| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Interpol Meldung Rechner gesprerrt!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.04.2014, 19:19
| #1 |
| |  Windows 7: Interpol Meldung Rechner gesprerrt! So wie es aussieht hab ich mir auf meinem Laptop den Interpol Trojaner eingefangen. Der Rechner wird nach ca. 1 min gesperrt dann sehe ich das bekannte Fenster von Interpol und in einem Extrafenster sehe ich durch die Webcam mein Gesicht. Ich poste direkt mal das FRST File. Herzlichen Danke für eure Hilfe!!! FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-04-2014
Ran by SYSTEM on MININT-APMAPBL on 29-04-2014 19:57:18
Running from G:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery
The current controlset is ControlSet003
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7514656 2009-05-22] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-22] (Realtek Semiconductor Corp.)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [YouCam Mirror Tray icon] => C:\Program Files\CyberLink\YouCam\YouCamTray.exe [162912 2009-07-08] (CyberLink Corp.)
HKLM\...\Run: [Fujitsu OSD Utility] => C:\Program Files\Fujitsu OSD Utility\OSDUtility.exe [733184 2009-04-03] (Fujitsu Technology Solutions)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [NPSStartup] => [X]
HKLM\...\Run: [LexwareInfoService] => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [339312 2010-09-15] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [296056 2012-06-03] (RealNetworks, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\Ralph\...\Run: [AutoStartNPSAgent] => C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [102400 2010-08-06] (Samsung Electronics Co., Ltd.)
HKU\Ralph\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\Ralph\...\Winlogon: [Shell] Explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4h8zhlcy.lnk
ShortcutTarget: 4h8zhlcy.lnk -> C:\ProgramData\2992199F9A\yclhz8h4.cpp (Microsoft Corporation)
========================== Services (Whitelisted) =================
S3 HRService; C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe [71024 2010-10-25] ()
S2 N360; C:\Program Files\Norton 360 Premier Edition\Engine\21.2.0.38\N360.exe [265040 2014-03-12] (Symantec Corporation)
S2 TestHandler; C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [341264 2009-02-19] (Fujitsu Technology Solutions)
S2 Winmgmt; C:\ProgramData\2992199F9A\yclhz8h4.cpp [186433 2014-04-12] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S1 BHDrvx86; C:\Program Files\Norton 360 Premier Edition\NortonData\21.0.2.1\Definitions\BASHDefs\20140409.001\BHDrvx86.sys [1098968 2014-03-19] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360\1502000.026\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
S1 IDSVix86; C:\Program Files\Norton 360 Premier Edition\NortonData\21.0.2.1\Definitions\IPSDefs\20140417.001\IDSvix86.sys [395992 2014-03-26] (Symantec Corporation)
S3 NAVENG; C:\Program Files\Norton 360 Premier Edition\NortonData\21.0.2.1\Definitions\VirusDefs\20140418.004\NAVENG.SYS [93272 2013-10-11] (Symantec Corporation)
S3 NAVEX15; C:\Program Files\Norton 360 Premier Edition\NortonData\21.0.2.1\Definitions\VirusDefs\20140418.004\NAVEX15.SYS [1612376 2013-10-11] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360\1502000.026\SRTSP.SYS [664280 2014-02-13] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360\1502000.026\SRTSPX.SYS [32344 2013-07-31] (Symantec Corporation)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation)
S0 SymDS; C:\Windows\System32\drivers\N360\1502000.026\SYMDS.SYS [367704 2013-08-01] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\N360\1502000.026\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-10-12] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360\1502000.026\Ironx86.SYS [206936 2013-07-31] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360\1502000.026\SYMNETS.SYS [447704 2014-02-18] (Symantec Corporation)
S2 wuaserv;
========================== Drivers MD5 =======================
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys F81BB7E487EDCEAB630A7EE66CF23913
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athr.sys B01751CC563AECAC09BBE36AAA21FBEF
