| kiki-berlin | 07.11.2014 20:24 |
Windows 7: Firefox reagiert nicht, nicht antwortendes Skript, und mehr lästige Unterbrechungen.
Hallo,
Mein Medion-Laptop habe ich im Frühjahr von XP auf Windows 7 umgestellt.
Zuerst lief alles prima, aber zunehmend bekomme ich Probleme:
In Firefox bricht hin und wieder die Anzeige zusammen, wird kurz schwarz, dann nur Desktop und dann kommt das Bild wieder. Sehr häufig reagiert Firefox nicht, öffnet dann ein neues Fenster für diesen Tab mit dem Hinweis "KeineReaktion" oben in der Adresszeile (ganz oben im "Reiter"), und schließt dann irgendwann das Fenster wieder.
Sehr oft erscheinen Hinweise auf ein beschädigtes /nicht antwortendes Skript.
Insgesamt ist das alte Laptop zwar technisch nicht mehr auf dem modernsten Stand (Prozessor Intel T2300, @1,66 GHz 1.67 GHz, 1,00 GB RAM, 32 Bit), aber für simples Internet ohne viel Schnickschnack müsste es für mein Gefühl schneller und ohne diese Probleme gehen (ging unter XP definitiv).
Würde mich freuen, wenn mal wer draufschauen könnte. Hier meine Logfiles: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:25 on 07/11/2014 (Kirstin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-11-2014
Ran by Kirstin (administrator) on KIRSTIN-LÄPPI on 07-11-2014 17:28:52
Running from C:\Users\Kirstin\Downloads
Loaded Profile: Kirstin (Available profiles: Kirstin)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files\Launch Manager\LaunchAp.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Wistron) C:\Program Files\Launch Manager\WButton.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [LaunchAp] => C:\Program Files\Launch Manager\LaunchAp.exe [32768 2007-09-01] ()
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [188416 2007-09-06] (Wistron)
HKLM\...\Run: [CtrlVol] => "C:\Program Files\Launch Manager\CtrlVol.exe"
HKLM\...\Run: [LMgrOSD] => C:\Program Files\Launch Manager\OSD.exe [180224 2006-12-26] (Wistron Corp.)
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [86016 2007-09-07] (Wistron)
HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [729088 2007-02-26] (Motorola Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2007-02-26] (Synaptics, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-1049084713-579978419-3497640582-1000\...\MountPoints2: H - H:\LGAutoRun.exe
HKU\S-1-5-21-1049084713-579978419-3497640582-1000\...\MountPoints2: {fc8efe53-5399-11e4-ac5f-0016d38110d6} - H:\LGAutoRun.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9918E7C1978CCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.3
FireFox:
========
FF ProfilePath: C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\0lj38nn1.default
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.com/?gfe_rd=cr&ei=5uMeVNu2L6qF8Qf72YCwCA&gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\0lj38nn1.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\0lj38nn1.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\0lj38nn1.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\0lj38nn1.default\searchplugins\youtube.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: NoScript - C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\0lj38nn1.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-23]
FF Extension: Adblock Plus - C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\0lj38nn1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-23]
Chrome:
=======
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118784 2006-11-17] (Wistron Corp.) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23168 2014-05-27] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2014-05-27] (LG Electronics Inc.)
