntsrv.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Novell, Inc.) C:\Windows\System32\iprntctl.exe
(Novell, Inc.) C:\Windows\System32\iprntlgn.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\SAB LAP\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [iPrint Tray] => C:\Windows\system32\iprntctl.exe [65816 2013-04-22] (Novell, Inc.)
HKLM\...\Run: [iPrint Event Monitor] => C:\Windows\system32\iprntlgn.exe [70936 2013-04-22] (Novell, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3638818728-868247861-3901511755-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-3638818728-868247861-3901511755-1000\...\Run: [Facebook Update] => C:\Users\SAB LAP\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-11-15] (Facebook Inc.)
HKU\S-1-5-21-3638818728-868247861-3901511755-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3638818728-868247861-3901511755-1000\...\MountPoints2: {b78769bf-7e05-11e3-b800-74de2b2becdc} - F:\AutoRun.exe
Lsa: [Notification Packages] scecli iPrntWinCredMan
Startup: C:\Users\SAB LAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\SAB LAP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\SAB LAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3638818728-868247861-3901511755-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
HKU\S-1-5-21-3638818728-868247861-3901511755-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
HKU\S-1-5-21-3638818728-868247861-3901511755-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland ? jetzt mit dem Hotmail Nachfolger Outlook und dem Messenger Nachfolger Skype
HKU\S-1-5-21-3638818728-868247861-3901511755-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = GIGA - Leidenschaft für Technik und Games
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3638818728-868247861-3901511755-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-3638818728-868247861-3901511755-1000 -> {BA93E50F-3206-4A80-B816-175C74684F75} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @novell.com/iPrint -> C:\Windows\SysWOW64 ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3638818728-868247861-3901511755-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\SAB LAP\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