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Program Files\Norton 360 Premier Edition\NortonData\21.0.2.1\Definitions\BASHDefs\20140409.001\BHDrvx86.sys 0305AF513F52CCCD0716002EC06AC2AA
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\system32\drivers\N360\1502000.026\ccSetx86.sys 56C2811FD0D7B727808A69407B5BFAE0
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 85449EEBE8F8EBD6481EFBF0F352B4EB
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 71BC35067CABC02C9453AEAA42B2E43E
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 08EE8892FD19A6A951F40254E97F6EF3
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\system32\FsUsbExDisk.SYS 790A4CA68F44BE35967B3DF61F3E4675
C:\Windows\System32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Program Files\Norton 360 Premier Edition\NortonData\21.0.2.1\Definitions\IPSDefs\20140417.001\IDSvix86.sys 373C0F67CC49772028D311FD147F4E85
C:\Windows\System32\DRIVERS\igdkmd32.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys 8B27C21412AE4404EB0ACFE1D98579EC
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys F286830298323272260332D6ABC905C1
C:\Windows\System32\Drivers\ksecpkg.sys D7C760D57B1656DD748B9E4AB6CB5A51
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 21F4B24ACFC79A483515BD986DD9043F
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Program Files\Norton 360 Premier Edition\NortonData\21.0.2.1\Definitions\VirusDefs\20140418.004\NAVENG.SYS 81E928EE3751FAF725C87CC17726C05D
C:\Program Files\Norton 360 Premier Edition\NortonData\21.0.2.1\Definitions\VirusDefs\20140418.004\NAVEX15.SYS E0C39FA6C76AE8ED53ABF043F35ECDFF
C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys C8DFF8D07755A66C7A4A738930F0FEAC
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pccsmcfd.sys 175CC28DCF819F78CAA3FBD44AD9E52A
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 96F8DD546677AA5102150ACC140377B3
C:\Windows\System32\DRIVERS\Rt86win7.sys D5EDE44CA85899E0478208C8413C1C31
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\N360\1502000.026\SRTSP.SYS 91C966DE2058116525748050A22C8170
C:\Windows\system32\drivers\N360\1502000.026\SRTSPX.SYS 1B6D68043F488F70E889276E1585B7AA
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\System32\DRIVERS\ss_bbus.sys EAA66218CD39F5BB1B4853A78C67C787
C:\Windows\System32\DRIVERS\ss_bmdfl.sys 91765F99914ED8693D8BC76524F21581
C:\Windows\System32\DRIVERS\ss_bmdm.sys 840E7B738B03C10EE91D9B7D3D6EFF15
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\N360\1502000.026\SYMDS.SYS 4C3DEF736D3857570166DE5C858600F5
C:\Windows\System32\drivers\N360\1502000.026\SYMEFA.SYS B70A98F20B4180F2751CFD7656116342
C:\Windows\system32\Drivers\SYMEVENT.SYS E987A9CB539147527F56943BB34B7375
C:\Windows\system32\drivers\N360\1502000.026\Ironx86.SYS E3A3CA230C7547364BB3D9DA0C301A36
C:\Windows\System32\Drivers\N360\1502000.026\SYMNETS.SYS CCD9B61DD6AB649B69143523C0D6391B
C:\Windows\System32\drivers\tcpip.sys CA59F7C570AF70BC174F477CFE2D9EE3
C:\Windows\System32\DRIVERS\tcpip.sys CA59F7C570AF70BC174F477CFE2D9EE3
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\tpm.sys 5AD05191DC8B444A7BA4D79B76C42A30
C:\Windows\System32\DRIVERS\tssecsrv.sys B37B08F2E5EEB1A37E448E09BACE1101
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46
C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\Windows\System32\DRIVERS\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6
C:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655A
C:\Windows\system32\drivers\usbohci.sys 9828C8D14CC2676421778F0DE638CF97
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys FC6B21DB4B5B398AB93DBE59CBF11036
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\System32\DRIVERS\usbuhci.sys 800AABFD625EEFF899F7E5496BDE37AB
C:\Windows\System32\Drivers\usbvideo.sys DE014425522610BEDCA3821BB8C0F1D5
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\System32\DRIVERS\vwifimp.sys A3F04CBEA6C2A10E6CB01F8B47611882
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-29 19:55 - 2014-04-29 19:57 - 00000000 ____D () C:\FRST
2014-04-18 21:37 - 2014-04-29 17:29 - 00082908 _____ () C:\Windows\setupact.log
2014-04-18 21:37 - 2014-04-18 21:37 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-16 13:28 - 2014-03-31 02:51 - 88028728 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-04-13 09:12 - 2014-04-13 09:12 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-04-12 13:43 - 2014-04-13 09:12 - 00000000 ____D () C:\Users\Ralph\AppData\Roaming\Nico Mak Computing