R1 Hotkey; C:\Windows\system32\Drivers\Hotkey.sys [9867 2003-04-28] () [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-07 17:28 - 2014-11-07 17:29 - 00008404 _____ () C:\Users\Kirstin\Downloads\FRST.txt
2014-11-07 17:28 - 2014-11-07 17:29 - 00000000 ____D () C:\FRST
2014-11-07 17:27 - 2014-11-07 17:27 - 01106432 _____ (Farbar) C:\Users\Kirstin\Downloads\FRST.exe
2014-11-07 17:25 - 2014-11-07 17:25 - 00000476 _____ () C:\Users\Kirstin\Downloads\defogger_disable.log
2014-11-07 17:25 - 2014-11-07 17:25 - 00000000 _____ () C:\Users\Kirstin\defogger_reenable
2014-11-07 17:24 - 2014-11-07 17:24 - 00050477 _____ () C:\Users\Kirstin\Downloads\Defogger.exe
2014-11-07 15:30 - 2013-04-10 00:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-11-07 14:25 - 2014-11-07 14:25 - 00000000 ____D () C:\Windows\pss
2014-11-07 12:21 - 2014-11-07 12:22 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-03 15:40 - 2014-11-03 15:42 - 00000000 ____D () C:\Users\Kirstin\AppData\Local\.elfohilfe
2014-11-03 15:35 - 2014-11-03 15:36 - 00000000 ____D () C:\Users\Kirstin\AppData\Roaming\elsterformular
2014-11-03 15:34 - 2014-11-03 15:35 - 00000000 ____D () C:\ProgramData\elsterformular
2014-11-03 15:34 - 2014-11-03 15:34 - 00001249 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2014-11-03 15:34 - 2014-11-03 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2014-11-03 15:32 - 2014-11-03 15:34 - 00000000 ____D () C:\Program Files\images
2014-11-03 15:32 - 2014-11-03 15:34 - 00000000 ____D () C:\Program Files\hilfe
2014-11-03 15:32 - 2014-11-03 15:34 - 00000000 ____D () C:\Program Files\bin
2014-11-03 15:32 - 2014-11-03 15:32 - 00000000 ____D () C:\Program Files\dict
2014-11-03 15:29 - 2014-11-03 15:30 - 120739144 _____ (Landesfinanzdirektion Thüringen) C:\Users\Kirstin\Downloads\ElsterFormular-15.3.20141009u.exe
2014-11-02 23:58 - 2014-11-07 15:22 - 00000000 ___RD () C:\Users\Kirstin\Dropbox
2014-11-02 23:58 - 2014-11-02 23:58 - 00001003 _____ () C:\Users\Kirstin\Desktop\Dropbox.lnk
2014-11-02 23:53 - 2014-11-02 23:53 - 00000000 ____D () C:\Users\Kirstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-02 23:49 - 2014-11-07 11:59 - 00000000 ____D () C:\Users\Kirstin\AppData\Roaming\Dropbox
2014-11-02 23:48 - 2014-11-02 23:48 - 00323672 _____ (Dropbox, Inc.) C:\Users\Kirstin\Downloads\DropboxInstaller.exe
2014-10-29 20:57 - 2014-10-29 20:58 - 91931728 _____ (The GIMP Team ) C:\Users\Kirstin\Downloads\gimp-2.8.14-setup-1.exe
2014-10-25 22:37 - 2014-10-25 22:37 - 00000000 ____D () C:\Users\Kirstin\AppData\Roaming\dvdcss
2014-10-25 21:07 - 2014-10-25 22:45 - 00000000 ____D () C:\Users\Kirstin\AppData\Roaming\vlc
2014-10-25 21:01 - 2014-10-25 21:01 - 00000000 ____D () C:\Program Files\VideoLAN
2014-10-25 20:56 - 2014-10-25 20:56 - 25603232 _____ () C:\Users\Kirstin\Downloads\vlc-2.1.5-win32.exe
2014-10-24 11:30 - 2014-10-24 11:30 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-24 11:29 - 2014-10-24 11:29 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-10-24 11:29 - 2014-10-24 11:29 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-10-24 11:29 - 2014-10-24 11:29 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-10-24 11:29 - 2014-10-24 11:29 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-10-24 11:29 - 2014-10-24 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-24 11:29 - 2014-10-24 11:29 - 00000000 ____D () C:\Program Files\Java
2014-10-17 22:14 - 2014-10-17 22:14 - 00000874 _____ () C:\Users\Kirstin\AppData\Local\recently-used.xbel
2014-10-16 21:51 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-16 21:51 - 2014-08-19 03:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-16 21:51 - 2014-08-19 03:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-16 21:51 - 2014-08-19 03:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-16 21:51 - 2014-08-19 03:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-16 21:51 - 2014-08-19 02:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-16 21:51 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-16 21:51 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-16 21:51 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-16 21:51 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-16 21:51 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-16 21:51 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-16 21:51 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-16 21:51 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-16 21:51 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-16 21:51 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-16 21:51 - 2014-07-07 02:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-16 21:51 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-16 21:51 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-16 21:51 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-16 21:51 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-16 21:51 - 2014-07-07 02:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-16 21:51 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-16 21:51 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-16 21:51 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-16 21:51 - 2014-07-07 02:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-16 21:51 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-16 21:51 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-16 21:51 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-16 21:51 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-16 21:51 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-16 21:51 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-16 21:51 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-16 21:51 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-16 21:51 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-16 21:51 - 2014-07-07 02:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-16 21:51 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-16 21:51 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-16 21:51 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-16 21:51 - 2014-07-07 02:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-16 21:51 - 2014-06-28 01:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-16 21:51 - 2014-06-28 01:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-16 21:51 - 2014-06-28 01:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-16 20:02 - 2014-10-10 02:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 20:02 - 2014-10-10 02:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 20:02 - 2014-10-10 02:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 20:02 - 2014-09-29 01:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 20:02 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 20:02 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 