Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Netbook sehr langsam (https://www.trojaner-board.de/164586-netbook-sehr-langsam.html)

Estrellita 01.03.2015 13:45
Netbook sehr langsam
 
Liebes Team,
nachdem ihr mir letztens schon sehr mit meinem Laptop geholfen habt, hat nun auch das Netbook Probleme und ist unglaublich langsam. Vielen, vielen Dank im Voraus. LG, Anja

cosinus 01.03.2015 13:50
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Estrellita 01.03.2015 14:05
Cool, danke:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-02-2015
Ran by Luderix (administrator) on LUDERIX-PC on 01-03-2015 13:59:53
Running from C:\Users\Luderix\Desktop
Loaded Profiles: Luderix (Available profiles: Luderix)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
() C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\HSPA USB MODEM\ModemListener.exe
() C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\Luderix\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\ipmgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [ModemListener] => C:\Program Files\HSPA USB MODEM\ModemListener.exe [98304 2010-05-28] ()
HKLM\...\Run: [InternetEverywhere_InternetEverywhere_Launcher.exe] => C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe [928312 2014-04-08] ()
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-55781068-1079282118-2788642084-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30874720 2014-12-03] (Skype Technologies S.A.)
HKU\S-1-5-21-55781068-1079282118-2788642084-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_179_Plugin.exe [851632 2014-08-16] (Adobe Systems Incorporated)
HKU\S-1-5-21-55781068-1079282118-2788642084-1000\...\MountPoints2: {328aa4e4-f4ba-11e3-a530-001bb1fbcf49} - E:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-55781068-1079282118-2788642084-1000\...\MountPoints2: {ee8892b5-af7a-11e4-bc79-001bb1fbcf49} - E:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-55781068-1079282118-2788642084-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [221184 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe ()
Startup: C:\Users\Luderix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Luderix\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-55781068-1079282118-2788642084-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-55781068-1079282118-2788642084-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{583E6AA5-568D-4429-902F-316E16618EED}: [NameServer] 41.223.184.49 66.178.2.25

FireFox:
========
FF ProfilePath: C:\Users\Luderix\AppData\Roaming\Mozilla\Firefox\Profiles\g99molc3.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Luderix\AppData\Roaming\Mozilla\Firefox\Profiles\g99molc3.default\Extensions\abs@avira.com [2015-02-06]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-02-27]