2014-04-12 13:34 - 2014-04-12 13:38 - 340465664 _____ () C:\Users\Ralph\Downloads\kav_rescue_10-0513.iso
2014-04-12 07:07 - 2014-04-29 18:30 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-04-11 08:20 - 2014-04-11 08:20 - 00000000 ____D () C:\Users\Ralph\Desktop\Neuer Ordner (2)
2014-04-09 06:20 - 2014-03-31 01:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-04-09 06:20 - 2014-03-31 00:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-04-09 06:20 - 2014-03-04 10:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2014-04-09 06:20 - 2014-02-04 03:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2014-04-09 06:20 - 2014-02-04 03:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2014-04-09 06:20 - 2014-02-04 03:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2014-04-09 06:20 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\iologmsg.dll
2014-04-09 06:20 - 2014-01-24 03:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
==================== One Month Modified Files and Folders =======
2014-04-29 19:57 - 2014-04-29 19:55 - 00000000 ____D () C:\FRST
2014-04-29 18:44 - 2013-10-07 09:47 - 01144548 _____ () C:\Windows\WindowsUpdate.log
2014-04-29 18:30 - 2014-04-12 07:07 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-04-29 18:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\LogFiles
2014-04-29 17:36 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-29 17:36 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-29 17:29 - 2014-04-18 21:37 - 00082908 _____ () C:\Windows\setupact.log
2014-04-18 21:37 - 2014-04-18 21:37 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-17 06:15 - 2009-12-23 22:21 - 00000000 ____D () C:\Users\Ralph\Documents\Youcam
2014-04-16 13:31 - 2013-08-13 19:47 - 00000000 ____D () C:\Windows\System32\MRT
2014-04-16 09:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-04-13 09:12 - 2014-04-13 09:12 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-04-13 09:12 - 2014-04-12 13:43 - 00000000 ____D () C:\Users\Ralph\AppData\Roaming\Nico Mak Computing
2014-04-13 07:16 - 2012-06-23 08:39 - 00000000 ____D () C:\Users\Ralph\AppData\Local\NPE
2014-04-12 13:38 - 2014-04-12 13:34 - 340465664 _____ () C:\Users\Ralph\Downloads\kav_rescue_10-0513.iso
2014-04-11 08:20 - 2014-04-11 08:20 - 00000000 ____D () C:\Users\Ralph\Desktop\Neuer Ordner (2)
2014-04-09 12:25 - 2010-01-17 13:38 - 00000000 ____D () C:\users\Ralph
2014-04-09 12:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\de-DE
2014-04-09 07:23 - 2009-08-22 05:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-04 09:53 - 2010-07-29 17:14 - 00562176 _____ () C:\Users\Ralph\Documents\Einnahmen_Ausgaben.xls
2014-03-31 02:51 - 2014-04-16 13:28 - 88028728 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-03-31 01:13 - 2014-04-09 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-03-31 00:57 - 2014-04-09 06:20 - 17073152 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-03-30 07:50 - 2012-10-06 15:09 - 00002423 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-03-30 07:50 - 2012-10-06 15:08 - 00000000 ____D () C:\Windows\System32\Drivers\N360
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
==================== BCD ================================
Windows-Start-Manager
---------------------
Bezeichner {bootmgr}
device partition=E:
description Windows Boot Manager
locale de-DE
inherit {globalsettings}
default {default}
resumeobject {a0e89030-dde7-11de-83b7-ba3f2b43558c}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30
Windows-Startladeprogramm
-------------------------
Bezeichner {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale de-DE
inherit {bootloadersettings}
recoverysequence {current}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {a0e89030-dde7-11de-83b7-ba3f2b43558c}
nx OptIn
bootlog Yes
Windows-Startladeprogramm
-------------------------
Bezeichner {a0e89032-dde7-11de-83b7-ba3f2b43558c}
device ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{a0e89033-dde7-11de-83b7-ba3f2b43558c}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{a0e89033-dde7-11de-83b7-ba3f2b43558c}
systemroot \windows
nx OptIn
winpe Yes
Windows-Startladeprogramm
