Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Computer langsamer als sonst, werde paranoid

Computer langsamer als sonst, werde paranoid


Log-Analyse und Auswertung: Computer langsamer als sonst, werde paranoid

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 23.11.2017, 19:16   #1
C r e e p
 
Computer langsamer als sonst, werde paranoid - Standard

Computer langsamer als sonst, werde paranoid


Hallo an alle,

ich war schon einmal hier angemeldet und bekam damals Hilfe.

Mustte leider einen neuen Account machen, da ich den alten nicht mehr weiß :-(


Mein Problem:

Mein Laptop (Dell Inspiron) macht seit ca. 2 Monaten Dinge, die er vorher nicht getan hat.

1. Es öffnen sich mehr Ads im Brwoser als sonst

2. Der Laptop arbeitet spürbar langsamer

3. Ab und zu wird das Bild für 1 Sekunde schwarz

4. Einige Ordner kommen mir suspekt vor


Könnt ihr mir wieder helfen wie ich Log-files erstelle und hier poste?

Vielen Dank im Voraus!

Alt 24.11.2017, 11:55   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Computer langsamer als sonst, werde paranoid - Standard

Computer langsamer als sonst, werde paranoid


Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 26.11.2017, 23:22   #3
C r e e p
 
Computer langsamer als sonst, werde paranoid - Standard

Computer langsamer als sonst, werde paranoid


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-11-2017 01
Ran by O-Goshi (administrator) on O-GOSHI-PC (26-11-2017 23:17:15)
Running from C:\Users\O-Goshi\Downloads
Loaded Profiles: O-Goshi (Available Profiles: O-Goshi)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIRHE.EXE
() C:\Program Files\OpenVPN\bin\openvpn-gui.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files\BEHRINGER\UMC_Audio_Driver\UMCAudioCplApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Gabest) C:\Users\O-Goshi\Desktop\mplayerc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Image-Line) C:\Program Files (x86)\Image-Line\FL Studio 12\FL64.exe
(Image-Line) C:\Program Files (x86)\Image-Line\FL Studio 12\System\Tools\Bridge\32bit\ilbridge.exe
(Image-Line) C:\Program Files (x86)\Image-Line\FL Studio 12\System\Tools\Bridge\32bit\ilbridge.exe
(Image-Line) C:\Program Files (x86)\Image-Line\FL Studio 12\System\Tools\Bridge\32bit\ilbridge.exe
(Image-Line) C:\Program Files (x86)\Image-Line\FL Studio 12\System\Tools\Bridge\32bit\ilbridge.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-17] (IDT, Inc.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [7173632 2017-04-22] (Broadcom Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3091303281-14082041-545763789-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIRHE.EXE [417776 2014-11-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3091303281-14082041-545763789-1000\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
HKU\S-1-5-21-3091303281-14082041-545763789-1000\...\Run: [OPENVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [643200 2017-09-26] ()
HKU\S-1-5-21-3091303281-14082041-545763789-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize 
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2017-04-24] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2017-04-22]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UMC Audio Control Panel Autostart.lnk [2017-08-01]
ShortcutTarget: UMC Audio Control Panel Autostart.lnk -> C:\Program Files\BEHRINGER\UMC_Audio_Driver\UMCAudioCplApp.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{86899B90-6CA6-4209-BCE8-57D1E0054905}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-3091303281-14082041-545763789-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ch.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10438__171113__yaie
HKU\S-1-5-21-3091303281-14082041-545763789-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3091303281-14082041-545763789-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://ch.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10438__171113__yaie&p={searchTerms}
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: svkzmv55.default
FF ProfilePath: C:\Users\O-Goshi\AppData\Roaming\Mozilla\Firefox\Profiles\svkzmv55.default [2017-11-26]
FF Homepage: Mozilla\Firefox\Profiles\svkzmv55.default -> hxxps://www.google.de/