Chrome:
=======
CHR Profile: C:\Users\Luderix\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Luderix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-10]
CHR Extension: (Google Drive) - C:\Users\Luderix\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-10]
CHR Extension: (YouTube) - C:\Users\Luderix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-10]
CHR Extension: (Google Search) - C:\Users\Luderix\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-10]
CHR Extension: (Gmail) - C:\Users\Luderix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-10]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DeviceManager; C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe [40960 2009-11-17] () [File not signed]
R2 InternetEverywhere_Service; C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe [346680 2014-04-08] ()
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-01-18] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-01-18] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-11] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37384 2014-10-07] (Avira Operations GmbH & Co. KG)
S3 HPFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [17432 2007-07-16] (Hewlett Packard)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [101248 2013-03-04] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [70528 2013-03-04] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27776 2013-03-04] (Huawei Technologies Co., Ltd.)
S3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [108032 2013-10-23] (Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [316544 2013-11-01] (Huawei Technologies Co., Ltd.)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [103552 2009-08-27] (TCT International Mobile Ltd)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-11] (Avira GmbH)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-01 13:59 - 2015-03-01 14:01 - 00012886 _____ () C:\Users\Luderix\Desktop\FRST.txt
2015-03-01 13:59 - 2015-03-01 14:00 - 00000000 ____D () C:\FRST
2015-03-01 13:58 - 2015-03-01 13:58 - 01132032 _____ (Farbar) C:\Users\Luderix\Desktop\FRST.exe
2015-02-27 09:00 - 2015-02-27 09:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-26 20:49 - 2015-02-28 13:08 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-02-17 22:16 - 2015-02-17 22:18 - 00000000 ____D () C:\Users\Luderix\Documents\Steuerfaelle_BalTax 2014
2015-02-17 22:16 - 2015-02-17 22:16 - 00000000 ____D () C:\Users\Luderix\AppData\Roaming\Information Factory
2015-02-17 22:16 - 2015-02-17 22:16 - 00000000 ____D () C:\Users\Luderix\AppData\Local\Information Factory
2015-02-17 22:10 - 2015-02-17 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BalTax
2015-02-17 22:10 - 2015-02-17 22:10 - 00001897 _____ () C:\Users\Public\Desktop\BalTax 2014.lnk
2015-02-17 22:08 - 2015-02-17 22:10 - 00000000 ____D () C:\Program Files\BalTax 2014
2015-02-09 10:26 - 2013-11-01 10:24 - 00316544 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_wwanecm.sys
2015-02-09 10:26 - 2013-10-23 11:42 - 00108032 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_cdcacm.sys
2015-02-09 10:26 - 2013-09-02 15:48 - 00381952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbwwan.sys
2015-02-09 10:26 - 2013-06-29 17:16 - 00208384 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2015-02-09 10:26 - 2013-03-04 16:31 - 00101248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2015-02-09 10:26 - 2013-03-04 16:31 - 00077824 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2015-02-09 10:26 - 2013-03-04 16:31 - 00070528 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2015-02-09 10:26 - 2013-03-04 16:31 - 00027776 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2015-02-09 10:26 - 2013-03-04 16:20 - 00199168 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2015-02-09 10:26 - 2013-01-25 09:16 - 00095232 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2015-02-09 10:26 - 2012-12-22 09:46 - 00011904 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2015-02-09 10:26 - 2010-10-08 16:55 - 00025856 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2015-02-09 10:26 - 2010-09-26 18:09 - 00019200 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys
2015-02-09 10:24 - 2015-02-09 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Everywhere
2015-02-07 16:57 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-01 13:54 - 2010-11-20 22:01 - 02505750 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-01 13:42 - 2015-01-09 23:39 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-01 13:41 - 2014-06-14 19:47 - 01522397 _____ () C:\Windows\WindowsUpdate.log
2015-03-01 13:41 - 2014-06-14 04:11 - 00000000 ____D () C:\Users\Luderix\AppData\Roaming\Skype
2015-03-01 08:33 - 2015-01-09 23:39 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-27 09:08 - 2014-06-15 01:40 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-26 18:14 - 2009-07-14 05:34 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-26 18:14 - 2009-07-14 05:34 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-26 17:51 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-26 17:51 - 2009-07-14 05:39 - 00055443 _____ () C:\Windows\setupact.log
2015-02-22 22:33 - 2014-06-14 04:43 - 00000000 ____D () C:\Users\Luderix\AppData\Roaming\Dropbox
2015-02-21 05:16 - 2010-11-20 22:48 - 00130842 _____ () C:\Windows\PFRO.log
2015-02-21 05:01 - 2014-06-15 12:46 - 00000000 ____D () C:\Users\Luderix\AppData\Roaming\vlc
2015-02-18 21:24 - 2014-06-14 04:45 - 00000000 ____D () C:\Users\Luderix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-10 21:30 - 2014-08-07 10:27 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-10 21:30 - 2014-06-15 01:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-10 21:30 - 2014-06-15 01:31 - 00000000 ____D () C:\Program Files\Avira
2015-02-09 10:29 - 2014-06-15 21:34 - 00000000 ____D () C:\Users\Luderix\AppData\Roaming\InternetEverywhere
2015-02-09 10:24 - 2014-06-15 21:34 - 00002023 _____ () C:\Users\Public\Desktop\Internet Everywhere CAR.lnk
2015-02-09 10:24 - 2014-06-15 21:32 - 00000000 ____D () C:\Program Files\InternetEverywhere

Some content of TEMP:
====================
C:\Users\Luderix\AppData\Local\Temp\avgnt.exe
C:\Users\Luderix\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt7wru5.dll
C:\Users\Luderix\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptajndg.dll
C:\Users\Luderix\AppData\Local\Temp\i4jdel0.exe
C:\Users\Luderix\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-18 08:03

