| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Laptop immer Langsamer, kein arbeiten mit simplen Anwendungen mehr möglich.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
09.08.2014, 11:45
| #1 |
 |  Laptop immer Langsamer, kein arbeiten mit simplen Anwendungen mehr möglich. Hallo liebes Trojaner-Board Team, seit einiger Zeit jammert die Freundin, dass ihr Laptop von Tag zu Tag langsamer wird, neulich hat sie ihn gestartet und wollte ihre Mails im Internet abrufen, doch er hängte sich einfach auf. Ab und zu wenn man den Laptop Startet erscheint statt dem üblichen Desktop nur ein roter hintergrund und man kann nichts machen, also es erscheinen weder Symbolleiste noch die Icons vom Desktop. Ich hoffe mal dass es sich nicht um schädliche Software hadelt und ich das System nicht neu aufsetzen muss :'( Ich habe also die geforderten 4 Schritte durchgearbeitet, es gab nur beim "Gmer" probleme -> Es gab einen Bluescreen, darauf folgte ein absturz. Nachdem der Rechner neu gestartet hatte, probierte ich es ohne den hacken bei Devices, allerdings mit dem selben Ergebniss. Also habe ich das Ganze nocheinmal im Abgesicherten Modus ausgeführt (mit dem Hacken bei Devices). Dann hat es auch funktioniert.... Danke schon mal für Eure bemühungen ud ich hoffe ich hab das Thema unter der richtigen Kategorie geöffnet. ach ja hier noch die logfiles: -defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:06 on 09/08/2014 (Katha)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
-Farbar recovery scan Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:9-08-2014
Ran by Katha (administrator) on KATHA-PC on 09-08-2014 11:08:51
Running from C:\Users\Katha\Desktop\Heiko
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
() C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files\ATK Hotkey\ASLDRSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
() C:\Program Files\ATKOSD2\ATKOSD2.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(ASUS) C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ASUS) C:\Program Files\ASUS\ATK Media\DMedia.exe
(ASUS) C:\Windows\System32\ASUSTPE.exe
() C:\Windows\ASScrPro.exe
(Nokia) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\ATK Hotkey\KBFiltr.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1662933009-2604913735-171526612-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\S-1-5-21-1662933009-2604913735-171526612-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1662933009-2604913735-171526612-1000\...\Run: [WindowsSystemGuard] => C:\Users\Public\winsvcn.exe
HKU\S-1-5-21-1662933009-2604913735-171526612-1000\...\MountPoints2: {a040b092-ee0d-11dd-a9d6-806e6f6e6963} - F:\programs\nu2menu\nu2menu.exe
HKU\S-1-5-21-1662933009-2604913735-171526612-1000\...\MountPoints2: {a7e122db-4ac9-11de-9e37-002354178a3c} - F:\preinst.exe
Startup: C:\Users\Katha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
ShortcutTarget: OpenOffice.org 2.0.lnk -> C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (No File)
ShellIconOverlayIdentifiers: ADSMOverlayIcon -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll ()
ShellIconOverlayIdentifiers: ADSMOverlayIcon1 -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
URLSearchHook: HKCU - Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=6e8666cd-6e9b-4e01-9a40-01b354c9a802&apn_sauid=B71CD49C-99FF-4B92-8A38-2BFD345B6881
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=6e8666cd-6e9b-4e01-9a40-01b354c9a802&apn_sauid=B71CD49C-99FF-4B92-8A38-2BFD345B6881
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {8C3B6CC3-82C5-4B44-926B-31D0038A4D8A} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DealPly -> {EF7BD87A-8024-11E2-F316-F3E56188709B} -> C:\Program Files\DealPly\DealPlyIE.dll (DealPly)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Katha\AppData\Roaming\Mozilla\Firefox\Profiles\953o26is.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "no_proxies_on", "eumex.ip,*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF SearchPlugin: C:\Users\Katha\AppData\Roaming\Mozilla\Firefox\Profiles\953o26is.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Katha\AppData\Roaming\Mozilla\Firefox\Profiles\953o26is.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Katha\AppData\Roaming\Mozilla\Firefox\Profiles\953o26is.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Katha\AppData\Roaming\Mozilla\Firefox\Profiles\953o26is.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Katha\AppData\Roaming\Mozilla\Firefox\Profiles\953o26is.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DealPly Shopping - C:\Users\Katha\AppData\Roaming\Mozilla\Firefox\Profiles\953o26is.default\Extensions\amo@dealplyshopping.com [2013-03-21]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Katha\AppData\Roaming\Mozilla\Firefox\Profiles\953o26is.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013-07-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-28]
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2010-08-14]
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2010-08-14]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-08-06]
CHR HKLM\...\Chrome\Extension: [fmfnfnpmhcllokmkepffndflpnadjmma] - C:\Program Files\DealPly\DealPly.crx [2013-03-21]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [73728 2007-05-18] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-23] (APN LLC.)
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-06] () [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2008-12-25] ()
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [277736 2008-07-30] (Protect Software GmbH)
R0 AsDsm; C:\Windows\system32\Drivers\AsDsm.sys [29752 2007-08-11] (Windows (R) Codename Longhorn DDK provider)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 CSRBC; C:\Windows\System32\Drivers\rider32.sys [31744 2011-02-09] (CSR plc.)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-02-11] (MCCI)
S3 k750mdfl; C:\Windows\System32\DRIVERS\k750mdfl.sys [6576 2005-02-11] (MCCI)
S3 k750mdm; C:\Windows\System32\DRIVERS\k750mdm.sys [89872 2005-02-11] (MCCI)
S3 k750mgmt; C:\Windows\System32\DRIVERS\k750mgmt.sys [81728 2005-02-11] (MCCI)
S3 k750obex; C:\Windows\System32\DRIVERS\k750obex.sys [79488 2005-02-11] (MCCI)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15928 2008-06-03] ( )
R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2008-05-29] (Windows (R) Codename Longhorn DDK provider)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
S3 SIVDRIVER; C:\Windows\system32\Drivers\SIVX32.sys [19944 2007-02-24] (Ray Hinchliffe)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1769984 2007-10-01] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-29] (Avira GmbH)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-09 11:08 - 2014-08-09 11:08 - 00000000 ____D () C:\FRST
2014-08-09 11:06 - 2014-08-09 11:06 - 00000000 _____ () C:\Users\Katha\defogger_reenable
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-09 11:08 - 2014-08-09 11:08 - 00000000 ____D () C:\FRST
2014-08-09 11:08 - 2011-04-26 21:24 - 00000000 ____D () C:\Users\Katha\Desktop\Heiko
2014-08-09 11:06 - 2014-08-09 11:06 - 00000000 _____ () C:\Users\Katha\defogger_reenable
2014-08-09 11:06 - 2008-11-23 21:29 - 00000000 ____D () C:\Users\Katha
2014-08-09 11:01 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-09 11:01 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-09 11:00 - 2012-07-06 21:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-09 10:02 - 2010-04-05 13:17 - 01380194 _____ () C:\Windows\WindowsUpdate.log
2014-08-09 09:55 - 2008-11-23 22:03 - 00000418 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{C676DC56-B1D4-4878-9B04-4C330694D5DB}.job
2014-08-09 09:52 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-08 04:49 - 2008-11-19 20:42 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-08-08 04:49 - 2006-11-02 15:01 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-07 20:33 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-08-07 19:27 - 2010-02-27 13:57 - 00000000 ____D () C:\Users\Katha\AppData\Roaming\vlc
2014-08-07 19:27 - 2008-11-22 21:08 - 00030208 _____ () C:\Users\Katha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-07 19:27 - 2006-11-02 12:33 - 01445310 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-05 18:37 - 2014-05-13 09:00 - 00000000 ____D () C:\Users\Katha\Desktop\Meister
2014-08-01 17:55 - 2013-05-20 18:39 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-01 16:12 - 2014-06-22 11:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-30 16:10 - 2013-06-15 15:38 - 00016384 _____ () C:\Users\Katha\Desktop\Abnehmplan.xls
2014-07-17 17:17 - 2009-03-24 14:37 - 00000680 _____ () C:\Users\Katha\AppData\Local\d3d9caps.dat
2014-07-16 22:23 - 2013-06-12 16:29 - 00014889 _____ () C:\Windows\setupact.log
2014-07-11 20:00 - 2012-07-06 21:13 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-11 20:00 - 2011-06-30 12:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\Katha\AppData\Local\Temp\AskSLib.dll
C:\Users\Katha\AppData\Local\Temp\avgnt.exe
C:\Users\Katha\AppData\Local\Temp\callhelp.exe
C:\Users\Katha\AppData\Local\Temp\drm_dyndata_7340014.dll
C:\Users\Katha\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Katha\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Katha\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Katha\AppData\Local\Temp\_is1BF3.exe
C:\Users\Katha\AppData\Local\Temp\_isFEC7.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-09 09:59
==================== End Of Log ============================
-die Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:9-08-2014
Ran by Katha at 2014-08-09 11:09:25
Running from C:\Users\Katha\Desktop\Heiko
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 8.3.1 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A83000000003}) (Version: 8.3.1 - Adobe Systems Incorporated)
AGEIA PhysX v7.11.13 (HKLM\...\{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}) (Version: 7.11.13 - AGEIA Technologies, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
ASUS CopyProtect (HKLM\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0007 - ASUS)
ASUS Data Security Manager (HKLM\...\{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}) (Version: 1.00.0006 - ASUS)
ASUS LifeFrame3 (HKLM\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.10 - ASUS)
ASUS Live Update (HKLM\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.6 - ASUS)
ASUS Power4Gear eXtreme (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.0.18 - ASUS)
ASUS SmartLogon (HKLM\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0005 - ASUS)
ASUS Touch Pad Extra (HKLM\...\{DB891739-2EB3-45A8-9CBD-941C255CECD4}) (Version: - )
Asus_Camera_ScreenSaver (HKLM\...\Asus_Camera_ScreenSaver) (Version: 2.0.0008 - ASUS)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{5EB5EEA7-6432-5827-0080-899DA70A97BA}) (Version: 3.0.664.0 - ATI Technologies, Inc.)
ATK Generic Function Service (HKLM\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM\...\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}) (Version: 1.00.0012 - ATK)
ATK Media (HKLM\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0000 - ASUS)
ATKOSD2 (HKLM\...\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}) (Version: 6.64.1.4 - ATK)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-00A7-A758B70C0F05}) (Version: 12.15.5.1034 - APN, LLC)
Brother MFL-Pro Suite (HKLM\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.00 - Brother Industries, Ltd.)