Chrome: 
=======
CHR HomePage: Default -> chrome://newtab
CHR Profile: C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-09]
CHR Extension: (Google Drive) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-16]
CHR Extension: (YouTube) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-09]
CHR Extension: (Adblock Plus) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-13]
CHR Extension: (Google-Suche) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-09]
CHR Extension: (Avira Browserschutz) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-08]
CHR Extension: (Google Wallet) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-09]
CHR Extension: (Citavi Picker) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2014-11-26]
CHR Extension: (Google Mail) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
R2 iprntsrv; C:\Windows\system32\iprntsrv.exe [55296 2013-04-22] (Novell, Inc.) [File not signed]
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239696 2013-07-23] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [128200 2013-06-20] (Qualcomm Atheros Co., Ltd.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 19:05 - 2015-01-26 19:05 - 00852504 _____ () C:\Users\SAB LAP\Desktop\SecurityCheck.exe
2015-01-26 14:40 - 2015-01-26 14:40 - 02347384 _____ (ESET) C:\Users\SAB LAP\Desktop\esetsmartinstaller_deu.exe
2015-01-25 16:20 - 2015-01-25 16:20 - 00000000 ____D () C:\Users\SAB LAP\Desktop\FRST-OlderVersion
2015-01-25 16:19 - 2015-01-25 16:19 - 00000623 _____ () C:\Users\SAB LAP\Desktop\JRT.txt
2015-01-25 16:12 - 2015-01-25 16:12 - 00000000 ____D () C:\Windows\ERUNT
2015-01-25 16:11 - 2015-01-25 16:11 - 01707939 _____ (Thisisu) C:\Users\SAB LAP\Desktop\JRT.exe
2015-01-25 16:02 - 2015-01-25 16:06 - 00000000 ____D () C:\AdwCleaner
2015-01-25 16:02 - 2015-01-25 16:02 - 02194432 _____ () C:\Users\SAB LAP\Desktop\AdwCleaner_4.109.exe
2015-01-25 15:56 - 2015-01-25 15:56 - 00791632 _____ () C:\Windows\Minidump\012515-18907-01.dmp
2015-01-22 16:28 - 2015-01-22 16:29 - 00022028 _____ () C:\Users\SAB LAP\Desktop\Addition.txt
2015-01-22 16:26 - 2015-01-26 19:07 - 00013393 _____ () C:\Users\SAB LAP\Desktop\FRST.txt
2015-01-22 16:26 - 2015-01-26 19:07 - 00000000 ____D () C:\FRST
2015-01-22 16:25 - 2015-01-25 16:20 - 02129920 _____ (Farbar) C:\Users\SAB LAP\Desktop\FRST64.exe
2015-01-21 17:20 - 2015-01-21 17:20 - 00001877 _____ () C:\Users\SAB LAP\Desktop\mw.txt
2015-01-21 16:51 - 2015-01-21 17:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-21 16:51 - 2015-01-21 16:51 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-21 16:51 - 2015-01-21 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-21 16:50 - 2015-01-21 16:51 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-21 16:50 - 2015-01-21 16:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-21 16:50 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-21 16:50 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-21 16:50 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-21 16:49 - 2015-01-21 16:49 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\SAB LAP\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-19 16:50 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-19 16:50 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-19 16:50 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-19 16:50 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-19 16:50 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-19 16:50 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-19 16:50 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-19 16:50 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-19 16:50 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-19 16:50 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 09:04 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 09:04 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:04 - 2014-12-11 18:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 19:06 - 2014-10-16 12:55 - 00000000 ____D () C:\Users\SAB LAP\AppData\Roaming\Notepad++
2015-01-26 19:04 - 2013-11-15 18:59 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3638818728-868247861-3901511755-1000UA.job
2015-01-26 19:04 - 2013-11-15 18:59 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3638818728-868247861-3901511755-1000Core.job
2015-01-26 19:02 - 2013-10-09 21:39 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-26 19:01 - 2013-10-09 21:21 - 01948337 _____ () C:\Windows\WindowsUpdate.log
2015-01-26 17:36 - 2009-07-14 05:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-26 17:36 - 2009-07-14 05:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-26 14:48 - 2013-10-09 21:39 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-26 14:42 - 2011-04-12 08:43 - 00699342 _____ () C:\Windows\system32\perfh007.dat
2015-01-26 14:42 - 2011-04-12 08:43 - 00149450 _____ () C:\Windows\system32\perfc007.dat
2015-01-26 14:42 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-25 16:08 - 2014-12-07 16:29 - 00000000 ___RD () C:\Users\SAB LAP\Dropbox
2015-01-25 16:08 - 2014-12-07 16:13 - 00000000 ____D () C:\Users\SAB LAP\AppData\Roaming\Dropbox
2015-01-25 16:07 - 2013-03-12 22:41 - 00038361 _____ () C:\Windows\setupact.log
2015-01-25 16:07 - 2010-11-21 04:47 - 00017342 _____ () C:\Windows\PFRO.log
2015-01-25 16:07 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-25 15:56 - 2013-12-02 17:37 - 381867232 _____ () C:\Windows\MEMORY.DMP
2015-01-25 15:56 - 2013-12-02 17:37 - 00000000 ____D () C:\Windows\Minidump
2015-01-19 16:55 - 2013-10-09 22:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-19 16:41 - 2013-03-12 21:48 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\SAB LAP\AppData\Local\Temp\amazonicon_v4.exe
C:\Users\SAB LAP\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\SAB LAP\AppData\Local\Temp\AutoRun.exe
C:\Users\SAB LAP\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\SAB LAP\AppData\Local\Temp\avgnt.exe
C:\Users\SAB LAP\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzd0zmy.dll
C:\Users\SAB LAP\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\SAB LAP\AppData\Local\Temp\Foxit Updater.exe
C:\Users\SAB LAP\AppData\Local\Temp\npp.6.7.4.Installer.exe
C:\Users\SAB LAP\AppData\Local\Temp\ose00000.exe
C:\Users\SAB LAP\AppData\Local\Temp\Quarantine.exe
C:\Users\SAB LAP\AppData\Local\Temp\sdanircmdc.exe
C:\Users\SAB LAP\AppData\Local\Temp\sdapskill.exe
C:\Users\SAB LAP\AppData\Local\Temp\sdaspwn.exe
C:\Users\SAB LAP\AppData\Local\Temp\securitascout_3.exe
C:\Users\SAB LAP\AppData\Local\Temp\sqlite3.dll
C:\Users\SAB LAP\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-22 17:16