-------------------------
Bezeichner {current}
device ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{a0e89037-dde7-11de-83b7-ba3f2b43558c}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{a0e89037-dde7-11de-83b7-ba3f2b43558c}
systemroot \windows
nx OptIn
winpe Yes
Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner {a0e89030-dde7-11de-83b7-ba3f2b43558c}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale de-DE
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No
Windows-Speichertestprogramm
----------------------------
Bezeichner {memdiag}
device partition=E:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale de-DE
inherit {globalsettings}
badmemoryaccess Yes
EMS-Einstellungen
-----------------
Bezeichner {emssettings}
bootems Yes
Debuggereinstellungen
---------------------
Bezeichner {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM-Defekte
-----------
Bezeichner {badmemory}
Globale Einstellungen
---------------------
Bezeichner {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Startladeprogramm-Einstellungen
-------------------------------
Bezeichner {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisoreinstellungen
-------------------
Bezeichner {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner {resumeloadersettings}
inherit {globalsettings}
Ger„teoptionen
--------------
Bezeichner {a0e89033-dde7-11de-83b7-ba3f2b43558c}
description Ramdisk Options
ramdisksdidevice partition=E:
ramdisksdipath \Recovery\WindowsRE\boot.sdi
Ger„teoptionen
--------------
Bezeichner {a0e89037-dde7-11de-83b7-ba3f2b43558c}
description Ramdisk Options
ramdisksdidevice partition=E:
ramdisksdipath \Recovery\WindowsRE\boot.sdi
==================== Memory info ===========================
Percentage of memory in use: 14%
Total physical RAM: 3932.62 MB
Available physical RAM: 3361.37 MB
Total Pagefile: 3930.89 MB
Available Pagefile: 3369.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1963.14 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:50 GB) (Free:5.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:246.08 GB) (Free:226.49 GB) NTFS
Drive e: (WINRE) (Fixed) (Total:2 GB) (Free:1.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.13 GB) (Free:0.12 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: D22F9EB7)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=246 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 965 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=963 MB) - (Type=06)
LastRegBack: 2014-04-16 09:02
==================== End Of Log ============================
|
|
29.04.2014, 19:20
| #2 |
| /// TB-Ausbilder   | Windows 7: Interpol Meldung Rechner gesprerrt! Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst. Ich bedanke mich für deine Geduld  |
|
29.04.2014, 19:20
| #3 |
| /// the machine /// TB-Ausbilder    | Windows 7: Interpol Meldung Rechner gesprerrt! hi,
__________________Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Startup: C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4h8zhlcy.lnk
ShortcutTarget: 4h8zhlcy.lnk -> C:\ProgramData\2992199F9A\yclhz8h4.cpp (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\2992199F9A\yclhz8h4.cpp [186433 2014-04-12] (Microsoft Corporation)
2014-04-12 07:07 - 2014-04-29 18:30 - 00000000 ____D () C:\ProgramData\2992199F9A
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Rechner normal starten.
__________________ |
|
29.04.2014, 19:28
| #4 |
| | Windows 7: Interpol Meldung Rechner gesprerrt! Hallo, hier das File: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-04-2014
Ran by SYSTEM at 2014-04-29 20:25:07 Run:1
Running from G:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
Startup: C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4h8zhlcy.lnk
ShortcutTarget: 4h8zhlcy.lnk -> C:\ProgramData\2992199F9A\yclhz8h4.cpp (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\2992199F9A\yclhz8h4.cpp [186433 2014-04-12] (Microsoft Corporation)
2014-04-12 07:07 - 2014-04-29 18:30 - 00000000 ____D () C:\ProgramData\2992199F9A
*****************
C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4h8zhlcy.lnk => Moved successfully.
C:\ProgramData\2992199F9A\yclhz8h4.cpp => Moved successfully.
Winmgmt => Service restored successfully.
C:\ProgramData\2992199F9A => Moved successfully.