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-02-2015
Ran by Luderix at 2015-03-01 14:01:57
Running from C:\Users\Luderix\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.4 - Hewlett-Packard) Hidden
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Avira (HKLM\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
BalTax 2014 10.1.0 (HKLM\...\6456-0709-2578-5305) (Version: 10.1.0 - Information Factory AG)
Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version:  - )
Dropbox (HKU\S-1-5-21-55781068-1079282118-2788642084-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HSPA USB MODEM (HKLM\...\HSPA USB MODEM ALCATEL_is1) (Version:  - Alcatel)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2230 - Intel Corporation)
Internet Everywhere (HKLM\...\InternetEverywhere) (Version: 4.0.3.2 - Internet Everywhere)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 36.0 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.100 - Skype Technologies S.A.)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Your Uninstaller! 2010 (HKLM\...\YU2010_is1) (Version: 7.0 - URSoft, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-55781068-1079282118-2788642084-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Luderix\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-55781068-1079282118-2788642084-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-55781068-1079282118-2788642084-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-55781068-1079282118-2788642084-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-55781068-1079282118-2788642084-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-55781068-1079282118-2788642084-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-55781068-1079282118-2788642084-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-55781068-1079282118-2788642084-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-55781068-1079282118-2788642084-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-55781068-1079282118-2788642084-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {19DE7BCC-CC76-4FCE-8CEA-3DCA7DDF20B1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {72345A58-73EB-4E72-A283-6BA3B83F00E4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-09] (Google Inc.)
Task: {A07C8D98-1E08-4B93-87D4-3CE58FCBEF91} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A314B4C1-9A51-4B0A-8887-4FA3BA41BF7C} - System32\Tasks\{22BC9C3B-A89D-4844-B146-302DA46E16DD} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.10.0.116.259&LastError=404
Task: {BF2BC6B5-ADB5-49F2-957C-0C4F438D767C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-09] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-10-29 08:32 - 2009-11-17 11:44 - 00040960 _____ () C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
2014-06-15 21:33 - 2014-04-08 00:10 - 00346680 _____ () C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe
2014-10-29 08:32 - 2010-05-28 12:08 - 00098304 _____ () C:\Program Files\HSPA USB MODEM\ModemListener.exe
2014-06-15 21:33 - 2014-04-08 00:09 - 00928312 _____ () C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe
2014-06-15 21:33 - 2014-04-08 00:09 - 00258560 _____ () C:\Program Files\InternetEverywhere\WtgMobileBroadband7.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\Luderix\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-26 17:54 - 2015-02-26 17:54 - 00043008 _____ () c:\users\luderix\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptajndg.dll
2010-01-09 18:18 - 2010-01-09 18:18 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-20 23:34 - 2010-01-20 23:34 - 08793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-55781068-1079282118-2788642084-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Luderix\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-55781068-1079282118-2788642084-500 - Administrator - Disabled)
Guest (S-1-5-21-55781068-1079282118-2788642084-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-55781068-1079282118-2788642084-1002 - Limited - Enabled)
Luderix (S-1-5-21-55781068-1079282118-2788642084-1000 - Administrator - Enabled) => C:\Users\Luderix

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/27/2015 09:40:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 91c

Start Time: 01d051e475ae609a

Termination Time: 0

Application Path: C:\Windows\Explorer.EXE

Report Id:

Error: (02/26/2015 06:00:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Avira.OE.Systray.exe, version: 1.1.30.21735, time stamp: 0x54bce4be
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x531599f6
Exception code: 0xe0434352
Fault offset: 0x0000812f
Faulting process id: 0xaa0
Faulting application start time: 0xAvira.OE.Systray.exe0
Faulting application path: Avira.OE.Systray.exe1
Faulting module path: Avira.OE.Systray.exe2
Report Id: Avira.OE.Systray.exe3

Error: (02/26/2015 05:58:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 256) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The error was: 1117 (0x45d) : The request could not be performed because of an I/O device error.
.

Error: (02/26/2015 05:58:01 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.Systray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
  at System.Windows.Window..ctor()
  at Avira.OE.MiniGui.MainWindow..ctor(Avira.OE.Communicator.Interface.ICommunicatorClientProxy, Avira.OE.MiniGui.IWindowHelper)
  at Avira.OE.MiniGui.WpfWindowFactory.Create(Avira.OE.Communicator.Interface.ICommunicatorClientProxy, WpfWindow)
  at Avira.OE.Systray.SystrayIcon..ctor(Avira.OE.WinCore.Interface.IServiceStatusMonitor, Avira.OE.Communicator.Interface.ICommunicatorClientProxy, Avira.OE.MiniGui.IMiniGuiWindow, Avira.OE.WinCore.Interface.IProcessStarter)
  at Avira.OE.Systray.SystrayIcon..ctor()
  at Avira.OE.Systray.Program.Main(System.String[])

Error: (02/26/2015 05:52:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2015 05:51:28 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
  bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
  bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (02/23/2015 06:13:32 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\Prefetch\THUNDERBIRD.EXE-EDED9AF7.pf for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\Windows\Prefetch\THUNDERBIRD.EXE-EDED9AF7.pf

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
        - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
        - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (02/23/2015 06:13:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba10
Exception code: 0xc0000006
Fault offset: 0x0000d4f0
Faulting process id: 0x1974
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3

Error: (02/22/2015 11:16:29 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\Prefetch\THUNDERBIRD.EXE-EDED9AF7.pf for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\Windows\Prefetch\THUNDERBIRD.EXE-EDED9AF7.pf

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
        - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
        - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (02/22/2015 11:16:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba10
Exception code: 0xc0000006
Fault offset: 0x0000d4f0
Faulting process id: 0x350
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3


System errors:
=============
Error: (03/01/2015 08:17:55 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AntiVirSchedulerService service.

