| redhorse123 | 30.11.2014 17:48 |
Windows 8.1: alle Browser fast unbenutzbar
Hallo,
Der Rechner, um den es geht, ist erst wenige Wochen alt und lässt seit einiger Zeit alle Browser nur noch extrem langsam arbeiten.
Habe schon eine Menge versucht, inklusive Neuinstallation von Windows, aber alles bisher ohne Besserung.
Ich wäre sehr dankbar wenn mir hier jemand helfen könnte.
Hier die ersten Logfiles:
FRST: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by Michael (administrator) on X-PC on 30-11-2014 17:14:51
Running from C:\Users\Michael\Desktop
Loaded Profile: Michael (Available profiles: Michael)
Platform: Windows 8.1 Connected (Update 1) (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe.ad04.deleteme
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe.684e.deleteme
(Dell Inc.) C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5776712 2013-11-25] (Dell Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506648 2013-12-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374424 2014-01-10] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [285272 2013-12-31] (Waves Audio Ltd.)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374424 2014-01-10] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2810096 2014-02-20] (Synaptics Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-30] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2424502558-3792405873-3556088539-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com/
HKU\S-1-5-21-2424502558-3792405873-3556088539-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> DefaultScope {48D62139-4C72-498B-9396-95BABF64D70C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM -> {48D62139-4C72-498B-9396-95BABF64D70C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM-x32 -> DefaultScope {48D62139-4C72-498B-9396-95BABF64D70C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM-x32 -> {48D62139-4C72-498B-9396-95BABF64D70C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKU\S-1-5-21-2424502558-3792405873-3556088539-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2424502558-3792405873-3556088539-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-30]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-30]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 0109631417356802mcinstcleanup; C:\Windows\TEMP\010963~1.EXE [836168 2014-03-13] (McAfee, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-30] (AVAST Software)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.)
S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [202744 2014-04-10] (Dell Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-22] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [887232 2013-12-24] (Intel(R) Corporation)
U4 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [326856 2013-07-10] (McAfee, Inc.)
U4 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [326856 2013-07-10] (McAfee, Inc.)
R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
S2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
R2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [X]
R2 mfevtp; "C:\Windows\system32\mfevtps.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-30] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-30] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-30] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3855872 2013-09-11] (Qualcomm Atheros Communications, Inc.)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-20] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
S0 cfwids; system32\drivers\cfwids.sys [X]
S0 mfeapfk; system32\drivers\mfeapfk.sys [X]
R0 mfeavfk; system32\drivers\mfeavfk.sys [X]
S0 mfeelamk; system32\drivers\mfeelamk.sys [X]
R0 mfefirek; system32\drivers\mfefirek.sys [X]
R0 mfehidk; system32\drivers\mfehidk.sys [X]
R0 mfewfpk; system32\drivers\mfewfpk.sys [X]
S3 OATool; \??\C:\Users\ADMINI~1\AppData\Local\Temp\OAToolx64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-30 17:14 - 2014-11-30 17:15 - 00010493 _____ () C:\Users\Michael\Desktop\FRST.txt
2014-11-30 17:14 - 2014-11-30 17:14 - 00000476 _____ () C:\Users\Michael\Desktop\defogger_disable.log
2014-11-30 17:14 - 2014-11-30 17:14 - 00000000 ____D () C:\FRST
2014-11-30 17:14 - 2014-11-30 17:14 - 00000000 _____ () C:\Users\Michael\defogger_reenable
2014-11-30 17:03 - 2014-11-30 17:03 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\AVAST Software
2014-11-30 17:03 - 2014-11-30 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-30 17:02 - 2014-11-30 17:03 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-30 17:02 - 2014-11-30 17:02 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1417363378656
2014-11-30 17:02 - 2014-11-30 17:02 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-30 17:02 - 2014-11-30 17:02 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-11-30 17:02 - 2014-11-30 17:02 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-30 17:02 - 2014-11-30 17:02 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-30 17:02 - 2014-11-30 17:02 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-11-30 17:02 - 2014-11-30 17:02 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-30 17:02 - 2014-11-30 17:02 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-30 17:02 - 2014-11-30 17:02 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-30 17:02 - 2014-11-30 17:02 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-30 17:02 - 2014-11-30 17:02 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-30 17:02 - 2014-11-30 17:02 - 00000000 ____D () C:\Program Files\AVAST Software