FF NewTab: Mozilla\Firefox\Profiles\svkzmv55.default -> hxxps://ch.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10438__171113__yaff
FF Extension: (Avast SafePrice) - C:\Users\O-Goshi\AppData\Roaming\Mozilla\Firefox\Profiles\svkzmv55.default\Extensions\sp@avast.com.xpi [2017-11-23]
FF Extension: (NoScript) - C:\Users\O-Goshi\AppData\Roaming\Mozilla\Firefox\Profiles\svkzmv55.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-11-23]
FF Extension: (Adblock Plus) - C:\Users\O-Goshi\AppData\Roaming\Mozilla\Firefox\Profiles\svkzmv55.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-08]
FF Extension: (Disable Media WMF NV12 format) - C:\Users\O-Goshi\AppData\Roaming\Mozilla\Firefox\Profiles\svkzmv55.default\features\{8ddd0c32-f430-4ef9-a6d5-a9da0806cca9}\disable-media-wmf-nv12@mozilla.org.xpi [2017-11-22] [Lagacy]
FF SearchPlugin: C:\Users\O-Goshi\AppData\Roaming\Mozilla\Firefox\Profiles\svkzmv55.default\searchplugins\yahoo-lavasoft.xml [2017-11-13]
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [677880 2017-04-25] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [145224 2016-01-13] (Seiko Epson Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [15872 2016-11-25] ( ) [File not signed]
R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [73856 2017-09-26] (The OpenVPN Project)
S3 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [73856 2017-09-26] (The OpenVPN Project)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5858304 2017-04-22] (Broadcom Corporation) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH)
S3 MADFUAUDIOPHILE; C:\Windows\System32\DRIVERS\MAudioAudiophile_DFU.sys [46088 2009-09-03] (M-Audio)
S3 MAUSBAUDIOPHILE; C:\Windows\System32\DRIVERS\MAudioAudiophile.sys [187912 2009-09-03] (Avid Technology, Inc.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R0 Tpkd; C:\Windows\System32\Drivers\Tpkd.sys [103272 2009-05-21] (PACE Anti-Piracy, Inc.) [File not signed]
S3 umc_audio; C:\Windows\System32\DRIVERS\umc_audio_x64.sys [288328 2015-12-08] ()
S3 umc_audioks; C:\Windows\System32\DRIVERS\umc_audioks_x64.sys [56904 2015-12-08] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-26 23:17 - 2017-11-26 23:17 - 000012093 _____ C:\Users\O-Goshi\Downloads\FRST.txt
2017-11-26 23:16 - 2017-11-26 23:17 - 000000000 ____D C:\FRST
2017-11-26 23:16 - 2017-11-26 23:16 - 002391552 _____ (Farbar) C:\Users\O-Goshi\Downloads\FRST64.exe
2017-11-26 19:30 - 2017-11-26 19:30 - 001031778 _____ C:\Users\O-Goshi\Desktop\Untitled.mpd
2017-11-23 18:28 - 2017-11-23 18:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2017-11-23 18:28 - 2017-11-23 18:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2017-11-23 18:28 - 2017-11-23 18:28 - 000000000 ____D C:\Program Files\TAP-Windows
2017-11-23 17:47 - 2017-11-23 18:41 - 000000000 ____D C:\Users\O-Goshi\Desktop\peep
2017-11-23 17:46 - 2017-11-23 18:52 - 000000000 ____D C:\T racks
2017-11-23 17:46 - 2017-11-23 17:46 - 000000000 ____D C:\B  anger
2017-11-23 12:27 - 2017-11-23 12:27 - 000000000 ____D C:\Users\O-Goshi\AppData\Local\CyberGhost
2017-11-21 22:29 - 2017-11-21 22:29 - 000000000 ____D C:\Users\O-Goshi\AppData\Local\CEF
2017-11-21 22:26 - 2017-11-21 22:25 - 001142072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-11-21 22:26 - 2017-11-21 22:25 - 001001272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-11-21 21:32 - 2017-11-24 11:22 - 000000000 ____D C:\ProgramData\AVAST Software
2017-11-13 13:32 - 2017-11-23 18:44 - 000000000 ____D C:\Users\O-Goshi\AppData\LocalLow\uTorrent
2017-11-13 13:28 - 2017-11-13 13:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2017-11-13 13:27 - 2017-11-13 13:27 - 000002611 _____ C:\Users\O-Goshi\Desktop\µTorrent.lnk
2017-11-13 13:26 - 2017-11-23 18:44 - 000000000 ____D C:\Users\O-Goshi\AppData\Roaming\uTorrent
2017-11-13 13:25 - 2017-11-13 13:26 - 002403520 _____ (BitTorrent Inc.) C:\Users\O-Goshi\Downloads\uTorrent350.exe
2017-11-11 12:56 - 2017-11-11 12:56 - 000078081 _____ C:\Users\O-Goshi\Desktop\pigeon_raffle-696x464.jpeg
2017-10-29 17:35 - 2017-10-29 17:36 - 000000557 _____ C:\Users\O-Goshi\Downloads\UTC--2017-10-29T16-35-50.706Z--62440ded5461c5b2f642b1693d8f24b903e60d22