Error: (02/28/2015 06:52:31 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (02/28/2015 01:07:01 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AntiVirSchedulerService service.

Error: (02/27/2015 10:00:05 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/27/2015 10:00:05 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/27/2015 10:00:04 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/27/2015 10:00:04 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/27/2015 09:37:10 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/27/2015 09:37:09 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/27/2015 09:37:08 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.


Microsoft Office Sessions:
=========================
Error: (02/27/2015 09:40:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.1756791c01d051e475ae609a0C:\Windows\Explorer.EXE

Error: (02/26/2015 06:00:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.Systray.exe1.1.30.2173554bce4beKERNELBASE.dll6.1.7601.18409531599f6e04343520000812faa001d051e479d40654C:\Program Files\Avira\My Avira\Avira.OE.Systray.exeC:\Windows\system32\KERNELBASE.dll03dca9a4-bdd9-11e4-895a-001bb1fbcf49

Error: (02/26/2015 05:58:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 256) (User: )
Description: 1117 (0x45d)The request could not be performed because of an I/O device error.

Error: (02/26/2015 05:58:01 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.Systray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
  at System.Windows.Window..ctor()
  at Avira.OE.MiniGui.MainWindow..ctor(Avira.OE.Communicator.Interface.ICommunicatorClientProxy, Avira.OE.MiniGui.IWindowHelper)
  at Avira.OE.MiniGui.WpfWindowFactory.Create(Avira.OE.Communicator.Interface.ICommunicatorClientProxy, WpfWindow)
  at Avira.OE.Systray.SystrayIcon..ctor(Avira.OE.WinCore.Interface.IServiceStatusMonitor, Avira.OE.Communicator.Interface.ICommunicatorClientProxy, Avira.OE.MiniGui.IMiniGuiWindow, Avira.OE.WinCore.Interface.IProcessStarter)
  at Avira.OE.Systray.SystrayIcon..ctor()
  at Avira.OE.Systray.Program.Main(System.String[])

Error: (02/26/2015 05:52:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2015 05:51:28 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
  bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
  bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (02/23/2015 06:13:32 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Windows\Prefetch\THUNDERBIRD.EXE-EDED9AF7.pfHost Process for Windows ServicesC00001853

Error: (02/23/2015 06:13:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc100sysmain.dll6.1.7601.175144ce7ba10c00000060000d4f0197401d04eed6a69fba9C:\Windows\System32\svchost.exec:\windows\system32\sysmain.dllb527546c-bb1a-11e4-82ed-001bb1fbcf49

Error: (02/22/2015 11:16:29 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Windows\Prefetch\THUNDERBIRD.EXE-EDED9AF7.pfHost Process for Windows ServicesC00001853

Error: (02/22/2015 11:16:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc100sysmain.dll6.1.7601.175144ce7ba10c00000060000d4f035001d04ee6b0708274C:\Windows\System32\svchost.exec:\windows\system32\sysmain.dll724e4412-bae0-11e4-82ed-001bb1fbcf49


==================== Memory info ===========================

Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz
Percentage of memory in use: 44%
Total physical RAM: 2037.3 MB
Available physical RAM: 1123.23 MB
Total Pagefile: 4074.59 MB
Available Pagefile: 2794.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.37 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:97.65 GB) (Free:27.15 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:135.22 GB) (Free:60.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: C9AF158C)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=135.2 GB) - (Type=OF Extended)

==================== End Of Log ============================

cosinus 01.03.2015 23:37
Was ist mit meiner Frage nach bisherigen Funden und wenn es welche gab, den Logs dazu?

Estrellita 02.03.2015 07:18
Sorry das hatte ich überlesen. Für das Netbook gibt es keine älteren Logs.

cosinus 02.03.2015 10:06
Also mal was grundsätzliches:

Zitat:
Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz
Diese CPU ist nicht gerade ne Rakete, Intel-Atom ist als langsame Spar-CPU für netbooks ja bekannt

Zitat:
Platform: Microsoft Windows 7 Ultimate
Das wundert mich doch schon etwas. Was macht denn eine Ultimate-Edition auf einem Netbook? :confused:
Wirklich viel Sinn ergibt das nicht, eine so teure Edition, deren extra bezahlten Features (im Vergleich zu einer Starter oder Home Edition) man eh nicht vernünftig auf sparsamer Netbook-Hardware verwenden kann.