2014-11-30 17:01 - 2014-11-30 17:02 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-30 16:58 - 2014-11-30 17:00 - 132469808 _____ (AVAST Software) C:\Users\Michael\Downloads\avast_free_antivirus_setup_10.2208.712.exe
2014-11-30 16:48 - 2014-11-30 16:48 - 00380416 _____ () C:\Users\Michael\Desktop\Gmer-19357.exe
2014-11-30 16:47 - 2014-11-30 16:47 - 02117632 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2014-11-30 16:41 - 2014-11-30 16:41 - 00050477 _____ () C:\Users\Michael\Desktop\Defogger.exe
2014-11-30 15:13 - 2014-11-30 17:04 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2424502558-3792405873-3556088539-1001
2014-11-30 15:13 - 2014-11-30 15:13 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Macromedia
2014-11-30 15:12 - 2014-11-30 16:28 - 00000000 __RDO () C:\Users\Michael\OneDrive
2014-11-30 15:08 - 2014-11-30 15:08 - 00000000 ____D () C:\Users\Michael\AppData\Local\Aviata
2014-11-30 15:07 - 2014-11-30 16:59 - 00000000 ____D () C:\Users\Michael\AppData\Local\Packages
2014-11-30 15:07 - 2014-11-30 16:48 - 00140626 _____ () C:\Windows\WindowsUpdate.log
2014-11-30 15:07 - 2014-11-30 15:08 - 00000000 ____D () C:\Users\Michael\AppData\Local\PackageStaging
2014-11-30 15:07 - 2014-11-30 15:07 - 00001456 _____ () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-30 15:07 - 2014-11-30 15:07 - 00000144 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-11-30 15:07 - 2014-11-30 15:07 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Adobe
2014-11-30 15:07 - 2014-11-30 15:07 - 00000000 ____D () C:\Users\Michael\AppData\Local\VirtualStore
2014-11-30 15:06 - 2014-11-30 15:06 - 00000020 ___SH () C:\Users\Michael\ntuser.ini
2014-11-30 15:06 - 2014-11-30 15:06 - 00000000 _SHDL () C:\Users\Michael\Vorlagen
2014-11-30 15:06 - 2014-11-30 15:06 - 00000000 _SHDL () C:\Users\Michael\Startmenü
2014-11-30 15:06 - 2014-11-30 15:06 - 00000000 _SHDL () C:\Users\Michael\Netzwerkumgebung
2014-11-30 15:06 - 2014-11-30 15:06 - 00000000 _SHDL () C:\Users\Michael\Lokale Einstellungen
2014-11-30 15:06 - 2014-11-30 15:06 - 00000000 _SHDL () C:\Users\Michael\Eigene Dateien
2014-11-30 15:06 - 2014-11-30 15:06 - 00000000 _SHDL () C:\Users\Michael\Druckumgebung
2014-11-30 15:06 - 2014-11-30 15:06 - 00000000 _SHDL () C:\Users\Michael\Documents\Eigene Musik
2014-11-30 15:06 - 2014-11-30 15:06 - 00000000 _SHDL () C:\Users\Michael\Documents\Eigene Bilder
2014-11-30 15:06 - 2014-11-30 15:06 - 00000000 _SHDL () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-11-30 15:06 - 2014-11-30 15:06 - 00000000 _SHDL () C:\Users\Michael\AppData\Local\Verlauf
2014-11-30 15:06 - 2014-11-30 15:06 - 00000000 _SHDL () C:\Users\Michael\AppData\Local\Anwendungsdaten
2014-11-30 15:06 - 2014-11-30 15:06 - 00000000 _SHDL () C:\Users\Michael\Anwendungsdaten
2014-11-30 15:06 - 2014-03-18 10:48 - 00000369 _____ () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-11-30 15:06 - 2014-03-18 10:48 - 00000369 _____ () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-11-30 15:05 - 2014-11-30 17:14 - 00000000 ____D () C:\Users\Michael
2014-11-30 15:05 - 2014-08-30 07:08 - 00000000 ___RD () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-30 15:05 - 2014-03-18 11:00 - 00000000 ___RD () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-11-30 15:05 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-30 15:05 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-30 06:24 - 2014-11-30 06:24 - 00000000 _____ () C:\Recovery.txt
2014-11-29 20:25 - 2014-11-29 20:25 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-11-29 20:25 - 2014-11-29 20:25 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-11-29 20:25 - 2014-11-29 20:25 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-11-29 20:25 - 2014-11-29 20:25 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-11-29 20:25 - 2014-11-29 20:25 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-11-29 20:25 - 2014-11-29 20:25 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-11-29 20:25 - 2014-11-29 20:25 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-11-29 20:25 - 2014-11-29 20:25 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-11-29 20:25 - 2014-11-29 20:25 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-11-29 20:25 - 2014-11-29 20:25 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-11-29 20:25 - 2014-11-29 20:25 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-11-29 20:25 - 2014-11-29 20:25 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-11-29 20:25 - 2014-11-29 20:25 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-11-29 20:25 - 2014-11-29 20:25 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-11-29 20:25 - 2014-11-29 20:25 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-11-29 20:25 - 2014-11-29 20:25 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-11-29 20:25 - 2014-11-29 20:25 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-11-29 20:25 - 2014-11-29 20:25 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-11-29 20:25 - 2014-11-29 20:25 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-11-29 20:25 - 2014-11-29 20:25 - 00000000 _SHDL () C:\Programme
2014-11-29 20:25 - 2014-11-29 20:25 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-11-29 20:25 - 2014-11-29 20:25 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-11-29 20:25 - 2014-11-29 20:25 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-11-29 20:25 - 2014-11-29 20:25 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-11-29 20:25 - 2014-11-29 20:25 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-11-29 20:25 - 2014-11-29 20:25 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-11-29 20:25 - 2014-11-29 20:25 - 00000000 _SHDL () C:\Dokumente und Einstellungen