==================== End Of Log ============================
--- --- ---
 

Themen zu Langsamer Laptop atiedxx.exe, csrss.exe und winlogon.exe
atiedxx.exe, csrss.exe, einfach, festgestellt, forum, gefunde, geladen, geschlossen, hallo zusammen, heute, hoffe, home, langsamer, laptop, prozesse, runter, scan, scanne, taskma, taskmanager, version, vorwarnung, windows, windows 7, winlogon.exe, zusammen


« Windows 8.1: CryptoLocker eingenistet? | windows 8 fehler c:windows\system32\logfiles\srt\srttrail.txt »


Ähnliche Themen: Langsamer Laptop atiedxx.exe, csrss.exe und winlogon.exe


  1. atiedxx.exe, csrss.exe und winlogon.exe Trojaner gefunden.
    Log-Analyse und Auswertung - 26.07.2015 (4)
  2. Windows7: zu langsam - atiedxx.exe, csrss.exe und winlogon.exe
    Log-Analyse und Auswertung - 21.06.2015 (12)
  3. Prozesse 2dpainting.exe;atieclxx.exe;csrss.exe und winlogon.exe verdächtig
    Plagegeister aller Art und deren Bekämpfung - 09.08.2014 (5)
  4. Virus (csrss.exe/winlogon.exe) nach mbr und normaler Formatierung immer noch da
    Log-Analyse und Auswertung - 19.05.2014 (7)
  5. csrss.exe, atiedxx.exe, winlogon.exe, ePowerEvent.exe - Dateipfad lässt sich nicht öffnen & kein Benutzer & keine Beschreibung
    Log-Analyse und Auswertung - 19.05.2014 (7)
  6. winlogon.exe und csrss.exe ---> Trojaner
    Log-Analyse und Auswertung - 30.10.2013 (3)
  7. Winlogon.exe & csrss.exe...Virus? Trojan (?)
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (22)
  8. tpnumlk.exe , csrss.exe , winlogon.exe ohne Benutzer und Beschreibung im Task-Manager (Win7)
    Plagegeister aller Art und deren Bekämpfung - 01.12.2011 (21)
  9. atiecixx.exe , csrss.exe , winlogon.exe ohne Benutzer und Beschreibung im Task-Manager (Win7)
    Plagegeister aller Art und deren Bekämpfung - 28.10.2011 (7)
  10. Prozesse csrss.exe, atiedxx.exe, winlogon; Computer langsam
    Log-Analyse und Auswertung - 21.08.2011 (5)
  11. Facebook-Virus?, *.JPG.scr geöffnet, Folge: winsvc.exe, csrss.exe, atiedxx.exe, winlogon.exe
    Log-Analyse und Auswertung - 16.08.2011 (2)
  12. Trojaner + csrss.exe & winlogon.exe ohne Beschreibung
    Plagegeister aller Art und deren Bekämpfung - 09.06.2011 (32)
  13. Csrss.exe Winlogon.exe Atieclxx.exe ohne zuweisung im Taskmanager
    Log-Analyse und Auswertung - 26.05.2011 (6)
  14. atiedxx,csrss sowie winlogon.exe ohne Dateipfad - Verseucht!
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (1)
  15. csrss.exe, atiedxx.exe, winlogon?
    Plagegeister aller Art und deren Bekämpfung - 03.09.2010 (7)
  16. winlogon.exe/csrss.exe ? jemand entscheidet was ich darf und was nicht..Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 08.01.2010 (10)
  17. csrss/winlogon/rundll32 unter vista,HILFE
    Log-Analyse und Auswertung - 08.08.2008 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Langsamer Laptop atiedxx.exe, csrss.exe und winlogon.exe - Danke für den super schnellen und für meine Gefühle kompetente Hilfe! Aber ich glaube dass des irgendwie was Hartnäckiges ist ? ESETSmartInstaller@High as downloader log: all ok # version=8 # - Langsamer Laptop atiedxx.exe, csrss.exe und winlogon.exe...
Archiv
Du betrachtest: Langsamer Laptop atiedxx.exe, csrss.exe und winlogon.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131