Du weißt nicht zufällig wie diese Windows-Edition drauf kam? Üblicherweise ist bei netbooks eine Windows 7 Starter Edition dabei und vorinstalliert....

Estrellita 02.03.2015 16:48
Danke schonmal!

Das Netbook war Anfangs deutlich schneller als jetzt.
Tatsächlich war dort Windows Starter vorinstalliert. Ich habe das Netbook nach einem Bluescreen in Reperatur gebracht und dort wurde mir wahrscheinlich das andere Windows installiert. Über ein Tipp, wie ich alles wieder auf Anfang zurückschalten kann, freu ich mich auch.

LG

cosinus 02.03.2015 16:57
Ach, das klingt ja interessant.

Wo wurde das Gerät denn repariert? Was genau wurde denn getan bzw berechnet? Man hat dir eine Windows 7 Ultimate Edition Lizenz aufs Auge gedrückt? http://2.bp.blogspot.com/-vYSbEn20j1...-wide-open.png

Estrellita 02.03.2015 17:42
Das war im Ausland, in Uganda... Kann schon sein, dass das nicht alles 100% orginal war. Aber in diesem Kontext alternativlos.

cosinus 02.03.2015 21:45
Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Estrellita 03.03.2015 08:14
Und bitte:
Code:
ComboFix 15-03-01.01 - Luderix 03/03/2015  1:59.1.2 - x86
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.1.1033.18.2037.948 [GMT 1:00]
Running from: c:\users\Luderix\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Luderix\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
(((((((((((((((((((((((((  Files Created from 2015-02-03 to 2015-03-03  )))))))))))))))))))))))))))))))
.
.
2015-03-03 01:15 . 2015-03-03 01:15        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-03-01 12:59 . 2015-03-01 13:03        --------        d-----w-        C:\FRST
2015-02-26 19:49 . 2015-02-28 12:08        --------        d-----w-        c:\program files\Mozilla Thunderbird
2015-02-17 21:16 . 2015-02-17 21:16        --------        d-----w-        c:\users\Luderix\AppData\Roaming\Information Factory
2015-02-17 21:16 . 2015-02-17 21:16        --------        d-----w-        c:\users\Luderix\AppData\Local\Information Factory
2015-02-17 21:08 . 2015-02-17 21:10        --------        d-----w-        c:\program files\BalTax 2014
2015-02-07 15:57 . 2014-12-13 03:33        115712        ----a-w-        c:\windows\system32\ieUnatt.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-19 02:43 . 2015-01-20 03:29        164864        ----a-w-        c:\windows\system32\profsvc.dll
2014-12-19 01:34 . 2015-01-20 03:29        116224        ----a-w-        c:\windows\system32\drivers\mrxdav.sys
2014-12-12 05:11 . 2015-01-20 03:29        3971512        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2014-12-12 05:11 . 2015-01-20 03:29        3916728        ----a-w-        c:\windows\system32\ntoskrnl.exe
2014-12-11 17:47 . 2015-01-20 03:29        74240        ----a-w-        c:\windows\system32\TSWbPrxy.exe
2014-12-06 03:50 . 2015-01-20 03:29        242688        ----a-w-        c:\windows\system32\nlasvc.dll
2014-12-04 04:38 . 2015-01-20 03:29        337920        ----a-w-        c:\windows\system32\generaltel.dll
2014-12-04 04:38 . 2015-01-20 03:29        610304        ----a-w-        c:\windows\system32\invagent.dll
2014-12-04 04:38 . 2015-01-20 03:29        315392        ----a-w-        c:\windows\system32\devinv.dll
2014-12-04 04:38 . 2015-01-20 03:29        728576        ----a-w-        c:\windows\system32\appraiser.dll
2014-12-04 04:38 . 2015-01-20 03:29        159744        ----a-w-        c:\windows\system32\aepic.dll
2014-12-04 04:38 . 2015-01-20 03:29        202752        ----a-w-        c:\windows\system32\aepdu.dll
2014-12-04 04:34 . 2015-01-20 03:29        873984        ----a-w-        c:\windows\system32\aeinv.dll
.
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        152544        ----a-w-        c:\users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        152544        ----a-w-        c:\users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        152544        ----a-w-        c:\users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        152544        ----a-w-        c:\users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        152544        ----a-w-        c:\users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        152544        ----a-w-        c:\users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        152544        ----a-w-        c:\users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        152544        ----a-w-        c:\users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-12-03 30874720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-12-09 702768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"ModemListener"="c:\program files\HSPA USB MODEM\ModemListener.exe" [2010-05-28 98304]
"InternetEverywhere_InternetEverywhere_Launcher.exe"="c:\program files\InternetEverywhere\InternetEverywhere_Launcher.exe" [2014-04-07 928312]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2015-01-19 126712]
.
c:\users\Luderix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Luderix\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-2-11 42555824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Launcher.lnk - c:\program files\InternetEverywhere\InternetEverywhere_Launcher.exe [2014-6-15 928312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2013-01-25 95232]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-12-22 11904]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2013-03-04 101248]
R3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys [2013-03-04 70528]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2013-03-04 27776]
R3 hwusb_cdcacm;hwusb_cdcacm;c:\windows\system32\DRIVERS\ew_cdcacm.sys [2013-10-23 108032]
R3 hwusb_wwanecm;hwusb_wwanecm;c:\windows\system32\DRIVERS\ew_wwanecm.sys [2013-11-01 316544]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [2009-08-27 103552]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2014-06-15 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-10-11 37352]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-12-09 431920]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2014-12-09 993584]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [2015-01-19 182520]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2014-10-07 37384]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 DeviceManager;DeviceManager;c:\program files\Common Files\DeviceHelper\DeviceManager.exe [2009-11-17 40960]
S2 InternetEverywhere_Service;Internet Everywhere Service;c:\program files\InternetEverywhere\InternetEverywhere_Service.exe [2014-04-07 346680]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2013-03-04 77824]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-19 22:11        1084744        ----a-w-        c:\program files\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-01-09 22:39]
.
2015-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-01-09 22:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.de/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{583E6AA5-568D-4429-902F-316E16618EED}: NameServer = 41.223.184.49 66.178.2.25
FF - ProfilePath - c:\users\Luderix\AppData\Roaming\Mozilla\Firefox\Profiles\g99molc3.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2015-03-03  08:01:53 - machine was rebooted
ComboFix-quarantined-files.txt  2015-03-03 07:01
.
Pre-Run: 27,557,572,608 bytes free
Post-Run: 29,240,414,208 bytes free
.
- - End Of File - - F0AAE3444D6111E7AED3AF6829A1309F
A36C5E4F47E84449FF07ED3517B43A31