Cardo Updater (HKLM\...\Cardo Updater_is1) (Version: - Cardo Systems, Inc.)
Catalyst Control Center Core Implementation (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Czech (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Greek (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2008.0309.2141.36947 - ATI) Hidden
CCC Help Chinese Standard (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Czech (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Danish (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Dutch (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help English (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Finnish (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help French (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help German (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Greek (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Hungarian (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Italian (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Japanese (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Korean (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Norwegian (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Polish (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Portuguese (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Russian (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Spanish (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Swedish (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Thai (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Turkish (Version: 2008.0309.2140.36947 - ATI) Hidden
ccc-Branding (HKLM\...\{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}) (Version: 1.00.0000 - ATI)
ccc-core-static (Version: 2008.0309.2141.36947 - ATI) Hidden
ccc-utility (Version: 2008.0309.2141.36947 - ATI) Hidden
CCleaner (remove only) (HKLM\...\CCleaner) (Version: - )
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.0.2908 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.1924 - CyberLink Corp.)
CyberLink Power2Go (Version: 6.0.1924 - CyberLink Corp.) Hidden
DealPly (HKCU\...\DealPly) (Version: - ) <==== ATTENTION
DealPly (remove only) (HKLM\...\DealPly) (Version: 4.8.6.1 - DealPly Technologies Ltd.) <==== ATTENTION
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: - )
DR.Tool Gehirn Sport (HKLM\...\DR.Tool Gehirn Sport) (Version: - )
Efficient WMA MP3 Converter v0.98 (HKLM\...\Efficient WMA MP3 Converter_is1) (Version: - )
Express Gate (HKLM\...\{27D51A76-371D-48B6-B06E-4137A15B7583}) (Version: 0.7.7.0 - devicevm)
Gehirnjogging - Special Edition (HKLM\...\Gehirnjogging - Special Edition) (Version: 1.0 - SBT)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Landwirtschafts Simulator 2008 (HKLM\...\FarmingSimulator2008_is1) (Version: - astragon Software GmbH)
LightScribe System Software 1.14.17.1 (HKLM\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
NB Probe (HKLM\...\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}) (Version: - )
Need for Speed™ ProStreet (HKLM\...\{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}) (Version: 1.0.1.0 - Electronic Arts)
Ovi Desktop Sync Engine (Version: 1.4.78.0 - Nokia) Hidden
OviMPlatform (Version: 2.6.195.0 - Nokia) Hidden
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.11 - ProtectDisc Software GmbH)
QuickTime (HKLM\...\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}) (Version: 7.66.71.0 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5543 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)
RTL Biathlon 2009 (HKLM\...\RTL Biathlon 2009) (Version: - )
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM\...\SLABCOMM&10C4&EA60) (Version: - )
SimCity™ Societies (HKLM\...\{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}) (Version: 1.0.0.0 - Electronic Arts)
Skins (Version: 2008.0309.2141.36947 - ATI) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version: - )
Visitenkarten in 2 Minuten (HKLM\...\Visitenkarten in 2 Minuten) (Version: - )
VLC media player 1.0.5 (HKLM\...\VLC media player) (Version: 1.0.5 - VideoLAN Team)
WinFlash (HKLM\...\{DE10AB76-4756-4913-BE25-55D1C1051F9A}) (Version: - )
Wireless Console 2 (HKLM\...\{83F73CB1-7705-49D1-9852-84D839CA2A45}) (Version: 2.0.10 - ATK)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
09-08-2014 08:00:00 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0864F149-A2B5-418C-8B8C-42ED13B2D287} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {12B92BF9-7727-4623-A757-A03E2BC854C1} - System32\Tasks\DealPly => C:\Users\Katha\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe [2013-02-27] () <==== ATTENTION
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {4163501D-FEB8-460A-BAA6-01E61151DBA6} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Katha => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-21] (Microsoft Corporation)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {606FB28D-EF40-4540-BFDE-49F320B96AD0} - System32\Tasks\ASUS Live Update => C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {6338BB25-A384-4532-B8FB-74F8468C07EC} - System32\Tasks\DealPlyUpdate => C:\Program
Task: {75C9ACB2-EF03-4FB7-818A-B57C77208730} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-11] (Adobe Systems Incorporated)
Task: {CD77B242-0FDC-45CF-A6A7-9BFC0C39B7FF} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files\ASUS\SmartLogon\sensorsrv.exe [2008-06-18] (ASUS)
Task: {DAD7F78A-F3ED-4201-BC98-17EE5ED55B63} - System32\Tasks\DSite => C:\Users\Katha\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{C676DC56-B1D4-4878-9B04-4C330694D5DB}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) =============
2008-09-22 08:19 - 2007-05-18 11:31 - 00073728 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
2008-09-22 07:58 - 2007-02-06 03:13 - 00094208 _____ () C:\Program Files\ATK Hotkey\ASLDRSrv.exe
2008-09-22 08:18 - 2007-08-08 09:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2008-09-22 08:19 - 2007-06-15 19:28 - 00147456 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
2008-09-22 08:19 - 2007-06-02 02:08 - 00143360 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
2003-07-11 03:09 - 2003-07-11 03:09 - 00048192 _____ () C:\Program Files\Common Files\Microsoft Shared\Web Folders\1031\nsextint.dll
2008-09-22 08:19 - 2007-08-08 11:52 - 00331776 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll
2008-02-04 22:29 - 2008-02-04 22:29 - 00688128 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
2008-09-22 07:58 - 2004-05-28 03:13 - 00057344 _____ () C:\Program Files\ATK Hotkey\CMSSC.dll
2008-09-22 07:58 - 2007-01-18 04:26 - 07708672 _____ () C:\Program Files\ATKOSD2\ATKOSD2.exe
2008-09-22 08:04 - 2007-07-06 01:53 - 01040384 _____ () C:\Program Files\Wireless Console 2\wcourier.exe
2008-07-19 04:52 - 2008-07-19 04:52 - 00649704 _____ () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2008-06-09 18:55 - 2008-06-09 18:55 - 00013096 _____ () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2008-09-22 08:26 - 2008-09-22 08:26 - 00033136 _____ () C:\Windows\ASScrPro.exe
2008-03-09 16:01 - 2008-03-09 16:01 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2008-12-25 01:04 - 2008-12-25 01:04 - 00066872 _____ () C:\Windows\system32\PnkBstrA.exe
2008-09-22 08:20 - 2007-11-30 20:20 - 00051768 _____ () C:\Program Files\ASUS\ASUS Live Update\ALU.exe
2008-09-22 07:58 - 2006-12-19 02:26 - 02420736 _____ () C:\Program Files\ATK Hotkey\ATKOSD.exe
2008-09-22 08:23 - 2007-08-03 21:24 - 00125496 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
2008-09-22 08:23 - 2007-09-14 19:00 - 00147456 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdiskex.dll
2008-09-22 08:23 - 2003-11-28 11:11 - 00135168 _____ () C:\Program Files\ASUS\NB Probe\SPM\spos.dll
2008-09-22 08:23 - 2005-08-30 00:24 - 00081920 _____ () C:\Program Files\ASUS\NB Probe\SPM\spnbacpi.dll
2008-09-22 08:23 - 2003-09-10 01:08 - 00049152 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdmi.dll
2008-09-22 08:23 - 2006-04-04 19:24 - 00036864 _____ () C:\Program Files\ASUS\NB Probe\SPM\ghadmi.dll
2008-09-22 08:23 - 2005-04-08 04:25 - 00077824 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmemory.dll
2008-09-22 07:58 - 2007-04-17 22:39 - 00077824 _____ () C:\Program Files\ATK Hotkey\KBFiltr.exe
2007-03-07 02:03 - 2007-03-07 02:03 - 00016384 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-06-22 11:40 - 2014-08-01 16:12 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/09/2014 09:54:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (08/09/2014 09:53:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/08/2014 04:49:39 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (08/07/2014 08:51:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (08/07/2014 08:51:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (08/07/2014 07:12:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (08/07/2014 07:12:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/07/2014 07:00:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\KATHA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\953O26IS.DEFAULT\CACHE\9> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (08/07/2014 07:00:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\KATHA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\953O26IS.DEFAULT\CACHE\9> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (08/07/2014 07:00:25 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\KATHA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\953O26IS.DEFAULT\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
System errors:
=============
Error: (08/09/2014 09:54:59 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (08/09/2014 09:52:05 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
Error: (08/07/2014 07:15:29 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (08/07/2014 07:10:34 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
Error: (08/07/2014 07:00:25 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (08/07/2014 06:56:35 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
Error: (08/06/2014 09:01:02 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Windows Update
Error: (08/06/2014 08:58:47 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (08/06/2014 08:55:15 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
Error: (08/06/2014 08:52:30 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032
Microsoft Office Sessions:
=========================
Error: (08/09/2014 09:54:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (08/09/2014 09:53:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/08/2014 04:49:39 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (08/07/2014 08:51:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (08/07/2014 08:51:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (08/07/2014 07:12:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (08/07/2014 07:12:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/07/2014 07:00:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\KATHA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\953O26IS.DEFAULT\CACHE\9
Error: (08/07/2014 07:00:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\KATHA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\953O26IS.DEFAULT\CACHE\9
Error: (08/07/2014 07:00:25 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\KATHA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\953O26IS.DEFAULT\CACHE\8
CodeIntegrity Errors:
===================================
Date: 2014-08-09 11:09:07.125
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-09 11:09:06.953
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-09 11:09:06.797
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-09 11:09:06.656
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-09 11:09:06.453
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-09 11:09:06.297
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-09 11:09:06.140
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-09 11:09:05.953
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 41%
Total physical RAM: 3070.35 MB
Available physical RAM: 1805.25 MB
Total Pagefile: 6346.98 MB
Available Pagefile: 4918.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.64 MB
==================== Drives ================================
Drive c: (VistaOS) (Fixed) (Total:149.04 GB) (Free:88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:139.28 GB) (Free:117.2 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 97646C29)
Partition 1: (Not Active) - (Size=10 GB) - (Type=1C)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=139 GB) - (Type=OF Extended)
==================== End Of Log ============================
-Gmer logg Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-09 12:13:02
Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 ST9320320AS rev.0303 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Katha\AppData\Local\Temp\kwtoqpow.sys
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
Device \FileSystem\fastfat \Fat 8E7E3A7A
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat AsDsm.sys
---- Processes - GMER 2.1 ----
Process (*** hidden *** ) [4] 84943910
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00025b010e55
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00025b010e55@0012ee30243f 0x14 0xED 0x58 0x5B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00025b010e55@0022fcec00c5 0xEC 0x80 0x48 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00025b010e55@14360532496a 0x5A 0xED 0xA7 0x37 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00025b010e55 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00025b010e55@0012ee30243f 0x14 0xED 0x58 0x5B ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00025b010e55@0022fcec00c5 0xEC 0x80 0x48 0xA3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00025b010e55@14360532496a 0x5A 0xED 0xA7 0x37 ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
09.08.2014, 12:21
| #2 | |
| /// TB-Ausbilder   | Laptop immer Langsamer, kein arbeiten mit simplen Anwendungen mehr möglich. Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Zitat:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind. Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen. |
|
09.08.2014, 13:37
| #3 |
| | Laptop immer Langsamer, kein arbeiten mit simplen Anwendungen mehr möglich. Hallo, also dann hier nochmal die Logfiles. Das problem mit GMER war trotz ausführen vom Desktop das selbe. Zum Schluss hat GMER noch eine Warnung herausgegeben, sie wird als screen shot angehängt...