==== End of Fixlog ====
Danke Danke Was nun?? |
|
29.04.2014, 19:32
| #5 |
| /// the machine /// TB-Ausbilder | Windows 7: Interpol Meldung Rechner gesprerrt! Ab jetzt im normalen Modus: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.04.2014, 20:28
| #6 |
| | Windows 7: Interpol Meldung Rechner gesprerrt! Hier die gewünschten Files: 1. FRST.txt FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-04-2014
Ran by Ralph (administrator) on RALPH-PC on 29-04-2014 20:34:39
Running from C:\Users\Ralph\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\21.2.0.38\N360.exe
(Fujitsu Technology Solutions) C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\21.2.0.38\N360.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(CyberLink Corp.) C:\Program Files\CyberLink\YouCam\YouCamTray.exe
(Fujitsu Technology Solutions) C:\Program Files\Fujitsu OSD Utility\OSDUtility.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7514656 2009-05-23] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-23] (Realtek Semiconductor Corp.)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [YouCam Mirror Tray icon] => C:\Program Files\CyberLink\YouCam\YouCamTray.exe [162912 2009-07-08] (CyberLink Corp.)
HKLM\...\Run: [Fujitsu OSD Utility] => C:\Program Files\Fujitsu OSD Utility\OSDUtility.exe [733184 2009-04-03] (Fujitsu Technology Solutions)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [NPSStartup] => [X]
HKLM\...\Run: [LexwareInfoService] => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [339312 2010-09-15] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [296056 2012-06-03] (RealNetworks, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\Winlogon: [Shell] Explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-19\...\Winlogon: [Shell] Explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] Explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-1315078092-3017167526-1762349163-1000\...\Run: [AutoStartNPSAgent] => C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [102400 2010-08-06] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1315078092-3017167526-1762349163-1000\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\S-1-5-21-1315078092-3017167526-1762349163-1000\...\Winlogon: [Shell] Explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.ts.fujitsu.com/index2
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.rockantenne.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.22find.com/?utm_source=b&utm_medium=sfp12&from=sfp12&uid=WDCXWD3200BEVT-22ZCT0_WD-WXV0E99DFNA2DFNA2&ts=1363251855
SearchScopes: HKCU - {51202484-D710-4483-A626-807BBC74A7E8} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @real.com/nppl3260;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [FFToolbar@bitdefender.com] - C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-11-13]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\coFFPlgn\ []
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\IPSFF [2013-10-12]
FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\Ralph\AppData\Roaming\5018
FF Extension: Java String Helper - C:\Users\Ralph\AppData\Roaming\5018 [2011-06-15]
========================== Services (Whitelisted) =================
S3 HRService; C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe [71024 2010-10-25] ()
R2 N360; C:\Program Files\Norton 360 Premier Edition\Engine\21.2.0.38\N360.exe [265040 2014-03-12] (Symantec Corporation)
R2 TestHandler; C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [341264 2009-02-19] (Fujitsu Technology Solutions)
==================== Drivers (Whitelisted) ====================
R1 BHDrvx86; C:\Program Files\Norton 360 Premier Edition\NortonData\21.0.2.1\Definitions\BASHDefs\20140409.001\BHDrvx86.sys [1098968 2014-03-19] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1502000.026\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
R1 IDSVix86; C:\Program Files\Norton 360 Premier Edition\NortonData\21.0.2.1\Definitions\IPSDefs\20140417.001\IDSvix86.sys [395992 2014-03-26] (Symantec Corporation)
R3 NAVENG; C:\Program Files\Norton 360 Premier Edition\NortonData\21.0.2.1\Definitions\VirusDefs\20140418.004\NAVENG.SYS [93272 2013-10-11] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton 360 Premier Edition\NortonData\21.0.2.1\Definitions\VirusDefs\20140418.004\NAVEX15.SYS [1612376 2013-10-11] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360\1502000.026\SRTSP.SYS [664280 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1502000.026\SRTSPX.SYS [32344 2013-07-31] (Symantec Corporation)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1502000.026\SYMDS.SYS [367704 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1502000.026\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-10-12] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1502000.026\Ironx86.SYS [206936 2013-07-31] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360\1502000.026\SYMNETS.SYS [447704 2014-02-18] (Symantec Corporation)