cosinus 03.03.2015 10:48
Ok, weiter mit MBAR:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Estrellita 03.03.2015 19:58
Hat nichts gefunden:
Code:
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.03.03.05
  rootkit: v2015.02.25.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17501
Luderix :: LUDERIX-PC [administrator]

03/03/2015 19:17:28
mbar-log-2015-03-03 (19-17-28).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 315555
Time elapsed: 33 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus 04.03.2015 10:25
Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Estrellita 04.03.2015 13:18
1.
Code:
# AdwCleaner v4.111 - Logfile created 04/03/2015 at 12:54:15
# Updated 18/02/2015 by Xplode
# Database : 2015-03-02.3 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : Luderix - LUDERIX-PC
# Running from : C:\Users\Luderix\Desktop\AdwCleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Luderix\AppData\Roaming\pdfforge

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\primeshare.tv

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v36.0 (x86 en-US)


-\\ Google Chrome v40.0.2214.115


*************************

AdwCleaner[R0].txt - [976 bytes] - [04/03/2015 10:35:39]
AdwCleaner[S0].txt - [910 bytes] - [04/03/2015 12:54:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [968  bytes] ##########
2.
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Ultimate x86
Ran by Luderix on 04/03/2015 at 13:03:18.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Luderix\AppData\Roaming\mozilla\firefox\profiles\g99molc3.default\minidumps [17 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/03/2015 at 13:09:12.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3.
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-02-2015
Ran by Luderix (administrator) on LUDERIX-PC on 04-03-2015 13:13:36
Running from C:\Users\Luderix\Desktop
Loaded Profiles: Luderix (Available profiles: Luderix)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
() C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\HSPA USB MODEM\ModemListener.exe
() C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\Luderix\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [ModemListener] => C:\Program Files\HSPA USB MODEM\ModemListener.exe [98304 2010-05-28] ()
HKLM\...\Run: [InternetEverywhere_InternetEverywhere_Launcher.exe] => C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe [928312 2014-04-08] ()
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-55781068-1079282118-2788642084-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30874720 2014-12-03] (Skype Technologies S.A.)
HKU\S-1-5-21-55781068-1079282118-2788642084-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [221184 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe ()
Startup: C:\Users\Luderix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Luderix\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luderix\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-55781068-1079282118-2788642084-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-55781068-1079282118-2788642084-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-55781068-1079282118-2788642084-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{583E6AA5-568D-4429-902F-316E16618EED}: [NameServer] 41.223.184.49 66.178.2.25