__________________-Defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:48 on 09/08/2014 (Katha)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
-FRST logfile FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:9-08-2014
Ran by Katha (administrator) on KATHA-PC on 09-08-2014 13:54:55
Running from C:\Users\Katha\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
() C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files\ATK Hotkey\ASLDRSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
() C:\Program Files\ATKOSD2\ATKOSD2.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(ASUS) C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ASUS) C:\Program Files\ASUS\ATK Media\DMedia.exe
(ASUS) C:\Windows\System32\ASUSTPE.exe
() C:\Windows\ASScrPro.exe
(Nokia) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
() C:\Program Files\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
() C:\Program Files\ATK Hotkey\KBFiltr.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
() C:\Users\Katha\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1662933009-2604913735-171526612-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\S-1-5-21-1662933009-2604913735-171526612-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1662933009-2604913735-171526612-1000\...\Run: [WindowsSystemGuard] => C:\Users\Public\winsvcn.exe
HKU\S-1-5-21-1662933009-2604913735-171526612-1000\...\MountPoints2: {a040b092-ee0d-11dd-a9d6-806e6f6e6963} - F:\programs\nu2menu\nu2menu.exe
HKU\S-1-5-21-1662933009-2604913735-171526612-1000\...\MountPoints2: {a7e122db-4ac9-11de-9e37-002354178a3c} - F:\preinst.exe
Startup: C:\Users\Katha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
ShortcutTarget: OpenOffice.org 2.0.lnk -> C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (No File)
ShellIconOverlayIdentifiers: ADSMOverlayIcon -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll ()
ShellIconOverlayIdentifiers: ADSMOverlayIcon1 -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
URLSearchHook: HKCU - Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=6e8666cd-6e9b-4e01-9a40-01b354c9a802&apn_sauid=B71CD49C-99FF-4B92-8A38-2BFD345B6881
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=6e8666cd-6e9b-4e01-9a40-01b354c9a802&apn_sauid=B71CD49C-99FF-4B92-8A38-2BFD345B6881
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {8C3B6CC3-82C5-4B44-926B-31D0038A4D8A} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DealPly -> {EF7BD87A-8024-11E2-F316-F3E56188709B} -> C:\Program Files\DealPly\DealPlyIE.dll (DealPly)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Katha\AppData\Roaming\Mozilla\Firefox\Profiles\953o26is.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "no_proxies_on", "eumex.ip,*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF SearchPlugin: C:\Users\Katha\AppData\Roaming\Mozilla\Firefox\Profiles\953o26is.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Katha\AppData\Roaming\Mozilla\Firefox\Profiles\953o26is.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Katha\AppData\Roaming\Mozilla\Firefox\Profiles\953o26is.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Katha\AppData\Roaming\Mozilla\Firefox\Profiles\953o26is.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Katha\AppData\Roaming\Mozilla\Firefox\Profiles\953o26is.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DealPly Shopping - C:\Users\Katha\AppData\Roaming\Mozilla\Firefox\Profiles\953o26is.default\Extensions\amo@dealplyshopping.com [2013-03-21]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Katha\AppData\Roaming\Mozilla\Firefox\Profiles\953o26is.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013-07-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-28]
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2010-08-14]
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2010-08-14]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-08-06]
CHR HKLM\...\Chrome\Extension: [fmfnfnpmhcllokmkepffndflpnadjmma] - C:\Program Files\DealPly\DealPly.crx [2013-03-21]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [73728 2007-05-18] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-23] (APN LLC.)
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-06] () [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2008-12-25] ()
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [277736 2008-07-30] (Protect Software GmbH)
R0 AsDsm; C:\Windows\system32\Drivers\AsDsm.sys [29752 2007-08-11] (Windows (R) Codename Longhorn DDK provider)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 CSRBC; C:\Windows\System32\Drivers\rider32.sys [31744 2011-02-09] (CSR plc.)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-02-11] (MCCI)
S3 k750mdfl; C:\Windows\System32\DRIVERS\k750mdfl.sys [6576 2005-02-11] (MCCI)
S3 k750mdm; C:\Windows\System32\DRIVERS\k750mdm.sys [89872 2005-02-11] (MCCI)
S3 k750mgmt; C:\Windows\System32\DRIVERS\k750mgmt.sys [81728 2005-02-11] (MCCI)
S3 k750obex; C:\Windows\System32\DRIVERS\k750obex.sys [79488 2005-02-11] (MCCI)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15928 2008-06-03] ( )
R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2008-05-29] (Windows (R) Codename Longhorn DDK provider)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
S3 SIVDRIVER; C:\Windows\system32\Drivers\SIVX32.sys [19944 2007-02-24] (Ray Hinchliffe)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1769984 2007-10-01] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-29] (Avira GmbH)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-09 13:52 - 2014-08-09 13:55 - 00017726 _____ () C:\Users\Katha\Desktop\FRST.txt
2014-08-09 13:48 - 2014-08-09 13:49 - 00000472 _____ () C:\Users\Katha\Desktop\defogger_disable.log
2014-08-09 11:29 - 2014-08-09 11:30 - 00143280 _____ () C:\Windows\Minidump\Mini080914-02.dmp
2014-08-09 11:21 - 2014-08-09 11:21 - 00143280 _____ () C:\Windows\Minidump\Mini080914-01.dmp
2014-08-09 11:20 - 2014-08-09 11:29 - 253266988 _____ () C:\Windows\MEMORY.DMP
2014-08-09 11:08 - 2014-08-09 13:54 - 00000000 ____D () C:\FRST
2014-08-09 11:06 - 2014-08-09 11:06 - 00000000 _____ () C:\Users\Katha\defogger_reenable
2014-08-09 11:02 - 2014-08-09 11:02 - 01084928 _____ (Farbar) C:\Users\Katha\Desktop\FRST.exe
2014-08-09 11:02 - 2014-08-09 11:02 - 00380416 _____ () C:\Users\Katha\Desktop\Gmer-19357.exe
2014-08-09 11:00 - 2014-08-09 11:00 - 00050477 _____ () C:\Users\Katha\Desktop\Defogger.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-09 13:55 - 2014-08-09 13:52 - 00017726 _____ () C:\Users\Katha\Desktop\FRST.txt
2014-08-09 13:54 - 2014-08-09 11:08 - 00000000 ____D () C:\FRST
2014-08-09 13:50 - 2014-01-05 14:50 - 00000082 _____ () C:\Users\Katha\AppData\Roaming\WB.CFG
2014-08-09 13:49 - 2014-08-09 13:48 - 00000472 _____ () C:\Users\Katha\Desktop\defogger_disable.log
2014-08-09 13:48 - 2011-04-26 21:24 - 00000000 ____D () C:\Users\Katha\Desktop\Heiko
2014-08-09 13:47 - 2010-04-05 13:17 - 01390462 _____ () C:\Windows\WindowsUpdate.log
2014-08-09 13:43 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-09 13:43 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-09 13:43 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-09 12:50 - 2008-11-19 20:42 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-08-09 12:50 - 2006-11-02 15:01 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-09 11:30 - 2014-08-09 11:29 - 00143280 _____ () C:\Windows\Minidump\Mini080914-02.dmp
2014-08-09 11:29 - 2014-08-09 11:20 - 253266988 _____ () C:\Windows\MEMORY.DMP
2014-08-09 11:29 - 2009-11-26 19:43 - 00000000 ____D () C:\Windows\Minidump
2014-08-09 11:21 - 2014-08-09 11:21 - 00143280 _____ () C:\Windows\Minidump\Mini080914-01.dmp
2014-08-09 11:06 - 2014-08-09 11:06 - 00000000 _____ () C:\Users\Katha\defogger_reenable
2014-08-09 11:06 - 2008-11-23 21:29 - 00000000 ____D () C:\Users\Katha
2014-08-09 11:02 - 2014-08-09 11:02 - 01084928 _____ (Farbar) C:\Users\Katha\Desktop\FRST.exe
2014-08-09 11:02 - 2014-08-09 11:02 - 00380416 _____ () C:\Users\Katha\Desktop\Gmer-19357.exe
2014-08-09 11:00 - 2014-08-09 11:00 - 00050477 _____ () C:\Users\Katha\Desktop\Defogger.exe
2014-08-09 11:00 - 2012-07-06 21:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-09 09:55 - 2008-11-23 22:03 - 00000418 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{C676DC56-B1D4-4878-9B04-4C330694D5DB}.job
2014-08-07 20:33 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-08-07 19:27 - 2010-02-27 13:57 - 00000000 ____D () C:\Users\Katha\AppData\Roaming\vlc
2014-08-07 19:27 - 2008-11-22 21:08 - 00030208 _____ () C:\Users\Katha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-07 19:27 - 2006-11-02 12:33 - 01445310 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-05 18:37 - 2014-05-13 09:00 - 00000000 ____D () C:\Users\Katha\Desktop\Meister
2014-08-01 17:55 - 2013-05-20 18:39 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-01 16:12 - 2014-06-22 11:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-30 16:10 - 2013-06-15 15:38 - 00016384 _____ () C:\Users\Katha\Desktop\Abnehmplan.xls
2014-07-17 17:17 - 2009-03-24 14:37 - 00000680 _____ () C:\Users\Katha\AppData\Local\d3d9caps.dat
2014-07-16 22:23 - 2013-06-12 16:29 - 00014889 _____ () C:\Windows\setupact.log
2014-07-11 20:00 - 2012-07-06 21:13 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-11 20:00 - 2011-06-30 12:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\Katha\AppData\Local\Temp\AskSLib.dll
C:\Users\Katha\AppData\Local\Temp\avgnt.exe
C:\Users\Katha\AppData\Local\Temp\callhelp.exe
C:\Users\Katha\AppData\Local\Temp\drm_dyndata_7340014.dll
C:\Users\Katha\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Katha\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Katha\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Katha\AppData\Local\Temp\_is1BF3.exe
C:\Users\Katha\AppData\Local\Temp\_isFEC7.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-09 13:50
==================== End Of Log ============================
--- --- --- FRST Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:9-08-2014
Ran by Katha at 2014-08-09 13:55:21
Running from C:\Users\Katha\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 8.3.1 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A83000000003}) (Version: 8.3.1 - Adobe Systems Incorporated)
AGEIA PhysX v7.11.13 (HKLM\...\{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}) (Version: 7.11.13 - AGEIA Technologies, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
ASUS CopyProtect (HKLM\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0007 - ASUS)
ASUS Data Security Manager (HKLM\...\{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}) (Version: 1.00.0006 - ASUS)
ASUS LifeFrame3 (HKLM\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.10 - ASUS)
ASUS Live Update (HKLM\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.6 - ASUS)
ASUS Power4Gear eXtreme (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.0.18 - ASUS)
ASUS SmartLogon (HKLM\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0005 - ASUS)
ASUS Touch Pad Extra (HKLM\...\{DB891739-2EB3-45A8-9CBD-941C255CECD4}) (Version: - )
Asus_Camera_ScreenSaver (HKLM\...\Asus_Camera_ScreenSaver) (Version: 2.0.0008 - ASUS)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{5EB5EEA7-6432-5827-0080-899DA70A97BA}) (Version: 3.0.664.0 - ATI Technologies, Inc.)