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-26 21:04 - 2017-04-28 09:00 - 000000000 ____D C:\Users\O-Goshi\AppData\Roaming\Celemony Software GmbH
2017-11-26 17:34 - 2009-07-14 06:13 - 000790742 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-26 17:34 - 2009-07-14 05:45 - 000017136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-26 17:34 - 2009-07-14 05:45 - 000017136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-26 17:34 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-11-26 17:28 - 2017-04-22 14:12 - 000000000 ____D C:\Users\O-Goshi\AppData\LocalLow\Mozilla
2017-11-26 17:27 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-26 02:00 - 2017-04-27 15:51 - 000000000 ____D C:\Users\O-Goshi\AppData\Local\Adobe
2017-11-23 20:53 - 2016-11-18 00:56 - 000000000 ____D C:\FL Studio Producer Edition 12.0.2 + Plugins Bundle
2017-11-23 18:44 - 2017-06-28 12:22 - 000000000 ____D C:\O-G-O-S-H-I
2017-11-23 18:28 - 2017-10-23 19:22 - 000000000 ____D C:\Users\O-Goshi\Desktop\pix
2017-11-23 18:28 - 2017-10-18 14:16 - 000000908 _____ C:\Users\Public\Desktop\OpenVPN GUI.lnk
2017-11-23 18:21 - 2017-10-18 14:11 - 000000000 ____D C:\Program Files (x86)\oVPN.to Client
2017-11-22 03:12 - 2017-06-14 00:43 - 000000000 ____D C:\Users\O-Goshi\AppData\Roaming\vlc
2017-11-21 22:32 - 2017-04-27 21:26 - 000000000 ____D C:\Users\O-Goshi\Documents\Adobe
2017-11-15 20:44 - 2017-04-22 14:11 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-15 10:40 - 2017-04-22 14:11 - 000000000 ____D C:\Users\O-Goshi\AppData\Roaming\Mozilla
2017-11-15 10:39 - 2017-04-22 14:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-13 13:27 - 2017-05-31 10:05 - 000000000 ____D C:\Users\O-Goshi\AppData\LocalLow\Temp
2017-11-09 03:32 - 2017-08-01 11:47 - 000000309 _____ C:\Users\O-Goshi\Desktop\lyrix.txt
2017-11-02 15:19 - 2017-10-11 13:09 - 000000383 _____ C:\Users\O-Goshi\Desktop\essen diary.txt

==================== Files in the root of some directories =======

2011-07-25 10:48 - 2011-07-25 10:48 - 000074293 _____ () C:\Users\O-Goshi\AppData\Roaming\Setup.1.2.exe
2017-04-27 21:23 - 2017-04-27 21:23 - 325407814 _____ () C:\Users\O-Goshi\AppData\Local\ACCCx4_0_1_188.zip.aamdownload
2017-04-27 21:23 - 2017-04-27 21:23 - 000003630 _____ () C:\Users\O-Goshi\AppData\Local\ACCCx4_0_1_188.zip.aamdownload.aamd

Some files in TEMP:
====================
2017-04-27 21:22 - 2015-03-05 07:54 - 002212008 _____ (Adobe Systems Incorporated) C:\Users\O-Goshi\AppData\Local\Temp\AdobeApplicationManager.exe
2009-10-27 01:20 - 2009-10-27 01:20 - 029044736 _____ (Antares Audio Technologies) C:\Users\O-Goshi\AppData\Local\Temp\Auto-Tune_evo.exe
2017-11-13 13:27 - 2017-11-13 13:27 - 000353904 _____ (Lavasoft) C:\Users\O-Goshi\AppData\Local\Temp\offer-EB9503F2-312D-4575-9BEB-7B505EBBCB0A.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-19 19:36

==================== End of FRST.txt ============================
--- --- ---

--- --- ---


FRST Additions Logfile:
[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2017 01
Ran by O-Goshi (26-11-2017 23:17:58)
Running from C:\Users\O-Goshi\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2016-11-17 23:54:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3091303281-14082041-545763789-500 - Administrator - Disabled)
Guest (S-1-5-21-3091303281-14082041-545763789-501 - Limited - Disabled)
O-Goshi (S-1-5-21-3091303281-14082041-545763789-1000 - Administrator - Enabled) => C:\Users\O-Goshi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3091303281-14082041-545763789-1000\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.0 - Adobe Systems Incorporated)
Antares Auto-Tune Evo VST (HKLM-x32\...\{FFF74EC9-1FF4-4456-99E3-4F05129F4FAB}) (Version: 6.00.0009 - Antares Audio Technologies)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version:  - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version:  - Broadcom Corporation)
Celemony Melodyne Studio 4 (HKLM-x32\...\Celemony Melodyne Studio 4) (Version: 4.0.4.001 - Celemony)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Easy Photo Scan (HKLM-x32\...\{1021AA9F-6A0A-4128-B89B-1A05A8DD1770}) (Version: 1.00.0009 - Seiko Epson Corporation)
Electrum (HKU\S-1-5-21-3091303281-14082041-545763789-1000\...\Electrum) (Version: 2.9.0 - Electrum Technologies GmbH)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.82.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.44.00 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
EPSON XP-640 Series Printer Uninstall (HKLM\...\EPSON XP-640 Series) (Version:  - Seiko Epson Corporation)
Epson XP-640 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson XP-640 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6289.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{1A8BA6CE-822D-4888-89E2-ACBF4308F271}) (Version: 13.02.0000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.8.10 - PACE Anti-Piracy)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 57.0 (x64 de) (HKLM\...\Mozilla Firefox 57.0 (x64 de)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla)
OpenVPN 2.4.4-I601  (HKLM\...\OpenVPN) (Version: 2.4.4-I601 - OpenVPN Technologies, Inc.)
oVPN.to Client v0.8.12-gtk3_win32 (HKLM-x32\...\{991F58FC-8D40-4B45-B434-6A10AAC12FBA}_is1) (Version: v0.8.12-gtk3_win32 - oVPN.to Anonymous Services)
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
UMC v3.29.0 (HKLM-x32\...\Software_BEHRINGER_umc_audio_Setup) (Version: 3.29.0 - BEHRINGER)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth  (03/24/2010 6.3.0.2501) (HKLM\...\AF09E130E2FD4D1BEFD1B9132AE624BAE0364719) (Version: 03/24/2010 6.3.0.2501 - Broadcom Corporation)
WinRAR 5.40 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {ABB5B110-57CC-4470-A6D3-95D51BFA11EE} - System32\Tasks\AdobeAAMUpdater-1.0-O-Goshi-PC-O-Goshi => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-04-28] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2010-03-05 09:21 - 2010-03-05 09:21 - 001501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2009-12-29 13:19 - 2009-12-29 13:19 - 000173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2017-09-26 11:07 - 2017-09-26 11:07 - 000643200 _____ () C:\Program Files\OpenVPN\bin\openvpn-gui.exe
2017-08-01 13:31 - 2015-12-08 16:21 - 000383488 _____ () C:\Program Files\BEHRINGER\UMC_Audio_Driver\UMCAudioCplApp.exe
2015-01-17 10:27 - 2015-01-17 10:27 - 034734712 _____ () C:\Program Files (x86)\Image-Line\Shared\dsp_ipp_x64.dll
2015-03-18 17:18 - 2015-03-18 17:18 - 000872056 _____ () C:\Program Files (x86)\Image-Line\Shared\QuickFontCache_x64.dll
2014-12-02 20:32 - 2014-12-02 20:32 - 000607352 _____ () C:\Program Files (x86)\Image-Line\Shared\freetype_x64.dll
2015-04-26 19:28 - 2015-04-26 19:28 - 002446648 _____ () C:\Program Files (x86)\Image-Line\FL Studio 12\Plugins\Fruity\Effects\Fruity Limiter\Fruity Limiter_x64.dll
2011-06-06 16:00 - 2011-06-06 16:00 - 000094720 _____ () C:\Program Files (x86)\Steinberg\VstPlugins\Dada Life\Sausage Fattener\Sausage Fattener x64.dll
2011-06-06 16:00 - 2011-06-06 16:00 - 000762880 _____ () C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\Sausage Fattener 64.dat
2015-04-26 19:27 - 2015-04-26 19:27 - 002247992 _____ () C:\Program Files (x86)\Image-Line\FL Studio 12\Plugins\Fruity\Effects\Fruity Delay 2\Fruity Delay 2_x64.dll
2015-04-26 19:28 - 2015-04-26 19:28 - 002442040 _____ () C:\Program Files (x86)\Image-Line\FL Studio 12\Plugins\Fruity\Effects\Fruity Reeverb 2\Fruity Reeverb 2_x64.dll
2014-12-02 20:32 - 2014-12-02 20:32 - 000076408 _____ () C:\Program Files (x86)\Image-Line\Shared\Reverb_x64.dll
2015-04-26 19:28 - 2015-04-26 19:28 - 004608312 _____ () C:\Program Files (x86)\Image-Line\FL Studio 12\Plugins\Fruity\Effects\Soundgoodizer\Soundgoodizer_x64.dll
2017-08-01 13:31 - 2015-12-08 16:20 - 000228352 _____ () C:\Program Files\BEHRINGER\UMC_Audio_Driver\umc_audioapi.dll
2017-04-24 20:21 - 2017-04-24 20:21 - 000170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1266bf4bc00412e0e654ff040fff59af\IsdiInterop.ni.dll
2016-11-18 01:35 - 2010-06-08 10:44 - 000058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-01-17 10:27 - 2015-01-17 10:27 - 026941048 _____ () C:\Program Files (x86)\Image-Line\Shared\dsp_ipp.dll
2015-03-18 17:18 - 2015-03-18 17:18 - 000535160 _____ () C:\Program Files (x86)\Image-Line\Shared\QuickFontCache.dll
2014-12-02 20:32 - 2014-12-02 20:32 - 000487032 _____ () C:\Program Files (x86)\Image-Line\Shared\freetype.dll
2017-04-28 08:56 - 2003-01-12 23:47 - 000497152 _____ () C:\Program Files (x86)\VstPlugins\SPITFISH.dll
2015-03-11 10:46 - 2015-03-11 10:46 - 000130360 _____ () C:\Program Files (x86)\Image-Line\FL Studio 12\Plugins\VST\Fruity Chorus.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\O-Goshi\Local Settings:JaDZEnppyGyTnHkr9 [2452]
AlternateDataStreams: C:\Users\O-Goshi\AppData\Local:JaDZEnppyGyTnHkr9 [2452]
AlternateDataStreams: C:\Users\O-Goshi\AppData\Local\Application Data:JaDZEnppyGyTnHkr9 [2452]
AlternateDataStreams: C:\Users\O-Goshi\AppData\Local\cTIJvcp4R0:FPwCxfqTDsAyisgM5EdhHD9h8 [2304]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3091303281-14082041-545763789-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3091303281-14082041-545763789-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2017-04-27 21:22 - 000001023 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com 
127.0.0.1 activate.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3091303281-14082041-545763789-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\O-Goshi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AD450165-8B22-4A56-B4A4-808BEED1A533}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{659E02A4-16E0-48D4-85F1-00042FCABAEC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CD95AF2A-3294-4822-89CF-4C095FAD6D3D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DE414AE3-061E-4176-A18C-0D15B2CB10E2}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{A4896879-7074-4B57-8796-FAECAA8F3148}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [TCP Query User{F3FD6EE8-657B-4A4A-A4E6-22E4911B6A3C}C:\users\o-goshi\downloads\makeitviral-qt.exe] => (Allow) C:\users\o-goshi\downloads\makeitviral-qt.exe
FirewallRules: [UDP Query User{D1A390EC-9DB7-48FA-8DD7-B78950154406}C:\users\o-goshi\downloads\makeitviral-qt.exe] => (Allow) C:\users\o-goshi\downloads\makeitviral-qt.exe
FirewallRules: [{1C0CBBA9-A0E9-4C5A-AE64-A74685DDAC74}] => (Allow) C:\Users\O-Goshi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F2A6F1EC-3FA4-45CC-A2BC-1794EE48C1F0}] => (Allow) C:\Users\O-Goshi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9BDF793B-1059-45CF-AAB4-8FA6C9FF244C}] => (Allow) C:\Users\O-Goshi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C222788B-3316-4F15-A1F6-0F710CBD7A78}] => (Allow) C:\Users\O-Goshi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1446153C-B812-42CB-BEA3-E859DCC45E6B}] => (Allow) C:\Users\O-Goshi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1D81153C-9F7B-4C68-827A-E79A2EA7003E}] => (Allow) C:\Users\O-Goshi\AppData\Roaming\uTorrent\uTorrent.exe

==================== Restore Points =========================

25-10-2017 19:47:20 Scheduled Checkpoint
01-11-2017 05:29:28 Windows Update
08-11-2017 13:33:19 Scheduled Checkpoint
14-11-2017 03:27:51 Windows Update
17-11-2017 03:51:44 Windows Update
23-11-2017 18:49:07 chip 1-click download service wurde entfernt.
26-11-2017 02:52:54 Windows Update

==================== Faulty Device Manager Devices =============

Name: Network Controller
Description: Network Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/26/2017 06:57:52 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (11/25/2017 11:38:31 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 90080108).

Error: (11/25/2017 10:12:41 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (11/24/2017 12:04:58 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (11/23/2017 02:37:21 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (11/22/2017 11:25:34 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (11/22/2017 03:46:25 AM) (Source: openvpnserv) (EventID: 0) (User: )
Description: Event-ID 0

Error: (11/22/2017 12:32:30 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (11/21/2017 10:28:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/20/2017 05:24:02 PM) (Source: openvpnserv) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (11/23/2017 05:51:47 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The chip 1-click download service service has reported an invalid current state 0.

Error: (11/23/2017 05:51:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The OpenVPN Interactive Service service depends on the TAP-Windows Adapter V9 service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/23/2017 05:51:47 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The chip 1-click download service service has reported an invalid current state 0.

Error: (11/23/2017 05:51:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TAP-Windows Adapter V9 service failed to start due to the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/23/2017 01:55:02 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The chip 1-click download service service has reported an invalid current state 0.

Error: (11/23/2017 01:55:02 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The chip 1-click download service service has reported an invalid current state 0.

Error: (11/23/2017 01:55:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The OpenVPN Interactive Service service depends on the TAP-Windows Adapter V9 service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/23/2017 01:55:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TAP-Windows Adapter V9 service failed to start due to the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/23/2017 01:54:59 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 13:44:02 on ‎23.‎11.‎2017 was unexpected.