FireFox:
========
FF ProfilePath: C:\Users\Luderix\AppData\Roaming\Mozilla\Firefox\Profiles\g99molc3.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Luderix\AppData\Roaming\Mozilla\Firefox\Profiles\g99molc3.default\Extensions\abs@avira.com [2015-02-06]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-02-27]

Chrome:
=======
CHR Profile: C:\Users\Luderix\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Luderix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-10]
CHR Extension: (Google Drive) - C:\Users\Luderix\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-10]
CHR Extension: (YouTube) - C:\Users\Luderix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-10]
CHR Extension: (Google Search) - C:\Users\Luderix\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-10]
CHR Extension: (Gmail) - C:\Users\Luderix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-10]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DeviceManager; C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe [40960 2009-11-17] () [File not signed]
R2 InternetEverywhere_Service; C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe [346680 2014-04-08] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-01-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-01-18] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-11] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37384 2014-10-07] (Avira Operations GmbH & Co. KG)
S3 HPFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [17432 2007-07-16] (Hewlett Packard)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [101248 2013-03-04] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [70528 2013-03-04] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27776 2013-03-04] (Huawei Technologies Co., Ltd.)
S3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [108032 2013-10-23] (Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [316544 2013-11-01] (Huawei Technologies Co., Ltd.)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [103552 2009-08-27] (TCT International Mobile Ltd)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-11] (Avira GmbH)
S3 catchme; \??\C:\Users\Luderix\AppData\Local\Temp\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 13:09 - 2015-03-04 13:09 - 00000757 _____ () C:\Users\Luderix\Desktop\JRT.txt
2015-03-04 13:02 - 2015-03-04 13:02 - 01388333 _____ (Thisisu) C:\Users\Luderix\Desktop\JRT.exe
2015-03-04 13:01 - 2015-03-04 13:01 - 00001047 _____ () C:\Users\Luderix\Desktop\AdwCleaner[S0].txt
2015-03-04 10:35 - 2015-03-04 12:54 - 00000000 ____D () C:\AdwCleaner
2015-03-04 10:34 - 2015-03-04 10:34 - 02126848 _____ () C:\Users\Luderix\Desktop\AdwCleaner_4.111.exe
2015-03-03 19:17 - 2015-03-03 19:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-03 19:16 - 2015-03-03 19:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-03 19:16 - 2015-03-03 19:16 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-03 19:15 - 2015-03-03 19:52 - 00000000 ____D () C:\Users\Luderix\Desktop\mbar
2015-03-03 19:15 - 2015-03-03 19:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-03 19:14 - 2015-03-03 19:14 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Luderix\Desktop\mbar-1.09.1.1004.exe
2015-03-03 08:01 - 2015-03-03 08:01 - 00014153 _____ () C:\ComboFix.txt
2015-03-03 01:55 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-03 01:55 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-03 01:55 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-03 01:55 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-03 01:55 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-03 01:55 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-03 01:55 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-03 01:55 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-03 01:54 - 2015-03-03 08:02 - 00000000 ____D () C:\Qoobox
2015-03-03 01:54 - 2015-03-03 08:02 - 00000000 ____D () C:\ComboFix
2015-03-03 01:53 - 2015-03-03 07:58 - 00000000 ____D () C:\Windows\erdnt
2015-03-03 01:51 - 2015-03-03 01:51 - 05612482 ____R (Swearware) C:\Users\Luderix\Desktop\ComboFix.exe
2015-03-01 14:01 - 2015-03-01 14:03 - 00024183 _____ () C:\Users\Luderix\Desktop\Addition.txt
2015-03-01 13:59 - 2015-03-04 13:13 - 00012968 _____ () C:\Users\Luderix\Desktop\FRST.txt
2015-03-01 13:59 - 2015-03-04 13:13 - 00000000 ____D () C:\FRST
2015-03-01 13:58 - 2015-03-01 13:58 - 01132032 _____ (Farbar) C:\Users\Luderix\Desktop\FRST.exe