ATK Generic Function Service (HKLM\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM\...\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}) (Version: 1.00.0012 - ATK)
ATK Media (HKLM\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0000 - ASUS)
ATKOSD2 (HKLM\...\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}) (Version: 6.64.1.4 - ATK)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-00A7-A758B70C0F05}) (Version: 12.15.5.1034 - APN, LLC)
Brother MFL-Pro Suite (HKLM\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.00 - Brother Industries, Ltd.)
Cardo Updater (HKLM\...\Cardo Updater_is1) (Version: - Cardo Systems, Inc.)
Catalyst Control Center Core Implementation (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Czech (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Greek (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2008.0309.2141.36947 - ATI) Hidden
CCC Help Chinese Standard (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Czech (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Danish (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Dutch (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help English (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Finnish (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help French (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help German (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Greek (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Hungarian (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Italian (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Japanese (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Korean (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Norwegian (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Polish (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Portuguese (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Russian (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Spanish (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Swedish (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Thai (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Turkish (Version: 2008.0309.2140.36947 - ATI) Hidden
ccc-Branding (HKLM\...\{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}) (Version: 1.00.0000 - ATI)
ccc-core-static (Version: 2008.0309.2141.36947 - ATI) Hidden
ccc-utility (Version: 2008.0309.2141.36947 - ATI) Hidden
CCleaner (remove only) (HKLM\...\CCleaner) (Version: - )
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.0.2908 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.1924 - CyberLink Corp.)
CyberLink Power2Go (Version: 6.0.1924 - CyberLink Corp.) Hidden
DealPly (HKCU\...\DealPly) (Version: - ) <==== ATTENTION
DealPly (remove only) (HKLM\...\DealPly) (Version: 4.8.6.1 - DealPly Technologies Ltd.) <==== ATTENTION
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: - )
DR.Tool Gehirn Sport (HKLM\...\DR.Tool Gehirn Sport) (Version: - )
Efficient WMA MP3 Converter v0.98 (HKLM\...\Efficient WMA MP3 Converter_is1) (Version: - )
Express Gate (HKLM\...\{27D51A76-371D-48B6-B06E-4137A15B7583}) (Version: 0.7.7.0 - devicevm)
Gehirnjogging - Special Edition (HKLM\...\Gehirnjogging - Special Edition) (Version: 1.0 - SBT)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Landwirtschafts Simulator 2008 (HKLM\...\FarmingSimulator2008_is1) (Version: - astragon Software GmbH)
LightScribe System Software 1.14.17.1 (HKLM\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
NB Probe (HKLM\...\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}) (Version: - )
Need for Speed™ ProStreet (HKLM\...\{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}) (Version: 1.0.1.0 - Electronic Arts)
Ovi Desktop Sync Engine (Version: 1.4.78.0 - Nokia) Hidden
OviMPlatform (Version: 2.6.195.0 - Nokia) Hidden
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.11 - ProtectDisc Software GmbH)
QuickTime (HKLM\...\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}) (Version: 7.66.71.0 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5543 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)
RTL Biathlon 2009 (HKLM\...\RTL Biathlon 2009) (Version: - )
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM\...\SLABCOMM&10C4&EA60) (Version: - )
SimCity™ Societies (HKLM\...\{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}) (Version: 1.0.0.0 - Electronic Arts)
Skins (Version: 2008.0309.2141.36947 - ATI) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version: - )
Visitenkarten in 2 Minuten (HKLM\...\Visitenkarten in 2 Minuten) (Version: - )
VLC media player 1.0.5 (HKLM\...\VLC media player) (Version: 1.0.5 - VideoLAN Team)
WinFlash (HKLM\...\{DE10AB76-4756-4913-BE25-55D1C1051F9A}) (Version: - )
Wireless Console 2 (HKLM\...\{83F73CB1-7705-49D1-9852-84D839CA2A45}) (Version: 2.0.10 - ATK)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
09-08-2014 08:00:00 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {12B92BF9-7727-4623-A757-A03E2BC854C1} - System32\Tasks\DealPly => C:\Users\Katha\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe [2013-02-27] () <==== ATTENTION
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {606FB28D-EF40-4540-BFDE-49F320B96AD0} - System32\Tasks\ASUS Live Update => C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {6338BB25-A384-4532-B8FB-74F8468C07EC} - System32\Tasks\DealPlyUpdate => C:\Program
Task: {75C9ACB2-EF03-4FB7-818A-B57C77208730} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-11] (Adobe Systems Incorporated)
Task: {B6A243DA-6239-47BE-A206-67B847823BF5} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Katha => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-21] (Microsoft Corporation)
Task: {CD77B242-0FDC-45CF-A6A7-9BFC0C39B7FF} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files\ASUS\SmartLogon\sensorsrv.exe [2008-06-18] (ASUS)
Task: {DAD7F78A-F3ED-4201-BC98-17EE5ED55B63} - System32\Tasks\DSite => C:\Users\Katha\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F7D9E719-1C0C-41C7-9271-EF5E835BB662} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{C676DC56-B1D4-4878-9B04-4C330694D5DB}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) =============
2008-09-22 08:19 - 2007-05-18 11:31 - 00073728 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
2008-09-22 07:58 - 2007-02-06 03:13 - 00094208 _____ () C:\Program Files\ATK Hotkey\ASLDRSrv.exe
2008-09-22 08:18 - 2007-08-08 09:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2008-09-22 08:19 - 2007-06-15 19:28 - 00147456 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
2008-09-22 08:19 - 2007-06-02 02:08 - 00143360 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
2008-02-04 22:29 - 2008-02-04 22:29 - 00688128 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
2008-09-22 08:19 - 2007-08-08 11:52 - 00331776 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll
2008-03-09 16:01 - 2008-03-09 16:01 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2008-09-22 07:58 - 2004-05-28 03:13 - 00057344 _____ () C:\Program Files\ATK Hotkey\CMSSC.dll
2008-09-22 07:58 - 2007-01-18 04:26 - 07708672 _____ () C:\Program Files\ATKOSD2\ATKOSD2.exe
2008-09-22 08:04 - 2007-07-06 01:53 - 01040384 _____ () C:\Program Files\Wireless Console 2\wcourier.exe
2008-07-19 04:52 - 2008-07-19 04:52 - 00649704 _____ () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2008-06-09 18:55 - 2008-06-09 18:55 - 00013096 _____ () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2008-09-22 08:26 - 2008-09-22 08:26 - 00033136 _____ () C:\Windows\ASScrPro.exe
2007-07-12 22:55 - 2007-07-12 22:55 - 01581056 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-08-14 22:59 - 2007-08-14 22:59 - 06365184 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2007-07-12 22:55 - 2007-07-12 22:55 - 00131072 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2008-09-22 08:20 - 2007-11-30 20:20 - 00051768 _____ () C:\Program Files\ASUS\ASUS Live Update\ALU.exe
2008-12-25 01:04 - 2008-12-25 01:04 - 00066872 _____ () C:\Windows\system32\PnkBstrA.exe
2008-09-22 07:58 - 2006-12-19 02:26 - 02420736 _____ () C:\Program Files\ATK Hotkey\ATKOSD.exe
2008-09-22 08:23 - 2007-08-03 21:24 - 00125496 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
2008-09-22 08:23 - 2007-09-14 19:00 - 00147456 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdiskex.dll
2008-09-22 08:23 - 2003-11-28 11:11 - 00135168 _____ () C:\Program Files\ASUS\NB Probe\SPM\spos.dll
2008-09-22 08:23 - 2005-08-30 00:24 - 00081920 _____ () C:\Program Files\ASUS\NB Probe\SPM\spnbacpi.dll
2008-09-22 08:23 - 2003-09-10 01:08 - 00049152 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdmi.dll
2008-09-22 08:23 - 2006-04-04 19:24 - 00036864 _____ () C:\Program Files\ASUS\NB Probe\SPM\ghadmi.dll
2008-09-22 08:23 - 2005-04-08 04:25 - 00077824 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmemory.dll
2008-09-22 07:58 - 2007-04-17 22:39 - 00077824 _____ () C:\Program Files\ATK Hotkey\KBFiltr.exe
2007-03-07 02:03 - 2007-03-07 02:03 - 00016384 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-06-22 11:40 - 2014-08-01 16:12 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-03-21 14:50 - 2013-02-27 11:19 - 00093728 _____ () C:\Users\Katha\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/09/2014 01:45:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/09/2014 01:45:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (08/09/2014 00:15:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/09/2014 00:03:59 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description:
Error: (08/09/2014 00:03:59 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (08/09/2014 00:03:59 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Outlook
Error: (08/09/2014 00:03:59 PM) (Source: Perflib) (EventID: 1005) (User: )
Description: OpenPerformanceDataC:\PROGRA~1\COMMON~1\SYSTEM\MSMAPI\1031\MSMAPI32.DLLOutlook4
Error: (08/09/2014 00:03:59 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
Error: (08/09/2014 00:03:59 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4
Error: (08/09/2014 11:31:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (08/09/2014 01:46:41 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (08/09/2014 01:43:43 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
Error: (08/09/2014 00:17:15 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (08/09/2014 00:14:04 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
Error: (08/09/2014 11:31:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068
Error: (08/09/2014 11:31:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068
Error: (08/09/2014 11:31:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068
Error: (08/09/2014 11:31:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068
Error: (08/09/2014 11:31:28 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: AFD
avipbb
avkmgr
DfsC
NetBIOS
netbt
nsiproxy
PSched
RasAcd
rdbss
Smb
spldr
ssmdrv
tdx
Wanarpv6
Error: (08/09/2014 11:31:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068
Microsoft Office Sessions:
=========================
Error: (08/09/2014 01:45:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/09/2014 01:45:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (08/09/2014 00:15:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/09/2014 00:03:59 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description:
Error: (08/09/2014 00:03:59 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (08/09/2014 00:03:59 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Outlook