U2 wuaserv;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-29 20:55 - 2014-04-29 20:34 - 00000000 ____D () C:\FRST
2014-04-29 20:34 - 2014-04-29 20:34 - 00012996 _____ () C:\Users\Ralph\Desktop\FRST.txt
2014-04-29 20:34 - 2014-04-29 20:33 - 01049600 _____ (Farbar) C:\Users\Ralph\Desktop\FRST.exe
2014-04-29 20:31 - 2014-04-29 20:31 - 00006180 _____ () C:\Windows\system32\PerfStringBackup.TMP
2014-04-29 20:27 - 2014-04-29 20:27 - 00000360 _____ () C:\Windows\PFRO.log
2014-04-18 22:37 - 2014-04-29 20:27 - 00094752 _____ () C:\Windows\setupact.log
2014-04-18 22:37 - 2014-04-18 22:37 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-16 14:28 - 2014-03-31 03:51 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-13 10:12 - 2014-04-13 10:12 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-04-12 14:43 - 2014-04-13 10:12 - 00000000 ____D () C:\Users\Ralph\AppData\Roaming\Nico Mak Computing
2014-04-12 14:34 - 2014-04-12 14:38 - 340465664 _____ () C:\Users\Ralph\Downloads\kav_rescue_10-0513.iso
2014-04-11 09:20 - 2014-04-11 09:20 - 00000000 ____D () C:\Users\Ralph\Desktop\Neuer Ordner (2)
2014-04-09 07:20 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 07:20 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 07:20 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 07:20 - 2014-02-04 04:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 07:20 - 2014-02-04 04:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 07:20 - 2014-02-04 04:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 07:20 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 07:20 - 2014-01-24 04:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
==================== One Month Modified Files and Folders =======
2014-04-29 20:34 - 2014-04-29 20:55 - 00000000 ____D () C:\FRST
2014-04-29 20:34 - 2014-04-29 20:34 - 00012996 _____ () C:\Users\Ralph\Desktop\FRST.txt
2014-04-29 20:33 - 2014-04-29 20:34 - 01049600 _____ (Farbar) C:\Users\Ralph\Desktop\FRST.exe
2014-04-29 20:31 - 2014-04-29 20:31 - 00006180 _____ () C:\Windows\system32\PerfStringBackup.TMP
2014-04-29 20:31 - 2013-10-07 10:47 - 01154689 _____ () C:\Windows\WindowsUpdate.log
2014-04-29 20:27 - 2014-04-29 20:27 - 00000360 _____ () C:\Windows\PFRO.log
2014-04-29 20:27 - 2014-04-18 22:37 - 00094752 _____ () C:\Windows\setupact.log
2014-04-29 20:27 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-29 19:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-04-29 18:36 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-29 18:36 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-18 22:37 - 2014-04-18 22:37 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-17 07:15 - 2009-12-23 23:21 - 00000000 ____D () C:\Users\Ralph\Documents\Youcam
2014-04-16 14:31 - 2013-08-13 20:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-16 10:10 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-04-16 07:34 - 2013-11-05 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-04-13 10:12 - 2014-04-13 10:12 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-04-13 10:12 - 2014-04-12 14:43 - 00000000 ____D () C:\Users\Ralph\AppData\Roaming\Nico Mak Computing
2014-04-13 08:16 - 2012-06-23 09:39 - 00000000 ____D () C:\Users\Ralph\AppData\Local\NPE
2014-04-12 14:38 - 2014-04-12 14:34 - 340465664 _____ () C:\Users\Ralph\Downloads\kav_rescue_10-0513.iso
2014-04-11 09:20 - 2014-04-11 09:20 - 00000000 ____D () C:\Users\Ralph\Desktop\Neuer Ordner (2)
2014-04-09 13:25 - 2010-01-17 14:38 - 00000000 ____D () C:\Users\Ralph
2014-04-09 13:23 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-04-09 08:23 - 2009-08-22 06:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-04 10:53 - 2010-07-29 18:14 - 00562176 _____ () C:\Users\Ralph\Documents\Einnahmen_Ausgaben.xls
2014-03-31 03:51 - 2014-04-16 14:28 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-31 02:13 - 2014-04-09 07:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 01:57 - 2014-04-09 07:20 - 17073152 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-30 08:50 - 2013-10-12 15:46 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 Premier Edition
2014-03-30 08:50 - 2012-10-06 16:09 - 00002423 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-03-30 08:50 - 2012-10-06 16:08 - 00000000 ____D () C:\Windows\system32\Drivers\N360
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-16 10:02
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- 2.Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-04-2014
Ran by Ralph at 2014-04-29 20:35:15
Running from C:\Users\Ralph\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Norton 360 Premier Edition (Enabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 Premier Edition (Enabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1908.7636 - CyberLink Corp.)