2015-02-27 09:00 - 2015-02-27 09:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-26 20:49 - 2015-02-28 13:08 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-02-17 22:16 - 2015-03-04 08:58 - 00000000 ____D () C:\Users\Luderix\Documents\Steuerfaelle_BalTax 2014
2015-02-17 22:16 - 2015-02-17 22:16 - 00000000 ____D () C:\Users\Luderix\AppData\Roaming\Information Factory
2015-02-17 22:16 - 2015-02-17 22:16 - 00000000 ____D () C:\Users\Luderix\AppData\Local\Information Factory
2015-02-17 22:10 - 2015-02-17 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BalTax
2015-02-17 22:10 - 2015-02-17 22:10 - 00001897 _____ () C:\Users\Public\Desktop\BalTax 2014.lnk
2015-02-17 22:08 - 2015-02-17 22:10 - 00000000 ____D () C:\Program Files\BalTax 2014
2015-02-09 10:26 - 2013-11-01 10:24 - 00316544 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_wwanecm.sys
2015-02-09 10:26 - 2013-10-23 11:42 - 00108032 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_cdcacm.sys
2015-02-09 10:26 - 2013-09-02 15:48 - 00381952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbwwan.sys
2015-02-09 10:26 - 2013-06-29 17:16 - 00208384 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2015-02-09 10:26 - 2013-03-04 16:31 - 00101248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2015-02-09 10:26 - 2013-03-04 16:31 - 00077824 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2015-02-09 10:26 - 2013-03-04 16:31 - 00070528 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2015-02-09 10:26 - 2013-03-04 16:31 - 00027776 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2015-02-09 10:26 - 2013-03-04 16:20 - 00199168 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2015-02-09 10:26 - 2013-01-25 09:16 - 00095232 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2015-02-09 10:26 - 2012-12-22 09:46 - 00011904 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2015-02-09 10:26 - 2010-10-08 16:55 - 00025856 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2015-02-09 10:26 - 2010-09-26 18:09 - 00019200 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys
2015-02-09 10:24 - 2015-02-09 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Everywhere
2015-02-07 16:57 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 13:06 - 2009-07-14 05:34 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-04 13:06 - 2009-07-14 05:34 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-04 13:02 - 2015-01-09 23:39 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-04 12:59 - 2014-06-14 04:43 - 00000000 ____D () C:\Users\Luderix\AppData\Roaming\Dropbox
2015-03-04 12:59 - 2014-06-14 04:11 - 00000000 ____D () C:\Users\Luderix\AppData\Roaming\Skype
2015-03-04 12:57 - 2015-01-09 23:39 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-04 12:56 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-04 12:56 - 2009-07-14 05:39 - 00056363 _____ () C:\Windows\setupact.log
2015-03-04 12:54 - 2014-06-14 19:47 - 01574081 _____ () C:\Windows\WindowsUpdate.log
2015-03-03 21:13 - 2010-11-20 22:01 - 02505750 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-03 08:01 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-03-03 08:01 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-03-03 07:55 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-03-03 02:17 - 2014-06-15 01:40 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-03 02:17 - 2010-11-20 22:48 - 00131662 _____ () C:\Windows\PFRO.log
2015-02-21 05:01 - 2014-06-15 12:46 - 00000000 ____D () C:\Users\Luderix\AppData\Roaming\vlc
2015-02-18 21:24 - 2014-06-14 04:45 - 00000000 ____D () C:\Users\Luderix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-10 21:30 - 2014-08-07 10:27 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-10 21:30 - 2014-06-15 01:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-10 21:30 - 2014-06-15 01:31 - 00000000 ____D () C:\Program Files\Avira
2015-02-09 10:29 - 2014-06-15 21:34 - 00000000 ____D () C:\Users\Luderix\AppData\Roaming\InternetEverywhere
2015-02-09 10:24 - 2014-06-15 21:34 - 00002023 _____ () C:\Users\Public\Desktop\Internet Everywhere CAR.lnk
2015-02-09 10:24 - 2014-06-15 21:32 - 00000000 ____D () C:\Program Files\InternetEverywhere

Some content of TEMP:
====================
C:\Users\Luderix\AppData\Local\Temp\avgnt.exe
C:\Users\Luderix\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbfyqdn.dll
C:\Users\Luderix\AppData\Local\Temp\Quarantine.exe
C:\Users\Luderix\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-03 02:48

==================== End Of Log ============================
--- --- ---


Und bitte! :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:11 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131