20:02 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 20:02 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 20:01 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 20:01 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 20:01 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 20:01 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 20:01 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 20:01 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 20:01 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 20:01 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 20:01 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 20:01 - 2014-09-19 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 20:01 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 20:01 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 20:01 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 20:01 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 20:01 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 20:01 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 20:01 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 20:01 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 20:01 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 20:01 - 2014-09-19 01:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 20:01 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 20:01 - 2014-09-19 01:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 20:01 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 20:01 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 20:01 - 2014-09-19 01:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 20:01 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 20:01 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 20:01 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 20:01 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 20:01 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 20:01 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 20:01 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 20:01 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 20:01 - 2014-07-17 02:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 20:01 - 2014-07-17 02:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 20:01 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-16 20:01 - 2014-07-17 02:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 20:01 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 20:01 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 20:01 - 2014-07-17 02:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 20:01 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-16 20:01 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-16 20:01 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-16 20:01 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-16 20:01 - 2014-07-09 02:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-16 20:01 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-16 20:00 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 20:00 - 2014-07-17 02:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 19:59 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 20:37 - 2014-10-14 20:37 - 00000000 ____D () C:\Users\Kirstin\AppData\Roaming\LG Electronics
2014-10-14 20:28 - 2014-10-14 20:28 - 00000000 ____D () C:\Users\Kirstin\AppData\Local\LG Electronics
2014-10-14 20:28 - 2014-10-14 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG PC Suite
2014-10-14 20:25 - 2014-10-14 20:26 - 00000000 ____D () C:\Program Files\LG Electronics
2014-10-14 19:47 - 2014-10-14 19:58 - 234529496 _____ (LG Electronics) C:\Users\Kirstin\Downloads\LGPCSuite_Setup.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-07 17:28 - 2014-06-20 15:15 - 01769028 _____ () C:\Windows\WindowsUpdate.log
2014-11-07 17:26 - 2014-07-13 22:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-07 17:25 - 2014-06-20 15:26 - 00000000 ____D () C:\Users\Kirstin
2014-11-07 17:10 - 2014-06-21 12:59 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-07 15:58 - 2009-07-14 05:34 - 00032368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-07 15:58 - 2009-07-14 05:34 - 00032368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-07 15:56 - 2010-11-20 22:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-07 15:52 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-07 15:51 - 2014-06-21 12:59 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-07 15:50 - 2014-08-04 21:32 - 00013946 _____ () C:\Windows\setupact.log
2014-11-07 15:50 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-07 15:24 - 2014-06-20 16:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-07 14:18 - 2014-06-25 16:36 - 00000000 ____D () C:\Windows\Minidump
2014-10-30 12:24 - 2014-06-20 16:02 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 21:22 - 2014-06-22 13:33 - 00000000 ____D () C:\Users\Kirstin\.gimp-2.8
2014-10-29 21:06 - 2014-06-20 23:02 - 00001047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-10-25 20:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-10-24 11:30 - 2014-10-01 09:27 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-17 12:31 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-10-17 12:02 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-17 11:09 - 2009-07-14 05:33 - 00286616 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 11:07 - 2014-06-20 20:44 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 11:07 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-16 23:57 - 2014-06-20 17:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 23:52 - 2014-06-20 17:53 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\Kirstin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp06yquy.dll
C:\Users\Kirstin\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Kirstin\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Kirstin\AppData\Local\Temp\Quarantine.exe
C:\Users\Kirstin\AppData\Local\Temp\setup.exe
C:\Users\Kirstin\AppData\Local\Temp\vcredist9_x86.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-07 16:38
==================== End Of Log ============================
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-11-2014
Ran by Kirstin at 2014-11-07 17:31:00
Running from C:\Users\Kirstin\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Brother MFL-Pro Suite DCP-J4110DW (HKLM\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.41 - Dropbox, Inc.)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.3.20141009 - Landesfinanzdirektion Thüringen)
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
FreeOCR v5.0 (HKLM\...\freeocr_is1) (Version: - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Launch Manager V1.4.7 (HKLM\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.4.7 - Wistron Corp.)