CyberLink YouCam (Version: 3.0.1908.7636 - CyberLink Corp.) Hidden
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.0.20140212 - Landesfinanzdirektion Thüringen)
Fotobuchhelden 2.1 (HKLM\...\Fotobuchhelden_is1) (Version: Fotobuchhelden 2.1 - )
FreeStar Free WAV MP3 Converter 1.0.4 (HKLM\...\FreeStar Free WAV MP3 Converter) (Version: 1.0.4 - FreeStar, Org.)
Fujitsu OSD Utility (HKLM\...\InstallShield_{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}) (Version: 1.2.1.6 - Quanta Computer Inc.)
Fujitsu OSD Utility (Version: 1.2.1.6 - Quanta Computer Inc.) Hidden
Haufe iDesk-Browser (HKLM\...\{0F32914F-A633-4516-B531-7084C8F19F93}) (Version: 10.10.14.0000 - Haufe-Lexware GmbH & Co. KG)
Haufe iDesk-Service (HKLM\...\{27F10580-E040-11DF-8C28-005056B12123}) (Version: 10.10.25.7810 - Haufe)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Java Auto Updater (Version: 2.0.5.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
Konz 2010 - 1000 ganz legale Steuertricks (HKLM\...\InstallShield_{914A1515-3CF7-4800-8CDB-84C649FC17EF}) (Version: 1.00.0000 - USM)
Konz 2010 - 1000 ganz legale Steuertricks (Version: 1.00.0000 - USM) Hidden
Konz 2012 (HKLM\...\InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}) (Version: 1.00.0000 - USM)
Konz 2012 (Version: 1.00.0000 - USM) Hidden
KONZ-Steuer-2014 (HKLM\...\InstallShield_{20F1078B-E3B6-4DA1-9570-003DE110890A}) (Version: 1.00.0000 - USM)
KONZ-Steuer-2014 (Version: 1.00.0000 - USM) Hidden
Lexware Info Service (HKLM\...\{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}) (Version: 2.70.00.0081 - Haufe-Lexware GmbH & Co.KG)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton 360 (HKLM\...\N360) (Version: 21.2.0.38 - Symantec Corporation)
PC Connectivity Solution (HKLM\...\{AC599724-5755-48C1-ABE7-ABB857652930}) (Version: 8.15.0.0 - Nokia)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.4 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Rossmann Fotowelt Software 4.13 (HKLM\...\Rossmann Fotowelt Software) (Version: 4.13 - ORWO Net)
SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version: - )
Samsung Mobile Modem Device Software (HKLM\...\Samsung Mobile Modem Device) (Version: - )
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - )
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Mobile Device Software (HKLM\...\SAMSUNG USB Mobile Device) (Version: - )
SamsungConnectivityCableDriver (HKLM\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung)
Steuer 2009 (HKLM\...\{410AB9BC-B057-4D39-9260-660EE1B4BED2}) (Version: 16.00.00.0039 - Lexware GmbH & Co. KG)
Steuer 2010 (HKLM\...\{4B526075-AF27-47A2-860D-3DA92928A051}) (Version: 17.00.00.0062 - Haufe-Lexware GmbH & Co.KG)
Steuer 2012 (HKLM\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Steuer 2013 (HKLM\...\{05AEF487-8926-48A9-B5BA-9BED72BC6B1C}) (Version: 21.00.8480 - Buhl Data Service GmbH)
SystemDiagnostics (HKLM\...\{EF59DB7F-7426-426E-B862-7031F83ED304}) (Version: 2.04.0006 - Fujitsu Technology Solutions)
TomTom HOME (HKLM\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) (HKLM\...\3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F) (Version: 10/12/2007 6.85.4.0 - Nokia)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1F465554-F6C4-4B80-8390-6DC98E5801C1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {283C9AEC-9F88-4781-8282-61694DB3F646} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1315078092-3017167526-1762349163-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {3526B3C8-E976-455C-8097-A3793C5C2DA4} - System32\Tasks\{051D0C16-41DE-4CF6-813D-A459D59271B2} => C:\Program Files\Norton 360 Premier Edition\Engine\6.2.1.5\uiStub.exe
Task: {775C0408-C0D0-4E66-BFAC-75A119749215} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1315078092-3017167526-1762349163-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {8B23088A-24D9-4E86-A362-94602ACA99FC} - System32\Tasks\{E4C5BD06-31F3-4D54-9062-00643F1E691C} => C:\Program Files\Norton 360 Premier Edition\Engine\6.2.1.5\uiStub.exe
Task: {BEB574B9-2CE0-4B81-AD5E-11B2DDA54366} - System32\Tasks\{D030D5F8-DCC3-49C2-8E04-C8AA264B114D} => C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
Task: {C571622D-DCC1-420C-AB08-4E5983DFBCED} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360 Premier Edition\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C64D54DB-B35B-46E4-BF18-AD0E5A3E9B70} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360 Premier Edition\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {EBB26E1C-1236-4B3B-BA5B-501BAB430809} - System32\Tasks\RunAsStdUser => C:\Program Files\Desk 365\desk365.exe [2013-03-14] (337 Technology Limited.) <==== ATTENTION