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-30 17:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-11-30 16:59 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-11-30 16:56 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-11-30 16:33 - 2014-09-03 17:50 - 00000000 ____D () C:\ProgramData\McAfee
2014-11-30 15:14 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-11-30 15:13 - 2014-09-03 17:50 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-11-30 15:07 - 2014-08-30 16:34 - 00000000 ____D () C:\Windows\Panther
2014-11-30 15:02 - 2014-03-18 10:47 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-30 15:02 - 2014-03-18 10:30 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2014-11-30 15:02 - 2014-03-18 10:30 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2014-11-30 15:00 - 2014-09-03 17:54 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-11-30 06:24 - 2013-08-22 16:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
2014-11-29 20:25 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-11-29 20:25 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT
2014-11-29 20:25 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-29 20:25 - 2013-08-22 14:36 - 00000000 __RHD () C:\Users\Default
2014-11-29 20:24 - 2013-08-22 15:44 - 00335992 _____ () C:\Windows\system32\FNTCACHE.DAT
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-30 06:59
==================== End Of Log ============================
GMER: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-30 17:32:39
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000001f ST500LT012-1DG142 rev.0001SDM1 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Michael\AppData\Local\Temp\fxldipog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2456] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb5c6b169a 4 bytes [6B, 5C, FB, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2456] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb5c6b16a2 4 bytes [6B, 5C, FB, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2456] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb5c6b181a 4 bytes [6B, 5C, FB, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2456] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb5c6b1832 4 bytes [6B, 5C, FB, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3048] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb5c6b169a 4 bytes [6B, 5C, FB, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3048] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb5c6b16a2 4 bytes [6B, 5C, FB, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3048] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb5c6b181a 4 bytes [6B, 5C, FB, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3048] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb5c6b1832 4 bytes [6B, 5C, FB, 7F]
.text C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[4852] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffb5c6b169a 4 bytes [6B, 5C, FB, 7F]
.text C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[4852] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffb5c6b16a2 4 bytes [6B, 5C, FB, 7F]
.text C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[4852] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ffb5c6b181a 4 bytes [6B, 5C, FB, 7F]
.text C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[4852] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ffb5c6b1832 4 bytes [6B, 5C, FB, 7F]
.text C:\Program Files\Internet Explorer\iexplore.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00007ffb5e3e5b5c 6 bytes {NOP ; JMP 0xffffffff8015ac00}
.text C:\Program Files\Internet Explorer\iexplore.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffb5e3e8274 6 bytes {NOP ; JMP 0xffffffff80158130}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2704] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffb3c641f6a 4 bytes [64, 3C, FB, 7F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2704] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffb3c641f82 4 bytes [64, 3C, FB, 7F]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [568:584] fffff960008fcb90
Thread C:\Windows\System32\WWAHost.exe [3968:2192] 00007ffb5de50310
Thread C:\Windows\System32\WWAHost.exe [3968:2200] 00007ffb59d37ec4
Thread C:\Windows\System32\WWAHost.exe [3968:3728] 00007ffb544cc78c
Thread C:\Windows\System32\WWAHost.exe [3968:4444] 00007ffb5a44cb88
Thread C:\Windows\System32\WWAHost.exe [3968:1936] 00007ffb3d0bcfd0
Thread C:\Windows\System32\WWAHost.exe [3968:3884] 00007ffb3d0b9d10
Thread C:\Windows\System32\WWAHost.exe [3968:3548] 00007ffb3d186680
Thread C:\Windows\System32\WWAHost.exe [3968:3088] 00007ffb3d0b9d10
Thread C:\Windows\System32\WWAHost.exe [3968:3372] 00007ffb5bd699b0
Thread C:\Windows\System32\WWAHost.exe [3968:664] 00007ffb5bd699b0
Thread C:\Windows\System32\WWAHost.exe [3968:1960] 00007ffb3d0b9d10
Thread C:\Windows\System32\WWAHost.exe [3968:636] 00007ffb3a204218
Thread C:\Windows\System32\WWAHost.exe [3968:2716] 00007ffb3a1e16bc
Thread C:\Windows\System32\WWAHost.exe [3968:2300] 00007ffb5de50310
Thread C:\Windows\System32\WWAHost.exe [3968:2376] 00007ffb5de50310
Thread C:\Windows\System32\WWAHost.exe [3968:844] 00007ffb5de50310
Thread C:\Windows\System32\WWAHost.exe [3968:1364] 00007ffb5ba31b54
---- EOF - GMER 2.1 ----
Schonmal tausend Dank für jede Hilfe! |