Error: (08/09/2014 00:03:59 PM) (Source: Perflib) (EventID: 1005) (User: )
Description: OpenPerformanceDataC:\PROGRA~1\COMMON~1\SYSTEM\MSMAPI\1031\MSMAPI32.DLLOutlook4
Error: (08/09/2014 00:03:59 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
Error: (08/09/2014 00:03:59 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4
Error: (08/09/2014 11:31:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2014-08-09 13:55:04.663
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-09 13:55:04.523
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-09 13:55:04.382
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-09 13:55:04.242
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-09 13:55:04.085
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-09 13:55:03.960
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-09 13:55:03.788
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-09 13:55:03.632
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-09 13:53:00.561
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-09 13:53:00.406
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 37%
Total physical RAM: 3070.35 MB
Available physical RAM: 1917.05 MB
Total Pagefile: 6348.98 MB
Available Pagefile: 5141.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.73 MB
==================== Drives ================================
Drive c: (VistaOS) (Fixed) (Total:149.04 GB) (Free:87.79 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:139.28 GB) (Free:117.2 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 97646C29)
Partition 1: (Not Active) - (Size=10 GB) - (Type=1C)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=139 GB) - (Type=OF Extended)
==================== End Of Log ============================
Gmer logfile Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-09 14:27:03
Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 ST9320320AS rev.0303 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Katha\AppData\Local\Temp\kwtoqpow.sys
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
Device \FileSystem\fastfat \Fat A2615A7A
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat AsDsm.sys
---- Processes - GMER 2.1 ----
Process (*** hidden *** ) [4] 84943910
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00025b010e55
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00025b010e55@0012ee30243f 0x14 0xED 0x58 0x5B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00025b010e55@0022fcec00c5 0xEC 0x80 0x48 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00025b010e55@14360532496a 0x5A 0xED 0xA7 0x37 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00025b010e55 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00025b010e55@0012ee30243f 0x14 0xED 0x58 0x5B ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00025b010e55@0022fcec00c5 0xEC 0x80 0x48 0xA3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00025b010e55@14360532496a 0x5A 0xED 0xA7 0x37 ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Gmer warnung: hab den button nicht gefunden wo man Bilder einfügen kann  Geändert von Geister_Hugo (09.08.2014 um 13:43 Uhr) |
|
09.08.2014, 13:39
| #4 |
| /// TB-Ausbilder | Laptop immer Langsamer, kein arbeiten mit simplen Anwendungen mehr möglich. Servus, Scan mit Combofix
|
|
09.08.2014, 14:38
| #5 |
| | Laptop immer Langsamer, kein arbeiten mit simplen Anwendungen mehr möglich. hier die Combofix logdatei: Code:
ATTFilter ComboFix 14-08-06.02 - Katha 09.08.2014 14:59:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3070.2040 [GMT 2:00]
ausgeführt von:: c:\users\Katha\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\ASPG_icon.ico
c:\program files\DealPly
c:\program files\DealPly\DealPly.crx
c:\program files\DealPly\DealPly.xpi
c:\program files\DealPly\DealPlyIE.dll
c:\program files\DealPly\DealPlyIE64.dll
c:\program files\DealPly\DealPlyUpdate.exe
c:\program files\DealPly\DealPlyUpdateRun.exe
c:\program files\DealPly\DealPlyUpdateVer.exe
c:\program files\DealPly\icon.ico
c:\program files\DealPly\uninst.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-07-09 bis 2014-08-09 ))))))))))))))))))))))))))))))
.
.
2014-08-09 09:08 . 2014-08-09 11:55 -------- d-----w- C:\FRST
2014-08-09 08:01 . 2014-07-02 03:11 8217224 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5FB8DB49-FD34-472D-8F1B-C6C1E3255DCE}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-11 18:00 . 2012-07-06 19:13 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-11 18:00 . 2011-06-30 10:19 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-03 15:09 . 2013-07-29 10:55 97648 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-06-03 19:00 . 2013-07-29 10:55 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2008-07-02 02:28 . 2008-07-02 02:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2014-06-23 18:37 12184 ----a-w- c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2014-06-23 12184]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2014-06-23 12184]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-07 4853760]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2008-09-22 47672]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-09-22 33136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-07-03 750160]
"ApnTBMon"="c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2014-07-31 1957784]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-06 18:00]
.
2014-08-09 c:\windows\Tasks\User_Feed_Synchronization-{C676DC56-B1D4-4878-9B04-4C330694D5DB}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = eumex.ip;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Mit Mipony herunterladen - file://c:\program files\MiPony\Browser\IEContext.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
FF - ProfilePath - c:\users\Katha\AppData\Roaming\Mozilla\Firefox\Profiles\953o26is.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-WindowsSystemGuard - c:\users\Public\winsvcn.exe
c:\users\Katha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe
AddRemove-DealPly - c:\program files\DealPly\uninst.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2584)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\WLANExt.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATKOSD2\ATKOSD2.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\windows\system32\WUDFHost.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-08-09 15:15:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-08-09 13:14
.
Vor Suchlauf: 7 Verzeichnis(se), 103.759.388.672 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 103.701.794.816 Bytes frei
.
- - End Of File - - 68B3EF91FC4BE303B850493EBB981AD5
64B1E91C5C6C2157642651010728F90F
|
|
09.08.2014, 16:37
| #6 |
| /// TB-Ausbilder | Laptop immer Langsamer, kein arbeiten mit simplen Anwendungen mehr möglich. Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3
Bitte poste mit deiner nächsten Antwort
|
|
09.08.2014, 17:11
| #7 |
| | Laptop immer Langsamer, kein arbeiten mit simplen Anwendungen mehr möglich. -Logdatei von Adwcleaner Code:
ATTFilter # AdwCleaner v3.304 - Bericht erstellt am 09/08/2014 um 17:44:20
# Aktualisiert 08/08/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Benutzername : Katha - KATHA-PC
# Gestartet von : C:\Users\Katha\Desktop\adwcleaner_3.304.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Katha\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Katha\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\Katha\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\Katha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gelöscht : C:\Users\Katha\AppData\Roaming\Mozilla\Firefox\Profiles\953o26is.default\Extensions\amo@dealplyshopping.com
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Katha\AppData\Roaming\Mozilla\Firefox\Profiles\953o26is.default\searchplugins\11-suche.xml
***** [ Tasks ] *****
Task Gelöscht : Dealply
Task Gelöscht : DealPlyUpdate
Task Gelöscht : DSite
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Schlüssel Gelöscht : HKCU\Software\DealPly
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DealPly
Schlüssel Gelöscht : HKLM\Software\DeviceVM
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
***** [ Browser ] *****
-\\ Internet Explorer v7.0.6001.18639
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\Katha\AppData\Roaming\Mozilla\Firefox\Profiles\953o26is.default\prefs.js ]
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [5011 octets] - [09/08/2014 17:42:24]
AdwCleaner[S0].txt - [4872 octets] - [09/08/2014 17:44:20]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4932 octets] ##########
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 09.08.2014 Suchlauf-Zeit: 17:52:19 Logdatei: Malewarebytes loggfile.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.08.09.03 Rootkit Datenbank: v2014.08.04.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows Vista Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Katha Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 276062 Verstrichene Zeit: 8 Min, 36 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:9-08-2014
Ran by Katha (administrator) on KATHA-PC on 09-08-2014 18:06:12
Running from C:\Users\Katha\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
() C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\ATK Hotkey\ASLDRSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
() C:\Program Files\ASUS\ASUS Live Update\ALU.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(ASUS) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
() C:\Program Files\ATKOSD2\ATKOSD2.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(ASUS) C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
() C:\Program Files\ATK Hotkey\KBFiltr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ASUS) C:\Program Files\ASUS\ATK Media\DMedia.exe
(ASUS) C:\Windows\System32\ASUSTPE.exe
() C:\Windows\ASScrPro.exe
(Nokia) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-1662933009-2604913735-171526612-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\S-1-5-21-1662933009-2604913735-171526612-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ADSMOverlayIcon -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll ()
ShellIconOverlayIdentifiers: ADSMOverlayIcon1 -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKCU - {8C3B6CC3-82C5-4B44-926B-31D0038A4D8A} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Katha\AppData\Roaming\Mozilla\Firefox\Profiles\953o26is.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "no_proxies_on", "eumex.ip,*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF SearchPlugin: C:\Users\Katha\AppData\Roaming\Mozilla\Firefox\Profiles\953o26is.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Katha\AppData\Roaming\Mozilla\Firefox\Profiles\953o26is.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Katha\AppData\Roaming\Mozilla\Firefox\Profiles\953o26is.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Katha\AppData\Roaming\Mozilla\Firefox\Profiles\953o26is.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Katha\AppData\Roaming\Mozilla\Firefox\Profiles\953o26is.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013-07-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-28]
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2010-08-14]
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2010-08-14]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-08-06]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [73728 2007-05-18] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-23] (APN LLC.)