Task: {EC3C468F-DB41-44A4-A38E-2646E13107F5} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360 Premier Edition\Engine\21.2.0.38\WSCStub.exe [2014-03-12] (Symantec Corporation)
==================== Loaded Modules (whitelisted) =============
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (04/29/2014 08:31:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "009" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (04/29/2014 08:31:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "007" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (04/29/2014 08:31:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "009" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (04/29/2014 08:31:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "007" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (04/18/2014 10:50:00 PM) (Source: Application Hang) (User: )
Description: Programm explorer.exe, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 560
Startzeit: 01cf5b4796b3b006
Endzeit: 62
Anwendungspfad: C:\Windows\explorer.exe
Berichts-ID: ea2e27b4-c73a-11e3-a980-00269e81ff8c
Error: (04/18/2014 10:49:08 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (04/18/2014 10:48:44 PM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 63c
Startzeit: 01cf5b46ad7fa792
Endzeit: 0
Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID: c790ddf5-c73a-11e3-a980-00269e81ff8c
Error: (04/18/2014 10:38:28 PM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (04/18/2014 10:38:28 PM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (04/18/2014 10:38:28 PM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (04/29/2014 07:40:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/29/2014 07:40:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/29/2014 07:39:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/29/2014 07:39:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/29/2014 07:38:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/29/2014 07:38:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/29/2014 07:37:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/29/2014 07:37:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/29/2014 07:36:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/29/2014 07:36:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Microsoft Office Sessions:
=========================
Error: (09/04/2013 09:08:32 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 49 seconds with 0 seconds of active time. This session ended with a crash.
Error: (03/02/2013 02:12:20 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1857 seconds with 600 seconds of active time. This session ended with a crash.
Error: (11/22/2012 08:24:55 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 135 seconds with 60 seconds of active time. This session ended with a crash.
Error: (09/18/2010 03:13:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 34 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 42%
Total physical RAM: 2908.62 MB
Available physical RAM: 1685.05 MB
Total Pagefile: 5815.52 MB
Available Pagefile: 4622.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1927.07 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:50 GB) (Free:5.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:246.08 GB) (Free:226.49 GB) NTFS
Drive f: () (Removable) (Total:0.94 GB) (Free:0.92 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: D22F9EB7)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=246 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 965 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=963 MB) - (Type=06)
==================== End Of Log ============================
Gruß Schippie Bis hierher erst mal recht Herzlichen Dank für die überaus super schnelle Hilfe Danke, Danke, Danke, Gruß und gute Nacht Schippie |
|
30.04.2014, 23:44
| #7 |
| /// the machine /// TB-Ausbilder | Windows 7: Interpol Meldung Rechner gesprerrt! hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7: Interpol Meldung Rechner gesprerrt! |
| adobe, association, bootmgr, danke für eure hilfe!, desktop, download, explorer, explorer.exe, gesperrt, home, i8042prt.sys, ics, microsoft, ordner, realplayer, realtek, registry, scan, services.exe, svchost.exe, symantec, system, trojaner, usbvideo.sys, webcam, windows, windows xp, winlogon, winlogon.exe |
WARNUNG an die MITLESER: 
Linear-Darstellung