LG PC Suite (HKLM\...\LG PC Suite) (Version: 5.3.18.20140626 - LG Electronics)
LG United Mobile Drivers (HKLM\...\{15A5D29A-F209-49FD-BA47-5E4C882FF496}) (Version: 3.12.1.0 - LG Electronics)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Motorola SM56 Data Fax Modem (HKLM\...\SMSERIAL) (Version: - )
Mozilla Firefox 33.0.3 (x86 de) (HKLM\...\Mozilla Firefox 33.0.3 (x86 de)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
OpenOffice 4.1.0 (HKLM\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
PDF24 Creator 6.5.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
sv.net (HKLM\...\sv.net) (Version: 14.1 - ITSG GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.0.0 - Synaptics)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
YTD Video Downloader 4.8.1 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.1 - GreenTree Applications SRL) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1049084713-579978419-3497640582-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kirstin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1049084713-579978419-3497640582-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kirstin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1049084713-579978419-3497640582-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kirstin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1049084713-579978419-3497640582-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kirstin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1049084713-579978419-3497640582-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kirstin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1049084713-579978419-3497640582-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kirstin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1049084713-579978419-3497640582-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kirstin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1049084713-579978419-3497640582-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kirstin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1049084713-579978419-3497640582-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kirstin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
07-11-2014 14:45:54 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {10288478-23FA-4E8A-8188-80520E88FD90} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {5B61258E-11B8-434F-92FC-03CE2733DE35} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {7B8D1A74-605A-47F9-8241-650F1AD0AF6E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-06-21] (Google Inc.)
Task: {8B5C41C7-AC8D-4AD0-A65D-8F868EE30DA9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-06-21] (Google Inc.)
Task: {BABDB8BD-3131-46E3-B272-5122C611CFA7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-07-18 09:47 - 2012-09-18 14:26 - 00169472 _____ () C:\Windows\System32\zlhp1020.dll
2014-07-18 09:47 - 2012-09-18 14:26 - 00059904 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\pphp1020.dll
2014-06-21 10:38 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2014-06-20 16:28 - 2007-09-01 13:03 - 00032768 _____ () C:\Program Files\Launch Manager\LaunchAp.exe
2007-02-26 11:34 - 2007-02-26 11:34 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56fra.dll
2007-02-26 11:34 - 2007-02-26 11:34 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56brz.dll
2007-02-26 11:34 - 2007-02-26 11:34 - 00053248 _____ () C:\Program Files\Motorola\SMSERIAL\sm56chs.dll
2007-02-26 11:34 - 2007-02-26 11:34 - 00053248 _____ () C:\Program Files\Motorola\SMSERIAL\sm56cht.dll
2007-02-26 11:34 - 2007-02-26 11:34 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56ger.dll
2007-02-26 11:34 - 2007-02-26 11:34 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56ita.dll
2007-02-26 11:34 - 2007-02-26 11:34 - 00057344 _____ () C:\Program Files\Motorola\SMSERIAL\sm56jpn.dll
2007-02-26 11:34 - 2007-02-26 11:34 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56esp.dll
2007-02-26 11:34 - 2007-02-26 11:34 - 00053248 _____ () C:\Program Files\Motorola\SMSERIAL\sm56kor.dll
2007-02-26 11:34 - 2007-02-26 11:34 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56dnk.dll
2014-11-07 12:21 - 2014-11-07 12:22 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^Kirstin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter4 => C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun
MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-1049084713-579978419-3497640582-500 - Administrator - Disabled)
Gast (S-1-5-21-1049084713-579978419-3497640582-501 - Limited - Disabled)
Kirstin (S-1-5-21-1049084713-579978419-3497640582-1000 - Administrator - Enabled) => C:\Users\Kirstin
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/07/2014 04:42:16 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (11/07/2014 03:51:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2014 03:26:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2014 01:52:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 33.0.0.5397 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: ffc
Startzeit: 01cffa79e2cd73a4
Endzeit: 452
Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID:
Error: (11/07/2014 11:58:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/02/2014 10:26:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/01/2014 07:08:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/01/2014 11:39:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/29/2014 07:59:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/29/2014 07:51:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (11/07/2014 02:41:05 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (11/07/2014 11:58:04 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 05.11.2014 um 10:54:06 unerwartet heruntergefahren.
Error: (11/03/2014 00:03:05 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: Das System hat einen Adressenkonflikt der IP-Adresse 192.168.0.12 mit dem Computer mit der
Netzwerkhardwareadresse 40-16-7E-25-A3-C4 ermittelt. Netzwerkvorgänge könnten daher auf diesem
System unterbrochen werden.
Error: (11/03/2014 00:00:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
Error: (11/03/2014 00:14:44 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: Das System hat einen Adressenkonflikt der IP-Adresse 2a02:8109:8b80:13d4::2 mit dem Computer mit der
Netzwerkhardwareadresse 40-16-7E-25-A3-C4 ermittelt. Netzwerkvorgänge könnten daher auf diesem
System unterbrochen werden.
Error: (11/03/2014 00:07:18 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "JONATHAN-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{033E48BB-E589-402D-8065-7649A1-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (11/03/2014 00:06:45 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "JONATHAN-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{033E48BB-E589-402D-8065-7649A1-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (11/01/2014 09:38:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.