Error: (11/23/2017 12:26:08 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The chip 1-click download service service has reported an invalid current state 0.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 71%
Total physical RAM: 3958.69 MB
Available physical RAM: 1141.92 MB
Total Virtual: 7915.57 MB
Available Virtual: 4936.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.47 GB) (Free:178.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 8816BF3E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
--- --- ---

--- --- ---
__________________
Alt 27.11.2017, 09:56   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Computer langsamer als sonst, werde paranoid - Standard

Computer langsamer als sonst, werde paranoid


Code:
ATTFilter
2009-07-14 03:34 - 2017-04-27 21:22 - 000001023 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com 
127.0.0.1 activate.adobe.com

Lesestoff:
Illegale Software: Cracks, Keygens und Co

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Computer langsamer als sonst, werde paranoid
account, ads, alten, angemeldet, arbeitet, bild, compu, computer, das bild, dinge, erstelle, gemeldet, inspiron, langsamer, laptop, log-files, monate, neue, neuen, nicht mehr, ordner, paranoid, poste, problem, öffnen


« Windows 10: Virus installiert (russische) Software | Win7_Eset Scan hat 4 Bedrohungen/nicht erwünschte Anwendung gefunden »


Ähnliche Themen: Computer langsamer als sonst, werde paranoid


  1. Virenverdacht - PC langsamer als sonst
    Plagegeister aller Art und deren Bekämpfung - 22.10.2017 (10)
  2. PC startet Langsamer als sonst Windows defender deaktiviert lässt sich nicht aktivieren
    Plagegeister aller Art und deren Bekämpfung - 12.02.2017 (3)
  3. Windows 7: Computer bootet, aber funktioniert sonst nur im abgesicherten Modus
    Log-Analyse und Auswertung - 01.09.2015 (5)
  4. PC ist seit langsamer als sonst Virenproblem?
    Plagegeister aller Art und deren Bekämpfung - 09.07.2015 (1)
  5. langsamer computer
    Log-Analyse und Auswertung - 31.05.2015 (24)
  6. PC langsamer als sonst - Virus?
    Log-Analyse und Auswertung - 03.02.2015 (9)
  7. PC bootet langsam, bzw. Programme starten langsamer als sonst
    Alles rund um Windows - 26.05.2014 (4)
  8. Windows 7: PC ist langsamer als sonst nach mehreren Programm installationen (genauere beschreibung im Thema)
    Log-Analyse und Auswertung - 09.05.2014 (15)
  9. Windows 7 (SSD) -AutostartProgramme laden langsamer als sonst.
    Alles rund um Windows - 15.01.2014 (12)
  10. Trojaner Infektion, Pc langsamer als sonst, Mikrofon vom Laptop spinnt, pc hängt, TR/Patched.Ren.Gen' [trojan]gefunden
    Plagegeister aller Art und deren Bekämpfung - 05.01.2014 (13)
  11. Virus verdacht: Computer langsamer als sonst!
    Plagegeister aller Art und deren Bekämpfung - 30.12.2013 (9)
  12. Spiele und Leistung langsamer als sonst
    Plagegeister aller Art und deren Bekämpfung - 01.09.2013 (28)
  13. 100€ bezahlen sonst wird der Computer gesperrt,etc
    Plagegeister aller Art und deren Bekämpfung - 16.04.2012 (15)
  14. Internet ist langsamer als sonst... Virus?
    Log-Analyse und Auswertung - 13.02.2009 (0)
  15. Windows scheint langsamer als sonst
    Log-Analyse und Auswertung - 06.01.2009 (5)
  16. Internet viel langsamer als sonst
    Log-Analyse und Auswertung - 22.04.2007 (1)
  17. pc langsamer als sonst..
    Plagegeister aller Art und deren Bekämpfung - 19.06.2004 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Computer langsamer als sonst, werde paranoid - Hallo an alle, ich war schon einmal hier angemeldet und bekam damals Hilfe. Mustte leider einen neuen Account machen, da ich den alten nicht mehr weiß :-( Mein Problem: Mein - Computer langsamer als sonst, werde paranoid...
Archiv
Du betrachtest: Computer langsamer als sonst, werde paranoid auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131