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-06] () [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2008-12-25] ()
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 AsDsm; C:\Windows\system32\Drivers\AsDsm.sys [29752 2007-08-11] (Windows (R) Codename Longhorn DDK provider)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 CSRBC; C:\Windows\System32\Drivers\rider32.sys [31744 2011-02-09] (CSR plc.)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-02-11] (MCCI)
S3 k750mdfl; C:\Windows\System32\DRIVERS\k750mdfl.sys [6576 2005-02-11] (MCCI)
S3 k750mdm; C:\Windows\System32\DRIVERS\k750mdm.sys [89872 2005-02-11] (MCCI)
S3 k750mgmt; C:\Windows\System32\DRIVERS\k750mgmt.sys [81728 2005-02-11] (MCCI)
S3 k750obex; C:\Windows\System32\DRIVERS\k750obex.sys [79488 2005-02-11] (MCCI)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15928 2008-06-03] ( )
R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2008-05-29] (Windows (R) Codename Longhorn DDK provider)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
S3 SIVDRIVER; C:\Windows\system32\Drivers\SIVX32.sys [19944 2007-02-24] (Ray Hinchliffe)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1769984 2007-10-01] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-29] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-09 18:06 - 2014-08-09 18:06 - 00013730 _____ () C:\Users\Katha\Desktop\FRST.txt
2014-08-09 17:50 - 2014-08-09 18:03 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-09 17:50 - 2014-08-09 17:50 - 00000906 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-09 17:49 - 2014-08-09 17:50 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-08-09 17:49 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-09 17:49 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-09 17:49 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-09 17:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-08-09 17:41 - 2014-08-09 17:44 - 00000000 ____D () C:\AdwCleaner
2014-08-09 17:40 - 2014-08-09 17:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Katha\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-09 17:40 - 2014-08-09 17:39 - 01366203 _____ () C:\Users\Katha\Desktop\adwcleaner_3.304.exe
2014-08-09 17:39 - 2014-08-09 17:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Katha\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-09 17:39 - 2014-08-09 17:39 - 01366203 _____ () C:\Users\Katha\Downloads\adwcleaner_3.304.exe
2014-08-09 15:15 - 2014-08-09 15:15 - 00011528 _____ () C:\ComboFix.txt
2014-08-09 14:57 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-09 14:57 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-09 14:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-09 14:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-09 14:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-09 14:57 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-09 14:57 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-09 14:57 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-09 14:56 - 2014-08-09 15:15 - 00000000 ____D () C:\Qoobox
2014-08-09 14:56 - 2014-08-09 15:13 - 00000000 ____D () C:\Windows\erdnt
2014-08-09 14:54 - 2014-08-09 14:53 - 05568206 ____R (Swearware) C:\Users\Katha\Desktop\ComboFix.exe
2014-08-09 14:52 - 2014-08-09 14:53 - 05568206 _____ (Swearware) C:\Users\Katha\Downloads\ComboFix(2).exe
2014-08-09 14:27 - 2014-08-09 14:27 - 00002528 _____ () C:\Users\Katha\Desktop\Gmer logfile.log
2014-08-09 11:29 - 2014-08-09 11:30 - 00143280 _____ () C:\Windows\Minidump\Mini080914-02.dmp
2014-08-09 11:21 - 2014-08-09 11:21 - 00143280 _____ () C:\Windows\Minidump\Mini080914-01.dmp
2014-08-09 11:20 - 2014-08-09 11:29 - 253266988 _____ () C:\Windows\MEMORY.DMP
2014-08-09 11:08 - 2014-08-09 18:06 - 00000000 ____D () C:\FRST
2014-08-09 11:06 - 2014-08-09 11:06 - 00000000 _____ () C:\Users\Katha\defogger_reenable
2014-08-09 11:02 - 2014-08-09 11:02 - 01084928 _____ (Farbar) C:\Users\Katha\Desktop\FRST.exe
2014-08-09 11:02 - 2014-08-09 11:02 - 00380416 _____ () C:\Users\Katha\Desktop\Gmer-19357.exe
2014-08-09 11:00 - 2014-08-09 11:00 - 00050477 _____ () C:\Users\Katha\Desktop\Defogger.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-09 18:06 - 2014-08-09 18:06 - 00013730 _____ () C:\Users\Katha\Desktop\FRST.txt
2014-08-09 18:06 - 2014-08-09 11:08 - 00000000 ____D () C:\FRST
2014-08-09 18:03 - 2014-08-09 17:50 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-09 18:00 - 2012-07-06 21:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-09 17:51 - 2010-04-05 13:17 - 01413452 _____ () C:\Windows\WindowsUpdate.log
2014-08-09 17:50 - 2014-08-09 17:50 - 00000906 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-09 17:50 - 2014-08-09 17:49 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-08-09 17:49 - 2013-03-13 20:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-09 17:46 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-09 17:46 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-09 17:46 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-09 17:45 - 2013-06-15 15:43 - 00014384 _____ () C:\Windows\PFRO.log
2014-08-09 17:45 - 2008-11-19 20:42 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-08-09 17:45 - 2006-11-02 15:01 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-09 17:44 - 2014-08-09 17:41 - 00000000 ____D () C:\AdwCleaner
2014-08-09 17:44 - 2010-04-11 14:59 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-08-09 17:44 - 2009-05-14 21:12 - 00000000 ____D () C:\ProgramData\ICQ
2014-08-09 17:39 - 2014-08-09 17:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Katha\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-09 17:39 - 2014-08-09 17:40 - 01366203 _____ () C:\Users\Katha\Desktop\adwcleaner_3.304.exe
2014-08-09 17:39 - 2014-08-09 17:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Katha\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-09 17:39 - 2014-08-09 17:39 - 01366203 _____ () C:\Users\Katha\Downloads\adwcleaner_3.304.exe
2014-08-09 15:15 - 2014-08-09 15:15 - 00011528 _____ () C:\ComboFix.txt
2014-08-09 15:15 - 2014-08-09 14:56 - 00000000 ____D () C:\Qoobox
2014-08-09 15:15 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-08-09 15:15 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-08-09 15:13 - 2014-08-09 14:56 - 00000000 ____D () C:\Windows\erdnt
2014-08-09 15:09 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-08-09 15:08 - 2006-11-02 12:22 - 40894464 _____ () C:\Windows\system32\config\software.bak
2014-08-09 15:08 - 2006-11-02 12:22 - 39583744 _____ () C:\Windows\system32\config\COMPON~3.bak
2014-08-09 15:08 - 2006-11-02 12:22 - 24903680 _____ () C:\Windows\system32\config\system.bak
2014-08-09 15:08 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-08-09 15:08 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-08-09 15:08 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-08-09 14:56 - 2008-11-23 21:29 - 00000000 ____D () C:\Users\Katha
2014-08-09 14:53 - 2014-08-09 14:54 - 05568206 ____R (Swearware) C:\Users\Katha\Desktop\ComboFix.exe
2014-08-09 14:53 - 2014-08-09 14:52 - 05568206 _____ (Swearware) C:\Users\Katha\Downloads\ComboFix(2).exe
2014-08-09 14:27 - 2014-08-09 14:27 - 00002528 _____ () C:\Users\Katha\Desktop\Gmer logfile.log
2014-08-09 13:50 - 2014-01-05 14:50 - 00000082 _____ () C:\Users\Katha\AppData\Roaming\WB.CFG
2014-08-09 13:48 - 2011-04-26 21:24 - 00000000 ____D () C:\Users\Katha\Desktop\Heiko
2014-08-09 11:30 - 2014-08-09 11:29 - 00143280 _____ () C:\Windows\Minidump\Mini080914-02.dmp
2014-08-09 11:29 - 2014-08-09 11:20 - 253266988 _____ () C:\Windows\MEMORY.DMP
2014-08-09 11:29 - 2009-11-26 19:43 - 00000000 ____D () C:\Windows\Minidump
2014-08-09 11:21 - 2014-08-09 11:21 - 00143280 _____ () C:\Windows\Minidump\Mini080914-01.dmp
2014-08-09 11:06 - 2014-08-09 11:06 - 00000000 _____ () C:\Users\Katha\defogger_reenable
2014-08-09 11:02 - 2014-08-09 11:02 - 01084928 _____ (Farbar) C:\Users\Katha\Desktop\FRST.exe
2014-08-09 11:02 - 2014-08-09 11:02 - 00380416 _____ () C:\Users\Katha\Desktop\Gmer-19357.exe
2014-08-09 11:00 - 2014-08-09 11:00 - 00050477 _____ () C:\Users\Katha\Desktop\Defogger.exe
2014-08-09 09:55 - 2008-11-23 22:03 - 00000418 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{C676DC56-B1D4-4878-9B04-4C330694D5DB}.job
2014-08-07 19:27 - 2010-02-27 13:57 - 00000000 ____D () C:\Users\Katha\AppData\Roaming\vlc
2014-08-07 19:27 - 2008-11-22 21:08 - 00030208 _____ () C:\Users\Katha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-07 19:27 - 2006-11-02 12:33 - 01445310 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-05 18:37 - 2014-05-13 09:00 - 00000000 ____D () C:\Users\Katha\Desktop\Meister
2014-08-01 17:55 - 2013-05-20 18:39 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-01 16:12 - 2014-06-22 11:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-30 16:10 - 2013-06-15 15:38 - 00016384 _____ () C:\Users\Katha\Desktop\Abnehmplan.xls
2014-07-17 17:17 - 2009-03-24 14:37 - 00000680 _____ () C:\Users\Katha\AppData\Local\d3d9caps.dat
2014-07-16 22:23 - 2013-06-12 16:29 - 00014889 _____ () C:\Windows\setupact.log
2014-07-11 20:00 - 2012-07-06 21:13 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-11 20:00 - 2011-06-30 12:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\Katha\AppData\Local\temp\avgnt.exe
C:\Users\Katha\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-09 17:52
==================== End Of Log ============================
und noch die Addition datei Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:9-08-2014
Ran by Katha at 2014-08-09 18:06:54
Running from C:\Users\Katha\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 8.3.1 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A83000000003}) (Version: 8.3.1 - Adobe Systems Incorporated)
AGEIA PhysX v7.11.13 (HKLM\...\{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}) (Version: 7.11.13 - AGEIA Technologies, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
ASUS CopyProtect (HKLM\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0007 - ASUS)
ASUS Data Security Manager (HKLM\...\{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}) (Version: 1.00.0006 - ASUS)
ASUS LifeFrame3 (HKLM\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.10 - ASUS)
ASUS Live Update (HKLM\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.6 - ASUS)
ASUS Power4Gear eXtreme (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.0.18 - ASUS)
ASUS SmartLogon (HKLM\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0005 - ASUS)
ASUS Touch Pad Extra (HKLM\...\{DB891739-2EB3-45A8-9CBD-941C255CECD4}) (Version: - )
Asus_Camera_ScreenSaver (HKLM\...\Asus_Camera_ScreenSaver) (Version: 2.0.0008 - ASUS)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{5EB5EEA7-6432-5827-0080-899DA70A97BA}) (Version: 3.0.664.0 - ATI Technologies, Inc.)
ATK Generic Function Service (HKLM\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM\...\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}) (Version: 1.00.0012 - ATK)
ATK Media (HKLM\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0000 - ASUS)
ATKOSD2 (HKLM\...\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}) (Version: 6.64.1.4 - ATK)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-00A7-A758B70C0F05}) (Version: 12.15.5.1034 - APN, LLC)
Brother MFL-Pro Suite (HKLM\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.00 - Brother Industries, Ltd.)
Cardo Updater (HKLM\...\Cardo Updater_is1) (Version: - Cardo Systems, Inc.)
Catalyst Control Center Core Implementation (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Czech (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Greek (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2008.0309.2141.36947 - ATI) Hidden
CCC Help Chinese Standard (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Czech (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Danish (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Dutch (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help English (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Finnish (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help French (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help German (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Greek (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Hungarian (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Italian (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Japanese (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Korean (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Norwegian (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Polish (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Portuguese (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Russian (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Spanish (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Swedish (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Thai (Version: 2008.0309.2140.36947 - ATI) Hidden
CCC Help Turkish (Version: 2008.0309.2140.36947 - ATI) Hidden
ccc-Branding (HKLM\...\{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}) (Version: 1.00.0000 - ATI)
ccc-core-static (Version: 2008.0309.2141.36947 - ATI) Hidden
ccc-utility (Version: 2008.0309.2141.36947 - ATI) Hidden
CCleaner (remove only) (HKLM\...\CCleaner) (Version: - )
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.0.2908 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.1924 - CyberLink Corp.)
CyberLink Power2Go (Version: 6.0.1924 - CyberLink Corp.) Hidden
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: - )
DR.Tool Gehirn Sport (HKLM\...\DR.Tool Gehirn Sport) (Version: - )
Efficient WMA MP3 Converter v0.98 (HKLM\...\Efficient WMA MP3 Converter_is1) (Version: - )
Express Gate (HKLM\...\{27D51A76-371D-48B6-B06E-4137A15B7583}) (Version: 0.7.7.0 - devicevm)
Gehirnjogging - Special Edition (HKLM\...\Gehirnjogging - Special Edition) (Version: 1.0 - SBT)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Landwirtschafts Simulator 2008 (HKLM\...\FarmingSimulator2008_is1) (Version: - astragon Software GmbH)
LightScribe System Software 1.14.17.1 (HKLM\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
NB Probe (HKLM\...\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}) (Version: - )
Need for Speed™ ProStreet (HKLM\...\{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}) (Version: 1.0.1.0 - Electronic Arts)
Ovi Desktop Sync Engine (Version: 1.4.78.0 - Nokia) Hidden
OviMPlatform (Version: 2.6.195.0 - Nokia) Hidden
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.11 - ProtectDisc Software GmbH)
QuickTime (HKLM\...\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}) (Version: 7.66.71.0 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5543 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)
RTL Biathlon 2009 (HKLM\...\RTL Biathlon 2009) (Version: - )
SimCity™ Societies (HKLM\...\{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}) (Version: 1.0.0.0 - Electronic Arts)
Skins (Version: 2008.0309.2141.36947 - ATI) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version: - )
Visitenkarten in 2 Minuten (HKLM\...\Visitenkarten in 2 Minuten) (Version: - )
VLC media player 1.0.5 (HKLM\...\VLC media player) (Version: 1.0.5 - VideoLAN Team)
WinFlash (HKLM\...\{DE10AB76-4756-4913-BE25-55D1C1051F9A}) (Version: - )
Wireless Console 2 (HKLM\...\{83F73CB1-7705-49D1-9852-84D839CA2A45}) (Version: 2.0.10 - ATK)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
09-08-2014 08:00:00 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2014-08-09 15:07 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {606FB28D-EF40-4540-BFDE-49F320B96AD0} - System32\Tasks\ASUS Live Update => C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {7502395F-1818-4AE6-B478-8C78987B5E0D} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Katha => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-21] (Microsoft Corporation)
Task: {75C9ACB2-EF03-4FB7-818A-B57C77208730} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-11] (Adobe Systems Incorporated)
Task: {8A5B47D8-5486-4CAD-8410-30A72C4104C4} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {CD77B242-0FDC-45CF-A6A7-9BFC0C39B7FF} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files\ASUS\SmartLogon\sensorsrv.exe [2008-06-18] (ASUS)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{C676DC56-B1D4-4878-9B04-4C330694D5DB}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) =============
2008-09-22 08:19 - 2007-05-18 11:31 - 00073728 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
2008-09-22 08:19 - 2007-06-15 19:28 - 00147456 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
2008-09-22 08:19 - 2007-06-02 02:08 - 00143360 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
2008-09-22 08:19 - 2007-08-08 11:52 - 00331776 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll
2008-09-22 07:58 - 2007-02-06 03:13 - 00094208 _____ () C:\Program Files\ATK Hotkey\ASLDRSrv.exe
2008-09-22 08:18 - 2007-08-08 09:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2008-03-09 16:01 - 2008-03-09 16:01 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2008-09-22 08:20 - 2007-11-30 20:20 - 00051768 _____ () C:\Program Files\ASUS\ASUS Live Update\ALU.exe
2008-09-22 07:58 - 2004-05-28 03:13 - 00057344 _____ () C:\Program Files\ATK Hotkey\CMSSC.dll
2008-09-22 07:58 - 2007-01-18 04:26 - 07708672 _____ () C:\Program Files\ATKOSD2\ATKOSD2.exe
2008-09-22 08:04 - 2007-07-06 01:53 - 01040384 _____ () C:\Program Files\Wireless Console 2\wcourier.exe
2008-12-25 01:04 - 2008-12-25 01:04 - 00066872 _____ () C:\Windows\system32\PnkBstrA.exe
2008-09-22 08:23 - 2007-08-03 21:24 - 00125496 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
2008-09-22 08:23 - 2007-09-14 19:00 - 00147456 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdiskex.dll
2008-09-22 08:23 - 2003-11-28 11:11 - 00135168 _____ () C:\Program Files\ASUS\NB Probe\SPM\spos.dll
2008-09-22 08:23 - 2005-08-30 00:24 - 00081920 _____ () C:\Program Files\ASUS\NB Probe\SPM\spnbacpi.dll
2008-09-22 08:23 - 2003-09-10 01:08 - 00049152 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdmi.dll
2008-09-22 08:23 - 2006-04-04 19:24 - 00036864 _____ () C:\Program Files\ASUS\NB Probe\SPM\ghadmi.dll
2008-09-22 08:23 - 2005-04-08 04:25 - 00077824 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmemory.dll
2008-09-22 07:58 - 2006-12-19 02:26 - 02420736 _____ () C:\Program Files\ATK Hotkey\ATKOSD.exe
2008-09-22 07:58 - 2007-04-17 22:39 - 00077824 _____ () C:\Program Files\ATK Hotkey\KBFiltr.exe
2008-07-19 04:52 - 2008-07-19 04:52 - 00649704 _____ () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2008-06-09 18:55 - 2008-06-09 18:55 - 00013096 _____ () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2008-09-22 08:26 - 2008-09-22 08:26 - 00033136 _____ () C:\Windows\ASScrPro.exe
2007-07-12 22:55 - 2007-07-12 22:55 - 01581056 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-08-14 22:59 - 2007-08-14 22:59 - 06365184 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2007-07-12 22:55 - 2007-07-12 22:55 - 00131072 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2007-03-07 02:03 - 2007-03-07 02:03 - 00016384 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-06-22 11:40 - 2014-08-01 16:12 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/09/2014 05:47:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/09/2014 05:47:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (08/09/2014 05:36:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (08/09/2014 05:36:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/09/2014 03:37:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (08/09/2014 03:10:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/09/2014 02:29:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (08/09/2014 02:29:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/09/2014 02:15:32 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description:
Error: (08/09/2014 02:15:32 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
System errors:
=============
Error: (08/09/2014 05:48:57 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (08/09/2014 05:46:11 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
Error: (08/09/2014 05:37:40 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (08/09/2014 05:35:02 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
Error: (08/09/2014 03:14:20 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (08/09/2014 03:09:07 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
Error: (08/09/2014 03:07:43 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Error: (08/09/2014 03:07:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Error: (08/09/2014 03:03:26 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Error: (08/09/2014 02:59:07 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Microsoft Office Sessions:
=========================
Error: (08/09/2014 05:47:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/09/2014 05:47:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (08/09/2014 05:36:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (08/09/2014 05:36:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/09/2014 03:37:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (08/09/2014 03:10:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/09/2014 02:29:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (08/09/2014 02:29:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/09/2014 02:15:32 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description:
Error: (08/09/2014 02:15:32 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
CodeIntegrity Errors:
===================================
Date: 2014-08-09 18:06:49.414
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-09 18:06:49.273
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-09 18:06:49.133
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-09 18:06:48.992
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-09 18:06:48.695
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-09 18:06:48.570
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-09 18:06:48.430
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-09 18:06:48.289
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-09 18:06:32.445
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-09 18:06:32.305
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 36%
Total physical RAM: 3070.35 MB
Available physical RAM: 1958.84 MB
Total Pagefile: 6346.98 MB
Available Pagefile: 5110.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.38 MB
==================== Drives ================================
Drive c: (VistaOS) (Fixed) (Total:149.04 GB) (Free:96.54 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:139.28 GB) (Free:117.2 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 97646C29)
Partition 1: (Not Active) - (Size=10 GB) - (Type=1C)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=139 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
09.08.2014, 18:20
| #8 |
| /// TB-Ausbilder | Laptop immer Langsamer, kein arbeiten mit simplen Anwendungen mehr möglich. Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
FF NetworkProxy: "no_proxies_on", "eumex.ip,*.local"
FF NetworkProxy: "type", 0
C:\Users\Katha\Downloads\mbam-setup-2.0.2.1012.exe
Reboot:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte  SecurityCheck und:
Schritt 4 Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop: SystemLook (32 bit) | SystemLook (64 bit)
Bitte poste mit deiner nächsten Antwort
|
|
10.08.2014, 18:53
| #9 |
| | Laptop immer Langsamer, kein arbeiten mit simplen Anwendungen mehr möglich. so hier also die logfiles: FRST Fixlist Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:9-08-2014
Ran by Katha at 2014-08-10 10:39:00 Run:1
Running from C:\Users\Katha\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
FF NetworkProxy: "no_proxies_on", "eumex.ip,*.local"
FF NetworkProxy: "type", 0
C:\Users\Katha\Downloads\mbam-setup-2.0.2.1012.exe
Reboot:
end
*****************
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
C:\Users\Katha\Downloads\mbam-setup-2.0.2.1012.exe => Moved successfully.
The system needed a reboot.
==== End of Fixlog ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=978e4f95d750c642a274d02a784afc2d
# engine=19584
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-10 10:17:32
# local_time=2014-08-10 12:17:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 66959 115070023 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 94558 245198580 0 0
# scanned=165506
# found=14
# cleaned=0
# scan_time=5211
sh=4FF97B281BC64D991DD01DAD2A67C5F0831535DB ft=1 fh=048fe3b80b0ef2b0 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\DVDVideoSoft.exe.vir"
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=143416AAC4F6000C3A3235EB4EC955B4D0B6955E ft=1 fh=b68409d87b15670c vn="Win32/DealPly.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Katha\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe.vir"
sh=78EF5981C3519DFCC18D1E4513235A5FD9834677 ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Katha\AppData\Roaming\Mozilla\Firefox\Profiles\953o26is.default\Extensions\amo@dealplyshopping.com\chrome\content\dealplyshopping.xul.vir"
sh=E9636E72B4CDDA097B4045E3F89E5DB626E7A95F ft=0 fh=0000000000000000 vn="Win32/DealPly.E evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\DealPly\DealPly.crx.vir"
sh=7C92094B229FF4987F3B8D4370F383859BE445F6 ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\DealPly\DealPly.xpi.vir"
sh=A20741A3A8DD650875410A9F4C507232B53692B6 ft=1 fh=319a2a0a29d653d7 vn="Win32/DealPly.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\DealPly\DealPlyIE.dll.vir"
sh=5C1C4011CE2CB47F45BACC2E6C7FECF73E5F09DE ft=1 fh=d861a4c832f6c374 vn="Win32/DealPly.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\DealPly\DealPlyUpdate.exe.vir"
sh=D511C85A94649134C7BA8ECFD7876125A4C2F832 ft=1 fh=bdced5e2a18ee905 vn="Variante von Win32/DealPly.C evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\DealPly\DealPlyUpdateRun.exe.vir"
sh=143416AAC4F6000C3A3235EB4EC955B4D0B6955E ft=1 fh=b68409d87b15670c vn="Win32/DealPly.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\DealPly\DealPlyUpdateVer.exe.vir"
sh=9FB4228EF7EFBE3EA55BE8A36010F0658CE5CC77 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.PCN Trojaner" ac=I fn="C:\Users\Katha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\4f474c61-61313e32"
sh=44090F1DFBBA3408FC319C0B59AC69D0A5D44505 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.OpenStream.NDI Trojaner" ac=I fn="C:\Users\Katha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\40842804-62f6818d"
sh=56D5FE93EA0155060C15F912A0E1E02D7371F837 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Katha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\6805e63b-741fe69b"
sh=64DECE045912C6EE02E64A414209596217F365CD ft=1 fh=134999b955db98a4 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Katha\Downloads\clean.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.86
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
CCleaner (remove only)
Java 7 Update 51
Java version out of Date!
Adobe Flash Player 14.0.0.145
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (31.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 13:24 on 10/08/2014 by Katha
Administrator - Elevation successful
========== regfind ==========
Searching for "ICQToolbar"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1662933009-2604913735-171526612-1000\Software\ICQ\ICQToolBar]
[HKEY_USERS\S-1-5-21-1662933009-2604913735-171526612-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1662933009-2604913735-171526612-1000\Software\ICQ\ICQToolBar]
Searching for " "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Resource> </Res
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0029]
"DriverDesc"="S60 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0029]
"FriendlyName"="S60 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0043]
"DriverDesc"="S60 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0043]
"FriendlyName"="S60 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0049]
"DriverDesc"="TF10 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0049]
"FriendlyName"="TF10 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0056]
"DriverDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0056]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0069]
"DriverDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0069]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09072552D834CC&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09072552D834CC&0#]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_0250#131115880373&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_0250#131115880373&0#]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#355708022834088&0#]
"DeviceDesc"="S60 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#355708022834088&0#]
"FriendlyName"="S60 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#359329043920677&0#]
"DeviceDesc"="S60 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#359329043920677&0#]
"FriendlyName"="S60 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_TDK_LOR&PROD_TF10&REV_PMAP#07032CBB281F0190&0#]
"DeviceDesc"="TF10 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_TDK_LOR&PROD_TF10&REV_PMAP#07032CBB281F0190&0#]
"FriendlyName"="TF10 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0029]
"DriverDesc"="S60 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0029]
"FriendlyName"="S60 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0043]
"DriverDesc"="S60 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0043]
"FriendlyName"="S60 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0049]
"DriverDesc"="TF10 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0049]
"FriendlyName"="TF10 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0056]
"DriverDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0056]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0069]
"DriverDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0069]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09072552D834CC&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09072552D834CC&0#]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_0250#131115880373&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_0250#131115880373&0#]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#355708022834088&0#]
"DeviceDesc"="S60 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#355708022834088&0#]
"FriendlyName"="S60 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#359329043920677&0#]
"DeviceDesc"="S60 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#359329043920677&0#]
"FriendlyName"="S60 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_TDK_LOR&PROD_TF10&REV_PMAP#07032CBB281F0190&0#]
"DeviceDesc"="TF10 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_TDK_LOR&PROD_TF10&REV_PMAP#07032CBB281F0190&0#]
"FriendlyName"="TF10 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0029]
"DriverDesc"="S60 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0029]
"FriendlyName"="S60 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0043]
"DriverDesc"="S60 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0043]
"FriendlyName"="S60 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0049]
"DriverDesc"="TF10 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0049]
"FriendlyName"="TF10 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0056]
"DriverDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0056]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0069]
"DriverDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0069]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09072552D834CC&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09072552D834CC&0#]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_0250#131115880373&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_0250#131115880373&0#]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#355708022834088&0#]
"DeviceDesc"="S60 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#355708022834088&0#]
"FriendlyName"="S60 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#359329043920677&0#]
"DeviceDesc"="S60 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#359329043920677&0#]
"FriendlyName"="S60 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_TDK_LOR&PROD_TF10&REV_PMAP#07032CBB281F0190&0#]
"DeviceDesc"="TF10 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_TDK_LOR&PROD_TF10&REV_PMAP#07032CBB281F0190&0#]
"FriendlyName"="TF10 "
-= EOF =-
liegt der "Geschwindigkeitsverlust" des rechners also tatsäcich an diverser schädlicher Software? |
|
11.08.2014, 09:22
| #10 | |
| /// TB-Ausbilder | Laptop immer Langsamer, kein arbeiten mit simplen Anwendungen mehr möglich.Zitat:
 Es muss aber nicht immer zwingend Malware sein, kann auch verschiedene Gründe haben. Reste entfernen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
C:\Users\Katha\Downloads\clean.exe
C:\Users\Katha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0
DeleteKey: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1662933009-2604913735-171526612-1000\Software\ICQ\ICQToolBar
Reboot:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Ganz Wichtig: Windows Vista Service Pack 2 über Systemsteuerung > System und Sicherheit > Windows Update > Nach Updates suchen downloaden und installieren. Schritt 1 Du verwendest veraltete Software auf deinem Rechner, was ein Sicherheitsrisiko darstellt. Daher solltest du veraltete Software deinstallieren und anschließend die aktuellste Version installieren. Folge dem Pfad Start > Systemsteuerung > Sofware / Programme deinstallieren. Deinstalliere die folgenden Programme von deinem Rechner:
Downloade und installiere dir bitte nun:
Schritt 2 Die Reihenfolge ist hier entscheidend.
Schritt 3 Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
13.08.2014, 12:26
| #11 |
| /// TB-Ausbilder | Laptop immer Langsamer, kein arbeiten mit simplen Anwendungen mehr möglich. Ich bin froh, dass wir helfen konnten  In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
15.08.2014, 18:10
| #12 |
| | Laptop immer Langsamer, kein arbeiten mit simplen Anwendungen mehr möglich. hier die vielleicht letzte logdatei: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-08-2014
Ran by Katha at 2014-08-15 14:41:13 Run:2
Running from C:\Users\Katha\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
C:\Users\Katha\Downloads\clean.exe
C:\Users\Katha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0
DeleteKey: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1662933009-2604913735-171526612-1000\Software\ICQ\ICQToolBar
Reboot:
end
*****************
C:\Users\Katha\Downloads\clean.exe => Moved successfully.
C:\Users\Katha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 => Moved successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1662933009-2604913735-171526612-1000\Software\ICQ\ICQToolBar => Key deleted successfully.
The system needed a reboot.
==== End of Fixlog ====
Danke schon mal. |
|
16.08.2014, 10:01
| #13 |
| /// TB-Ausbilder | Laptop immer Langsamer, kein arbeiten mit simplen Anwendungen mehr möglich. Servus, ja, sieht gut aus. |
|
| Themen zu Laptop immer Langsamer, kein arbeiten mit simplen Anwendungen mehr möglich. |
| antivirus, bluescreen, converter, desktop, device driver, flash player, homepage, installation, internet, java/exploit.agent.pcn, pop-up-blocker, realtek, registry, security, software, svchost.exe, win32/adware.yontoo.b, win32/dealply.b, win32/dealply.c, win32/dealply.d, win32/dealply.e, win32/dealply.j, win32/toolbar.conduit, win32/toolbar.conduit.b, windows |
Hybrid-Darstellung