Error: (10/29/2014 08:08:13 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.187.674.0
Aktualisierungsquelle: %NT-AUTORITÄT59
Aktualisierungsphase: 4.6.0305.00
Quellpfad: 4.6.0305.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (10/29/2014 07:50:21 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x00000004, 0x00000258, 0x8429ca70, 0x82935b24)C:\Windows\MEMORY.DMP102914-20919-01
Microsoft Office Sessions:
=========================
Error: (11/07/2014 04:42:16 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Brother\Brmfl12b\NetScn\dpinstx64.exe
Error: (11/07/2014 03:51:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2014 03:26:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2014 01:52:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe33.0.0.5397ffc01cffa79e2cd73a4452C:\Program Files\Mozilla Firefox\firefox.exe
Error: (11/07/2014 11:58:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/02/2014 10:26:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/01/2014 07:08:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/01/2014 11:39:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/29/2014 07:59:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/29/2014 07:51:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz
Percentage of memory in use: 85%
Total physical RAM: 1014.18 MB
Available physical RAM: 146.01 MB
Total Pagefile: 4014.18 MB
Available Pagefile: 2998.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.99 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:44.68 GB) (Free:17.96 GB) NTFS
Drive d: (Programme) (Fixed) (Total:20 GB) (Free:19.91 GB) NTFS
Drive e: (Daten) (Fixed) (Total:37.11 GB) (Free:9.74 GB) NTFS
Drive f: (MyDrive) (Fixed) (Total:931.51 GB) (Free:609.94 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: D12E4C6A)
Partition 1: (Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=101.8 GB) - (Type=OF Extended)
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 50B95581)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Den Epson-Drucker und den Video-Downloader habe ich mit dem Revo uninstaller gleich entfernt, die brauche ich nicht mehr. Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-07 17:57:24
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD1200BEVS-07LAT0 rev.01.06M01 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Kirstin\AppData\Local\Temp\uxdiyaod.sys
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwRollbackEnlistment + 1419 82C8A995 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82CAA5F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] ntdll.dll!NtCreateFile 77955608 5 Bytes JMP 6143C420 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] ntdll.dll!NtFlushBuffersFile 77955998 5 Bytes JMP 61411594 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] ntdll.dll!NtQueryFullAttributesFile 77956028 5 Bytes JMP 614112B0 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] ntdll.dll!NtReadFile 779562F8 5 Bytes JMP 61411490 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] ntdll.dll!NtReadFileScatter 77956308 5 Bytes JMP 61D697EB C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] ntdll.dll!NtWriteFile 77956AA8 5 Bytes JMP 6143D2F0 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] ntdll.dll!NtWriteFileGather 77956AB8 5 Bytes JMP 61D6979A C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] ntdll.dll!LdrLoadDll 779722AE 5 Bytes JMP 73521F43 C:\Program Files\Mozilla Firefox\mozglue.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 76E694E6 7 Bytes JMP 61CD00FF C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] kernel32.dll!QueryPerformanceCounter + 13 76E6C4E5 7 Bytes JMP 61CD0122 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] kernel32.dll!LoadAppInitDlls + 355 76E6F5A6 7 Bytes JMP 61438F84 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] USER32.dll!GetWindowInfo 77584B5E 5 Bytes JMP 61BD68B0 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3584] GDI32.dll!GetViewportOrgEx + 26C 76F0884B 7 Bytes JMP 61CD0080 C:\Program Files\Mozilla Firefox\xul.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@206F2BB9 159
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{D1C41978-F884-11E3-AA97-806E6F6E6963} 853729696
---- EOF - GMER 2.1 ----
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 07.11.2014
Suchlauf-Zeit: 19:43:27
Logdatei: 07112014Antimalware.txt
Administrator: Ja
Version: 2.00.3.1025
Malware Datenbank: v2014.11.07.04
Rootkit Datenbank: v2014.11.01.02
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Kirstin
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 286110
Verstrichene Zeit: 15 Min, 58 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente erkannt)
Module: 0
(Keine schädliche Elemente erkannt)
Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)
Registrierungswerte: 0
(Keine schädliche Elemente erkannt)
Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)
Ordner: 0
(Keine schädliche Elemente erkannt)
Dateien: 0
(Keine schädliche Elemente erkannt)
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end)
Sooo, mehr hab ich jetzt erst mal nicht....
Nun werde ich hier auf eine baldige Antwort von Euch warten :kaffee: , ich freu mich schon drauf.
Danke
Kiki :pfeiff: |
AdwCleaner auf deinen Desktop.
SecurityCheck und:
