|
Plagegeister aller Art und deren Bekämpfung: LaptopBildschirm leuchtet schwarzWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
31.08.2014, 19:29 | #1 |
| LaptopBildschirm leuchtet schwarz Hallo, Ich kann meinen Laptop nichtmehr starten,er hat Windows 8 und ging bis gestern ohne Probleme,wenn ich ihn jetzt anmache kommt zuerst wie gewohnt das hp Symbol dann mein Willkommenesbildschirm. Daraufhin wird der Bildschirm aber schwarz er leuchtet zwar noch aber ist schwarz,die Maus kann ich allerdings trotzdem noch sehen und bewegen ich bin ratlos und für jede Hilfe dankbar.. Ich habe schon probiert in den abgesicherten Modus zu gelangen und auch den letzten kofigurationszustand wiederherzustellen beides ohne Erfolg. Danke schon mal für die Hilfe . Liebe Grüße |
31.08.2014, 20:30 | #2 |
/// the machine /// TB-Ausbilder | LaptopBildschirm leuchtet schwarz Hi,
__________________Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
__________________ |
31.08.2014, 21:43 | #3 |
| LaptopBildschirm leuchtet schwarz Habs nicht in Code Tags geschafft
__________________Hoffe es geht auch soFRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 02 Ran by Jana at 2014-08-31 23:29:25 Running from G:\ Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) BrowserSafeguard (HKLM-x32\...\Browsersafeguard) (Version: - Browsersafeguard) <==== ATTENTION Classic Shell (HKLM\...\{98BB5224-BC5D-4028-9D20-536C1C263AA9}) (Version: 4.0.2 - IvoSoft) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.) CyberLink LabelPrint (x32 Version: 2.5.4.6515 - CyberLink Corp.) Hidden CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.) CyberLink Media Suite 10 (x32 Version: 10.0.4.2928 - CyberLink Corp.) Hidden Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4128 - CyberLink Corp.) Cyberlink PhotoDirector (x32 Version: 3.0.2.4128 - CyberLink Corp.) Hidden CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.3026 - CyberLink Corp.) CyberLink Power2Go 8 (x32 Version: 8.0.4.3026 - CyberLink Corp.) Hidden CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3021 - CyberLink Corp.) CyberLink PowerDirector 10 (x32 Version: 10.0.4.3021 - CyberLink Corp.) Hidden CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1.3024 - CyberLink Corp.) CyberLink PowerDVD 12 (x32 Version: 12.0.1.3024 - CyberLink Corp.) Hidden CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1.2922 - CyberLink Corp.) CyberLink YouCam (x32 Version: 5.0.1.2922 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Desk 365 (HKLM-x32\...\Desk 365) (Version: 1.15.10 - 337 Technology Limited.) <==== ATTENTION Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.63.5 - Electronic Arts) Die Sims™ 3 Design-Garten-Accessoires (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts) Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts) Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts) Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts) DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company) Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.2.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM-x32\...\{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}) (Version: 6.0.9.1 - Ihr Firmenname) HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd) HP Connected Music (Meridian - player) (HKCU\...\HPConnectedMusic) (Version: 1.1 (build 112) hp - Meridian Audio Ltd) HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company) HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden HP Documentation (HKLM-x32\...\{61245005-66F1-4001-AEE8-2E2D36F65C28}) (Version: 1.1.0.0 - Hewlett-Packard) HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Officejet 6700 - Grundlegende Software für das Gerät (HKLM\...\{9086D601-50B7-491D-A143-28193DADE36B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Officejet 6700 Hilfe (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard) HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden HP Quick Start (HKLM-x32\...\{BB27C290-AB30-4D9E-A5D1-88745AAE42E9}) (Version: 1.0.4660.30220 - Hewlett-Packard) HP Recovery Manager (x32 Version: 11.00 - Hewlett-Packard) Hidden HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6838.4521 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{C88F84E5-AE23-44BD-922C-2ABEACACAF7A}) (Version: 7.2.23.56 - Hewlett-Packard Company) HP System Event Utility (HKLM-x32\...\{1C5BBAD8-4079-4014-8803-751333FBC112}) (Version: 1.0.8 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard) HP Utility Center (HKLM\...\{A48BD764-CFDF-40A5-A07A-710908044F5D}) (Version: 2.2.2 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company) HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.11.0.001 - HTC Corporation) HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.13.0 - HTC) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) IePluginService12.27.0.3326 (HKLM-x32\...\IePlugins) (Version: 12.27.0.3326 - Cherished Technololgy LIMITED) <==== ATTENTION Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3224 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation) Intel(R) Rapid Storage Technology (Version: 12.6.0.1033 - Intel Corporation) Hidden Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.5.0.28 - Symantec Corporation) NVIDIA Grafiktreiber 311.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.70 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Systemsteuerung 311.70 (Version: 311.70 - NVIDIA Corporation) Hidden NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: - ) <==== ATTENTION Origin (HKLM-x32\...\Origin) (Version: 8.4.1.210 - Electronic Arts, Inc.) Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 1.1.9200.15 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6923 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.) Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.16.31.75 - Client Connect LTD) <==== ATTENTION Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB) SpyHunter (HKLM\...\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC) Studie zur Verbesserung von HP Officejet 6700 Produkten (HKLM\...\{4EE2A4CB-47B0-4412-808C-D556E3940598}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) SupTab (HKLM-x32\...\SupTab) (Version: 1.1.1.0 - ) <==== ATTENTION swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated) topdeal (HKLM-x32\...\{9B149088-3FB6-875E-C1A4-A25A6E9D278D}) (Version: - teopdEal) Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) WPM17.8.0.3325 (HKLM-x32\...\WPM) (Version: 17.8.0.3325 - Cherished Technololgy LIMITED) <==== ATTENTION ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 31-07-2014 00:10:55 Geplanter Prüfpunkt 09-08-2014 20:12:14 Geplanter Prüfpunkt 18-08-2014 17:01:04 Geplanter Prüfpunkt 22-08-2014 13:28:13 Garmin Express 22-08-2014 13:28:57 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 27-08-2014 20:51:37 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 08:26 - 2012-07-26 08:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0698C224-D46A-4C8D-8592-90A71F40ACD8} - System32\Tasks\HPCustParticipation HP Officejet 6700 => C:\Program Files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.) Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {35CDCE26-E67B-4259-A789-74978C496A03} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe [2014-02-24] (337 Technology Limited.) <==== ATTENTION Task: {37189418-64E2-45E7-A8E8-3B40A769493F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company) Task: {38DA6E70-F907-48CA-9FF1-61E13180398A} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\WSCStub.exe [2014-04-30] (Symantec Corporation) Task: {3C567A11-A66B-49FC-9951-7356F832A27F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company) Task: {44E09B8E-ADB9-43DE-9524-24E4D0CB99F5} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe <==== ATTENTION Task: {50AE197C-1328-4F1D-9FB4-4E1FC0C6F8B2} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation) Task: {530C3199-9D35-4538-B066-478BAB1E08BD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-14] (Adobe Systems Incorporated) Task: {90B91799-A86A-4FE6-8DB3-D2ADF66D7FEB} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink) Task: {976099A0-C9D8-4120-A6E0-22F5A4C6D636} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.) Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {B6778BEE-4EFF-45B2-BA91-1F01638B29A6} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation) Task: {C606D238-6D5E-484C-8871-21CD71851958} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.) Task: {C67E34E7-0FFF-45C7-B7D5-419BCF50C92D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-31] (Microsoft Corporation) Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {D50AB89B-1C2D-4814-8632-B98DB882068C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company) Task: {DA08B6C3-7D82-4BCD-AADD-428592E6A8E8} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation) Task: {E0DBAAAB-53CF-4183-B6E7-F12A3F371974} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2014-01-09] (Enigma Software Group USA, LLC.) Task: {E3BF5546-D96C-4A36-989C-02414AE5F518} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] () Task: {EA6ADA93-FDF0-42D3-9464-937D8E17B5EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16] (Google Inc.) Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {F7799F95-3A2A-4935-A556-36E03355A2B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:373E1720 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/31/2014 06:08:01 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (08/31/2014 05:41:44 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (08/30/2014 07:47:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 20391 Error: (08/30/2014 07:47:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 20391 Error: (08/30/2014 07:47:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/28/2014 00:14:52 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8672 Error: (08/28/2014 00:14:52 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8672 Error: (08/28/2014 00:14:52 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/27/2014 11:39:18 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 23047 Error: (08/27/2014 11:39:18 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 23047 System errors: ============= Error: (08/31/2014 11:28:17 PM) (Source: DCOM) (EventID: 10005) (User: Notebook) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (08/31/2014 11:23:41 PM) (Source: DCOM) (EventID: 10005) (User: Notebook) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (08/31/2014 11:23:33 PM) (Source: DCOM) (EventID: 10005) (User: Notebook) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (08/31/2014 11:23:28 PM) (Source: DCOM) (EventID: 10005) (User: Notebook) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (08/31/2014 11:22:57 PM) (Source: DCOM) (EventID: 10005) (User: Notebook) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (08/31/2014 11:20:40 PM) (Source: DCOM) (EventID: 10005) (User: Notebook) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (08/31/2014 11:20:32 PM) (Source: DCOM) (EventID: 10005) (User: Notebook) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (08/31/2014 11:20:26 PM) (Source: DCOM) (EventID: 10005) (User: Notebook) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (08/31/2014 11:20:15 PM) (Source: DCOM) (EventID: 10005) (User: Notebook) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (08/31/2014 11:18:17 PM) (Source: DCOM) (EventID: 10005) (User: Notebook) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Microsoft Office Sessions: ========================= Error: (08/31/2014 06:08:01 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (08/31/2014 05:41:44 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (08/30/2014 07:47:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 20391 Error: (08/30/2014 07:47:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 20391 Error: (08/30/2014 07:47:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/28/2014 00:14:52 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8672 # Error: (08/28/2014 00:14:52 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8672 Error: (08/28/2014 00:14:52 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/27/2014 11:39:18 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 23047 Error: (08/27/2014 11:39:18 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 23047 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz Percentage of memory in use: 20% Total physical RAM: 7962.14 MB Available physical RAM: 6290.55 MB Total Pagefile: 9178.14 MB Available Pagefile: 7816.51 MB Total Virtual: 8192 MB Available Virtual: 8191.78 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:444.38 GB) (Free:345.82 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:20.61 GB) (Free:2.08 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive g: (KINGSTON) (Removable) (Total:3.73 GB) (Free:2.62 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 298DD091) Partition: GPT Partition Type. ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=3.7 GB) - (Type=0C) ==================== End Of Log ============================ |
01.09.2014, 14:44 | #4 |
/// the machine /// TB-Ausbilder | LaptopBildschirm leuchtet schwarz da fehlt noch die FRST.txt
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
01.09.2014, 19:59 | #5 |
| LaptopBildschirm leuchtet schwarz Ists das ? Also ich hab irgendwie nur FRST keine ahnung obs das selbe ist :x FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02 Ran by Jana (administrator) on NOTEBOOK on 31-08-2014 23:24:18 Running from G:\ Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 10 Boot Mode: Safe Mode (with Networking) The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Microsoft Corporation) C:\Windows\HelpPane.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\navw32.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-28] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated) HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-01] (Hewlett-Packard Company) HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-22] (CyberLink Corp.) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-05-03] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [BrowserSafeguard] => C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe [420352 2014-02-21] (BrowserSafeguard) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2851490820-193321799-296638527-1002\...\Run: [Spotify] => C:\Users\Jana\AppData\Roaming\Spotify\Spotify.exe [6162488 2014-07-26] (Spotify Ltd) HKU\S-1-5-21-2851490820-193321799-296638527-1002\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent HKU\S-1-5-21-2851490820-193321799-296638527-1002\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-2851490820-193321799-296638527-1002\...\Run: [Desk 365] => C:\Program Files (x86)\Desk 365\desk365.exe [1013808 2014-02-24] (337 Technology Limited.) HKU\S-1-5-21-2851490820-193321799-296638527-1002\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [135160 2014-01-28] (PC Utilities Software Limited) HKU\S-1-5-21-2851490820-193321799-296638527-1002\...\Run: [BrowserSafeguard] => "C:\Users\Jana\AppData\Local\BrowserSafeguard\BrowserSafeguard.exe" HKU\S-1-5-21-2851490820-193321799-296638527-1002\...\Run: [InetStat] => C:\Users\Jana\AppData\Roaming\InetStat\inetstat.exe [1325536 2014-07-14] () HKU\S-1-5-21-2851490820-193321799-296638527-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries) HKU\S-1-5-21-2851490820-193321799-296638527-1002\...\MountPoints2: {1c72053d-e1b6-11e3-be8b-a0d3c15ce10c} - "F:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-2851490820-193321799-296638527-1002\...\MountPoints2: {522a3e75-82c2-11e3-be7d-a0d3c15ce10c} - "F:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-2851490820-193321799-296638527-1002\...\MountPoints2: {5ab8fab4-9bbf-11e3-be7f-a0d3c15ce10c} - "F:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-2851490820-193321799-296638527-1002\...\MountPoints2: {95577dba-52a0-11e3-be73-806e6f6e6963} - "E:\Autorun.exe" AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [232896 2014-08-15] (Client Connect LTD) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-05-25] (NVIDIA Corporation) AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [2681648 2014-02-24] () AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [187328 2014-08-15] (Client Connect LTD) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [201576 2013-05-25] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:49333;https=127.0.0.1:49333 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = V9 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393266165&from=adks&uid=TOSHIBAXMQ01ABF050_X3C3CQXXTXXX3C3CQXXT&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = V9 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = V9 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1393266165&from=adks&uid=TOSHIBAXMQ01ABF050_X3C3CQXXTXXX3C3CQXXT&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393266165&from=adks&uid=TOSHIBAXMQ01ABF050_X3C3CQXXTXXX3C3CQXXT&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = V9 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = V9 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1393266165&from=adks&uid=TOSHIBAXMQ01ABF050_X3C3CQXXTXXX3C3CQXXT&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe V9 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393266165&from=adks&uid=TOSHIBAXMQ01ABF050_X3C3CQXXTXXX3C3CQXXT&q={searchTerms} SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393266165&from=adks&uid=TOSHIBAXMQ01ABF050_X3C3CQXXTXXX3C3CQXXT&q={searchTerms} SearchScopes: HKLM - {995F4BA9-CC4A-41A0-B361-FA996141DF9F} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393266165&from=adks&uid=TOSHIBAXMQ01ABF050_X3C3CQXXTXXX3C3CQXXT&q={searchTerms} SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393266165&from=adks&uid=TOSHIBAXMQ01ABF050_X3C3CQXXTXXX3C3CQXXT&q={searchTerms} SearchScopes: HKLM-x32 - {995F4BA9-CC4A-41A0-B361-FA996141DF9F} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M9E8471E4-28B6-434B-B20A-DA1060B36D78&SearchSource=58&CUI=&UM=6&UP=SP5EB57C92-B171-4E93-93FF-57A8D6588691&q={searchTerms}&SSPV= SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M9E8471E4-28B6-434B-B20A-DA1060B36D78&SearchSource=58&CUI=&UM=6&UP=SP5EB57C92-B171-4E93-93FF-57A8D6588691&q={searchTerms}&SSPV= SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393266165&from=adks&uid=TOSHIBAXMQ01ABF050_X3C3CQXXTXXX3C3CQXXT&q={searchTerms} SearchScopes: HKCU - {995F4BA9-CC4A-41A0-B361-FA996141DF9F} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File FireFox: ======== FF ProfilePath: C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\3miphcif.default FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M9E8471E4-28B6-434B-B20A-DA1060B36D78&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP5EB57C92-B171-4E93-93FF-57A8D6588691 FF DefaultSearchEngine: Trovi search FF SelectedSearchEngine: Trovi search FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M9E8471E4-28B6-434B-B20A-DA1060B36D78&SearchSource=55&CUI=&UM=6&UP=SP5EB57C92-B171-4E93-93FF-57A8D6588691&SSPV= FF NetworkProxy: "type", 4 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\3miphcif.default\searchplugins\trovi-search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\awesomehp.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn [2014-08-31] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF [2013-12-24] FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\3miphcif.default\extensions\quick_start@gmail.com FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M9E8471E4-28B6-434B-B20A-DA1060B36D78&SearchSource=55&CUI=&UM=6&UP=SP5EB57C92-B171-4E93-93FF-57A8D6588691&SSPV= CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M9E8471E4-28B6-434B-B20A-DA1060B36D78&SearchSource=55&CUI=&UM=6&UP=SP5EB57C92-B171-4E93-93FF-57A8D6588691&SSPV=" CHR NewTab: Default -> "chrome-extension://pelmeidfhdlhlbjimpabfcbnnojbboma/index.html" CHR DefaultSearchKeyword: Default -> trovi.search CHR DefaultSearchURL: Default -> http:\/\/www.trovi.com\/Results.aspx?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M9E8471E4-28B6-434B-B20A-DA1060B36D78&SearchSource=58&CUI=&UM=6&UP=SP5EB57C92-B171-4E93-93FF-57A8D6588691&q={searchTerms}&SSPV= CHR DefaultSuggestURL: Default -> http:\/\/suggest.seccint.com\/CSuggestJson.ashx?prefix={searchTerms} CHR Profile: C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-16] CHR Extension: (Google Drive) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-16] CHR Extension: (Norton Security Toolbar) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2014-07-27] CHR Extension: (YouTube) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-16] CHR Extension: (McAfee Security Scan+) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-22] CHR Extension: (Extended Protection) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml [2014-02-24] CHR Extension: (Google Search) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-16] CHR Extension: (Coupoonpeak) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohnfbdooelajhmfmdddeannkaebodii [2014-03-17] CHR Extension: (Google Wallet) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-16] CHR Extension: (Quick start) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-03-07] CHR Extension: (Gmail) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-16] CHR Extension: (Extutil) - C:\Users\Jana\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-07-27] CHR Extension: (Extended Protection) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.4_0\ [2014-07-27] CHR Extension: (Managera) - C:\Users\Jana\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-07-27] CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-02] CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2014-02-24] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [186496 2014-02-24] () S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG) S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2991552 2014-08-15] (Client Connect LTD) S2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-26] (CyberLink) S2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-26] (CyberLink) S2 desksvc; C:\Program Files (x86)\Desk 365\deskSvc.exe [425008 2014-02-24] (337 Technology Limited.) S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries) S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-06-07] (Hewlett-Packard Company) [File not signed] S2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-05-03] (Hewlett-Packard Development Company, L.P.) S2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-18] (Nero AG) S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation) S2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED) S2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation) S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-09] (Intel Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-09] (Intel Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation) S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed] S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-05-18] (Realtek Semiconductor) S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) S2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [493568 2014-02-24] (Cherished Technololgy LIMITED) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG) S1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-04] (Avira Operations GmbH & Co. KG) S1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG) S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation) S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation) S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-24] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-24] (Symantec Corporation) [File not signed] S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] () S2 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] () S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated) S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20140221.001\IDSvia64.sys [521944 2014-01-21] (Symantec Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-09] (Intel Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140223.018\ENG64.SYS [126040 2013-12-24] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140223.018\EX64.SYS [2099288 2013-12-24] (Symantec Corporation) S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [408136 2013-05-09] (Realsil Semiconductor Corporation) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2715208 2013-05-29] (Realtek Semiconductor Corporation ) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation) S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation) S3 SymDS; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation) S3 SymEFA; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation) S4 SymELAM; C:\Windows\system32\drivers\NISx64\1405000.01C\SymELAM.sys [23448 2012-11-15] (Symantec Corporation) S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-12-24] (Symantec Corporation) S3 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation) S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-31 23:23 - 2014-08-31 23:24 - 00000000 ____D () C:\FRST 2014-08-31 23:06 - 2014-08-31 23:06 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\dkjpjtlo.sys 2014-08-31 23:05 - 2014-08-31 23:05 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\wfsfisfw.sys 2014-08-31 23:05 - 2014-08-31 23:05 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\qwzaihap.sys 2014-08-31 23:04 - 2014-08-31 23:04 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-08-27 23:45 - 2014-08-23 09:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-27 23:45 - 2014-07-16 02:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-27 23:45 - 2014-07-12 05:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-26 23:34 - 2014-08-28 00:10 - 00318720 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-22 18:24 - 2014-07-16 01:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys 2014-08-22 18:11 - 2014-08-02 03:15 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-08-22 18:11 - 2014-08-02 03:15 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-08-22 18:04 - 2014-08-22 18:04 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-08-22 17:47 - 2014-06-11 01:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-22 17:47 - 2014-06-11 01:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-08-22 17:24 - 2014-08-22 17:24 - 01286520 _____ (Netviewer AG) C:\Users\Jana\Downloads\diagnose(2).exe 2014-08-22 17:23 - 2014-08-22 17:23 - 01286520 _____ (Netviewer AG) C:\Users\Jana\Downloads\diagnose.exe 2014-08-22 17:23 - 2014-08-22 17:23 - 01286520 _____ (Netviewer AG) C:\Users\Jana\Downloads\diagnose(1).exe 2014-08-22 17:10 - 2014-06-13 04:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-22 17:10 - 2014-06-13 04:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-08-22 17:09 - 2014-07-24 15:10 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-22 17:09 - 2014-07-24 15:10 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-22 17:09 - 2014-07-24 15:09 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-22 17:09 - 2014-07-24 15:09 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-22 17:09 - 2014-07-24 15:09 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-22 17:09 - 2014-07-24 15:09 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-22 17:09 - 2014-07-24 15:09 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-22 17:09 - 2014-07-24 15:09 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-22 17:09 - 2014-07-24 13:52 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-08-22 17:09 - 2014-07-24 13:52 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-08-22 17:09 - 2014-07-24 13:51 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-08-22 17:09 - 2014-07-24 13:51 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-08-22 17:09 - 2014-07-24 13:51 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-08-22 17:09 - 2014-07-24 13:51 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-08-22 17:09 - 2014-07-24 13:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-08-22 17:08 - 2014-08-07 09:33 - 00712192 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-08-22 17:08 - 2014-08-07 06:09 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-08-22 17:08 - 2014-07-24 15:11 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-22 17:08 - 2014-07-24 15:10 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2014-08-22 17:08 - 2014-07-24 15:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2014-08-22 17:08 - 2014-07-24 15:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-22 17:08 - 2014-07-24 15:09 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-08-22 17:08 - 2014-07-24 15:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-22 17:08 - 2014-07-24 15:09 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-22 17:08 - 2014-07-24 15:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-22 17:08 - 2014-07-24 15:09 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-08-22 17:08 - 2014-07-24 15:09 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-22 17:08 - 2014-07-24 15:09 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-22 17:08 - 2014-07-24 15:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-22 17:08 - 2014-07-24 15:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-22 17:08 - 2014-07-24 13:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2014-08-22 17:08 - 2014-07-24 13:51 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-08-22 17:08 - 2014-07-24 13:51 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-08-22 17:08 - 2014-07-24 13:51 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-08-22 17:08 - 2014-07-24 13:51 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-08-22 17:08 - 2014-07-24 13:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-08-22 17:08 - 2014-07-24 13:51 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-08-22 17:08 - 2014-07-24 13:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-08-22 17:08 - 2014-07-24 13:51 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-08-22 17:08 - 2014-07-24 13:51 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-08-22 17:08 - 2014-07-24 13:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-08-22 17:08 - 2014-07-24 13:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-08-22 17:08 - 2014-07-24 13:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-22 17:08 - 2014-07-24 13:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-08-22 17:08 - 2014-07-24 11:03 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2014-08-22 17:08 - 2014-07-01 01:42 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-08-22 17:08 - 2014-07-01 01:42 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-08-22 16:59 - 2014-06-06 17:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-08-22 16:59 - 2014-06-06 13:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-08-22 16:59 - 2014-06-05 20:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-22 16:59 - 2014-06-05 20:30 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2014-08-22 16:59 - 2014-06-05 20:29 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-22 16:59 - 2014-06-05 20:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-22 16:59 - 2014-06-05 20:28 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-22 16:59 - 2014-06-05 20:28 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2014-08-22 16:59 - 2014-06-05 16:12 - 08857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2014-08-22 16:59 - 2014-06-05 16:11 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-08-22 16:59 - 2014-06-05 16:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-08-22 16:59 - 2014-06-05 16:10 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-08-22 16:59 - 2014-06-05 16:10 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2014-08-22 16:58 - 2014-06-20 02:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-22 16:58 - 2014-06-20 01:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-08-22 16:57 - 2014-06-18 02:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-08-22 16:57 - 2014-06-18 02:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-08-22 16:57 - 2014-05-29 07:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2014-08-22 16:57 - 2014-05-08 04:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys 2014-08-22 16:56 - 2014-06-03 01:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2014-08-22 16:55 - 2014-05-30 02:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll 2014-08-22 16:55 - 2014-05-30 02:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll 2014-08-22 16:55 - 2014-05-30 02:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-08-22 16:55 - 2014-05-30 02:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll 2014-08-22 16:55 - 2014-05-30 01:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-08-22 16:55 - 2014-05-03 09:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-08-22 16:55 - 2014-05-03 09:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-08-22 16:55 - 2014-05-03 07:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2014-08-22 16:55 - 2014-05-02 01:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2014-08-22 16:55 - 2014-04-30 01:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe 2014-08-22 16:55 - 2014-04-30 01:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe 2014-08-22 16:55 - 2014-04-24 02:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2014-08-22 16:55 - 2014-04-24 02:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-08-22 16:55 - 2014-04-24 02:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2014-08-22 16:55 - 2014-04-24 02:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-08-22 16:33 - 2014-08-22 16:33 - 00000000 ____D () C:\Users\Jana\Documents\Garmin 2014-08-22 16:33 - 2014-05-20 05:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-22 16:33 - 2014-05-20 02:45 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-08-22 16:33 - 2014-05-20 02:45 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-08-22 16:33 - 2014-05-20 02:24 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-22 16:33 - 2014-05-20 02:24 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-22 16:33 - 2014-05-20 02:24 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-22 16:33 - 2014-05-20 02:24 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2014-08-22 16:33 - 2014-05-20 02:24 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll 2014-08-22 16:33 - 2014-05-20 02:24 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-22 16:32 - 2014-08-22 16:32 - 00000000 ____D () C:\Users\Jana\AppData\Local\Garmin 2014-08-22 16:32 - 2014-05-15 01:43 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-22 16:32 - 2014-05-15 01:43 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-22 16:32 - 2014-05-15 01:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-08-22 16:32 - 2014-05-15 01:42 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-08-22 16:31 - 2014-08-22 16:31 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Garmin 2014-08-22 16:31 - 2014-08-22 16:31 - 00000000 ____D () C:\Program Files\DIFX 2014-08-22 16:30 - 2014-08-22 16:32 - 00000000 ____D () C:\ProgramData\Garmin 2014-08-22 16:30 - 2014-08-22 16:31 - 00000000 ____D () C:\Program Files (x86)\Garmin 2014-08-22 16:30 - 2014-08-22 16:30 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask 2014-08-22 16:30 - 2014-08-22 16:30 - 00001895 _____ () C:\Users\Public\Desktop\Garmin Express.lnk 2014-08-22 16:30 - 2014-08-22 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2014-08-22 16:27 - 2014-08-22 16:27 - 36359240 _____ (Garmin Ltd or its subsidiaries) C:\Users\Jana\Downloads\GarminExpress.exe 2014-08-14 13:42 - 2014-08-14 13:50 - 00034160 _____ () C:\Users\Jana\Documents\W Seminar-Stephen Kings Motiviation zu Roman Carrie.odt 2014-08-14 13:42 - 2014-08-14 13:50 - 00000097 ____H () C:\Users\Jana\Documents\.~lock.W Seminar-Stephen Kings Motiviation zu Roman Carrie.odt# 2014-08-13 15:56 - 2014-08-13 15:56 - 00000097 ____H () C:\Users\Jana\Documents\.~lock.W-Seminar Vorpräsentation.odt# 2014-08-13 15:56 - 2014-08-13 15:56 - 00000097 ____H () C:\Users\Jana\Documents\.~lock.W Seminar Expose Juni 2014.odt# 2014-08-13 15:56 - 2014-08-13 15:56 - 00000097 ____H () C:\Users\Jana\Documents\.~lock.W Seminar Arbeitt.odt# 2014-08-12 14:35 - 2014-08-12 14:35 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\NVIDIA ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-31 23:24 - 2014-08-31 23:23 - 00000000 ____D () C:\FRST 2014-08-31 23:23 - 2013-07-22 20:32 - 00829916 _____ () C:\Windows\system32\perfh007.dat 2014-08-31 23:23 - 2013-07-22 20:32 - 00188554 _____ () C:\Windows\system32\perfc007.dat 2014-08-31 23:23 - 2012-07-26 10:28 - 01952918 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-31 23:06 - 2014-08-31 23:06 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\dkjpjtlo.sys 2014-08-31 23:05 - 2014-08-31 23:05 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\wfsfisfw.sys 2014-08-31 23:05 - 2014-08-31 23:05 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\qwzaihap.sys 2014-08-31 23:04 - 2014-08-31 23:04 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-08-31 23:01 - 2013-12-21 20:23 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\ClassicShell 2014-08-31 22:38 - 2014-02-16 23:22 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-31 22:38 - 2014-02-16 23:22 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-31 22:37 - 2012-07-26 11:12 - 00000000 ____D () C:\Windows\system32\sru 2014-08-31 21:05 - 2013-12-25 12:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-31 21:04 - 2014-02-24 21:24 - 00000000 ____D () C:\Program Files (x86)\Desk 365 2014-08-31 21:01 - 2012-07-26 10:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-31 19:57 - 2013-12-21 20:20 - 01212359 _____ () C:\Windows\WindowsUpdate.log 2014-08-30 19:43 - 2012-07-26 08:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-08-28 00:10 - 2014-08-26 23:34 - 00318720 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-27 23:53 - 2012-07-26 10:59 - 00000000 ____D () C:\Windows\CbsTemp 2014-08-27 23:44 - 2013-12-25 01:51 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Spotify 2014-08-27 00:44 - 2014-07-14 15:33 - 00000000 ____D () C:\Program Files (x86)\SearchProtect 2014-08-26 23:40 - 2013-12-21 20:22 - 00000000 ____D () C:\Users\Jana\Documents\Youcam 2014-08-26 23:39 - 2014-03-31 22:06 - 00000000 ____D () C:\Users\Jana\AppData\Local\HTC MediaHub 2014-08-26 23:39 - 2013-12-25 01:51 - 00000000 ____D () C:\Users\Jana\AppData\Local\Spotify 2014-08-23 09:47 - 2014-08-27 23:45 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-22 18:49 - 2012-07-26 11:12 - 00000000 ____D () C:\Windows\rescache 2014-08-22 18:07 - 2012-07-26 08:26 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-08-22 18:05 - 2012-07-26 11:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-08-22 18:05 - 2012-07-26 11:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-08-22 18:05 - 2012-07-26 10:52 - 00000000 ____D () C:\Program Files\Windows Journal 2014-08-22 18:04 - 2014-08-22 18:04 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-08-22 18:04 - 2012-07-26 11:12 - 00000000 ____D () C:\Windows\WinStore 2014-08-22 18:03 - 2012-07-26 11:12 - 00000000 ___RD () C:\Windows\ToastData 2014-08-22 17:59 - 2013-12-25 22:31 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-22 17:29 - 2012-08-04 01:23 - 00120134 _____ () C:\Windows\PFRO.log 2014-08-22 17:24 - 2014-08-22 17:24 - 01286520 _____ (Netviewer AG) C:\Users\Jana\Downloads\diagnose(2).exe 2014-08-22 17:23 - 2014-08-22 17:23 - 01286520 _____ (Netviewer AG) C:\Users\Jana\Downloads\diagnose.exe 2014-08-22 17:23 - 2014-08-22 17:23 - 01286520 _____ (Netviewer AG) C:\Users\Jana\Downloads\diagnose(1).exe 2014-08-22 17:11 - 2012-07-26 11:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-08-22 16:33 - 2014-08-22 16:33 - 00000000 ____D () C:\Users\Jana\Documents\Garmin 2014-08-22 16:32 - 2014-08-22 16:32 - 00000000 ____D () C:\Users\Jana\AppData\Local\Garmin 2014-08-22 16:32 - 2014-08-22 16:30 - 00000000 ____D () C:\ProgramData\Garmin 2014-08-22 16:31 - 2014-08-22 16:31 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Garmin 2014-08-22 16:31 - 2014-08-22 16:31 - 00000000 ____D () C:\Program Files\DIFX 2014-08-22 16:31 - 2014-08-22 16:30 - 00000000 ____D () C:\Program Files (x86)\Garmin 2014-08-22 16:31 - 2013-11-21 12:56 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-22 16:30 - 2014-08-22 16:30 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask 2014-08-22 16:30 - 2014-08-22 16:30 - 00001895 _____ () C:\Users\Public\Desktop\Garmin Express.lnk 2014-08-22 16:30 - 2014-08-22 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2014-08-22 16:27 - 2014-08-22 16:27 - 36359240 _____ (Garmin Ltd or its subsidiaries) C:\Users\Jana\Downloads\GarminExpress.exe 2014-08-22 16:26 - 2012-07-26 10:21 - 00054090 _____ () C:\Windows\setupact.log 2014-08-14 13:50 - 2014-08-14 13:42 - 00034160 _____ () C:\Users\Jana\Documents\W Seminar-Stephen Kings Motiviation zu Roman Carrie.odt 2014-08-14 13:50 - 2014-08-14 13:42 - 00000097 ____H () C:\Users\Jana\Documents\.~lock.W Seminar-Stephen Kings Motiviation zu Roman Carrie.odt# 2014-08-13 15:56 - 2014-08-13 15:56 - 00000097 ____H () C:\Users\Jana\Documents\.~lock.W-Seminar Vorpräsentation.odt# 2014-08-13 15:56 - 2014-08-13 15:56 - 00000097 ____H () C:\Users\Jana\Documents\.~lock.W Seminar Expose Juni 2014.odt# 2014-08-13 15:56 - 2014-08-13 15:56 - 00000097 ____H () C:\Users\Jana\Documents\.~lock.W Seminar Arbeitt.odt# 2014-08-12 15:25 - 2014-01-19 00:40 - 00202240 ___SH () C:\Users\Jana\Downloads\Thumbs.db 2014-08-12 14:35 - 2014-08-12 14:35 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\NVIDIA 2014-08-09 20:42 - 2014-05-16 15:24 - 00000000 ____D () C:\Users\Jana\Desktop\W Seminar 2014-08-09 19:11 - 2013-12-24 21:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-08-07 09:33 - 2014-08-22 17:08 - 00712192 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-08-07 06:09 - 2014-08-22 17:08 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-08-02 03:15 - 2014-08-22 18:11 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-08-02 03:15 - 2014-08-22 18:11 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl Some content of TEMP: ==================== C:\Users\Jana\AppData\Local\Temp\avgnt.exe C:\Users\Jana\AppData\Local\Temp\COMAP.EXE C:\Users\Jana\AppData\Local\Temp\EADFAAA.exe C:\Users\Jana\AppData\Local\Temp\fp_pl_pfs_installer-1.exe C:\Users\Jana\AppData\Local\Temp\fp_pl_pfs_installer-2.exe C:\Users\Jana\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\Jana\AppData\Local\Temp\GoogleSetup.exe C:\Users\Jana\AppData\Local\Temp\nslDD13.exe C:\Users\Jana\AppData\Local\Temp\nsnE070.exe C:\Users\Jana\AppData\Local\Temp\nspB321.exe C:\Users\Jana\AppData\Local\Temp\nsvA999.exe C:\Users\Jana\AppData\Local\Temp\nsyAFB5.exe C:\Users\Jana\AppData\Local\Temp\nsyE3BC.exe C:\Users\Jana\AppData\Local\Temp\nvvistaservice.exe C:\Users\Jana\AppData\Local\Temp\setup_292.exe C:\Users\Jana\AppData\Local\Temp\shmcapture.exe C:\Users\Jana\AppData\Local\Temp\SHSetup.exe C:\Users\Jana\AppData\Local\Temp\SPSetup.exe C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite23753.dll C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite26251.dll C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite30209.dll C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite31304.dll C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite34827.dll C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite35277.dll C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite36360.dll C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite39978.dll C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite42443.dll C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite43416.dll C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite62500.dll C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite63562.dll C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite65235.dll C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite65452.dll C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite66299.dll C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite67019.dll C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite68180.dll C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite69607.dll C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite78204.dll C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite87323.dll C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite89320.dll C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite93625.dll C:\Users\Jana\AppData\Local\Temp\UninstallEADM.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-27 23:52 ==================== End Of Log ============================ |
02.09.2014, 12:06 | #6 |
/// the machine /// TB-Ausbilder | LaptopBildschirm leuchtet schwarz hi, Adware & Co. deinstallieren
Scan mit Combofix
__________________ --> LaptopBildschirm leuchtet schwarz |
02.09.2014, 13:39 | #7 |
| LaptopBildschirm leuchtet schwarz Ich hoffe das ist das richtige Combofix Logfile: Code:
ATTFilter ComboFix 14-08-31.01 - Jana 02.09.2014 14:25:49.1.4 - x64 Microsoft Windows 8 6.2.9200.0.1252.49.1031.18.7962.5782 [GMT 2:00] ausgeführt von:: F:\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Jana\AppData\Local\Microsoft\Windows\Temporary Internet Files\ClearThink_iels . . ((((((((((((((((((((((( Dateien erstellt von 2014-08-02 bis 2014-09-02 )))))))))))))))))))))))))))))) . . 2014-09-02 12:30 . 2014-09-02 12:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-09-02 12:00 . 2014-09-02 12:00 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin 2014-09-02 11:44 . 2014-09-02 11:44 -------- d-----w- c:\program files (x86)\VS Revo Group 2014-09-02 10:44 . 2014-09-02 10:44 -------- d-----w- C:\sources 2014-09-02 08:26 . 2014-05-15 01:02 59424 ----a-w- c:\windows\system32\wuauclt.exe 2014-09-02 08:26 . 2014-05-14 22:43 3286528 ----a-w- c:\windows\system32\wuaueng.dll 2014-09-02 08:26 . 2014-05-14 22:43 253440 ----a-w- c:\windows\system32\WUSettingsProvider.dll 2014-09-02 08:26 . 2014-05-14 22:43 1623040 ----a-w- c:\windows\system32\wucltux.dll 2014-09-02 08:26 . 2014-05-14 22:42 176640 ----a-w- c:\windows\system32\storewuauth.dll 2014-09-02 08:26 . 2014-09-01 14:38 61072 ----a-w- c:\windows\system32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys 2014-09-02 08:25 . 2013-08-16 05:21 49152 ----a-w- c:\windows\system32\wups2.dll 2014-09-02 08:25 . 2014-09-02 08:25 -------- d-----w- c:\program files\Google 2014-09-02 08:24 . 2014-09-02 10:44 -------- d-----w- c:\program files (x86)\ClearThink 2014-09-02 08:23 . 2014-09-02 08:25 -------- d-----w- c:\program files (x86)\Google 2014-09-02 08:23 . 2014-09-02 08:23 -------- d-----w- c:\program files (x86)\WSE_Astromenda 2014-09-02 08:23 . 2014-08-05 17:14 20328 ----a-w- c:\windows\system32\roboot64.exe 2014-09-02 08:22 . 2014-09-02 08:25 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys 2014-09-02 08:09 . 2014-09-02 10:41 -------- d-----w- c:\users\Jana 2014-09-01 23:12 . 2014-09-01 23:12 -------- d-----w- c:\programdata\Synaptics 2014-09-01 23:03 . 2014-09-01 23:03 -------- d-----w- c:\program files (x86)\Common Files\Nikon 2014-09-01 22:58 . 2014-09-01 22:58 -------- dc----w- c:\windows\system32\DRVSTORE 2014-09-01 22:58 . 2013-03-05 10:01 91712 ----a-w- c:\windows\system32\drivers\CLVirtualDrive.sys 2014-09-01 22:58 . 2014-09-01 22:58 -------- d-----w- c:\program files (x86)\Common Files\CyberLink 2014-09-01 22:57 . 2014-09-01 23:06 -------- d-----w- c:\users\Public\CyberLink 2014-09-01 22:54 . 2013-03-05 06:22 41408 ----a-w- c:\windows\system32\drivers\clwvd.sys 2014-09-01 22:53 . 2014-09-01 23:12 -------- d-----w- c:\programdata\CyberLink 2014-09-01 22:52 . 2014-09-01 23:03 -------- d-----w- c:\program files (x86)\CyberLink 2014-09-01 22:51 . 2014-09-01 23:03 -------- d-----w- c:\programdata\install_clap 2014-09-01 22:48 . 2014-09-01 22:48 -------- d-----w- c:\programdata\{4A268D42-77A5-4E91-AE73-470ED3BD9CA8} 2014-09-01 22:40 . 2014-09-01 22:40 -------- d-----w- c:\windows\Hewlett-Packard 2014-09-01 22:40 . 2014-09-01 22:40 -------- d-----w- c:\programdata\Package Cache 2014-09-01 22:40 . 2014-09-02 11:46 -------- d-----w- c:\program files (x86)\Hewlett-Packard 2014-09-01 22:39 . 2014-09-01 22:39 -------- d-----w- c:\programdata\Apple 2014-09-01 22:39 . 2014-09-01 22:39 -------- d-----w- c:\program files\Bonjour 2014-09-01 22:39 . 2014-09-01 22:39 -------- d-----w- c:\program files (x86)\Bonjour 2014-09-01 22:39 . 2012-12-01 21:16 390144 ----a-w- c:\windows\system32\hpbrprtmon.dll 2014-09-01 22:39 . 2012-12-01 21:16 365568 ----a-w- c:\windows\system32\hpbprtmon.dll 2014-09-01 22:39 . 2012-12-01 21:14 189440 ----a-w- c:\windows\system32\hpbprtmonui.dll 2014-09-01 22:39 . 2014-09-01 23:05 -------- d-----w- c:\programdata\Hewlett-Packard 2014-09-01 22:39 . 2013-05-28 21:41 2715208 ----a-w- c:\windows\system32\drivers\rtwlane.sys 2014-09-01 22:39 . 2012-02-14 17:37 594432 ----a-w- c:\windows\system32\Rtlihvs.dll 2014-09-01 22:39 . 2010-12-01 07:31 451072 ----a-w- c:\windows\SysWow64\ISSRemoveSP.exe 2014-09-01 22:39 . 2014-09-01 22:39 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation 2014-09-01 22:37 . 2014-09-01 22:37 -------- d-----w- c:\programdata\NVIDIA Corporation 2014-09-01 22:36 . 2013-06-03 17:38 64000 ----a-w- c:\windows\system32\OpenCL.DLL 2014-09-01 22:36 . 2013-06-03 17:38 60416 ----a-w- c:\windows\SysWow64\OpenCL.DLL 2014-09-01 22:35 . 2013-04-10 19:09 801864 ----a-w- c:\windows\system32\drivers\Rt630x64.sys 2014-09-01 22:35 . 2013-04-10 19:09 73800 ----a-w- c:\windows\system32\RtNicProp64.dll 2014-09-01 22:32 . 2014-09-01 22:32 -------- d-----w- c:\windows\SysWow64\sda 2014-09-01 22:32 . 2014-09-01 23:03 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information 2014-09-01 22:32 . 2013-05-16 19:29 288840 ----a-w- c:\windows\system32\drivers\RtsP2Stor.sys 2014-09-01 22:32 . 2013-05-08 23:35 408136 ----a-w- c:\windows\system32\drivers\RtsPer.sys 2014-09-01 22:32 . 2014-09-01 22:39 -------- d-----w- c:\program files (x86)\Realtek 2014-09-01 22:32 . 2013-05-21 18:45 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll 2014-09-01 22:32 . 2014-09-01 22:38 -------- d-----w- c:\programdata\Intel 2014-09-01 22:32 . 2014-09-01 22:38 -------- d-----w- c:\program files\Intel 2014-09-01 22:31 . 2014-09-01 22:31 -------- d-----w- c:\program files (x86)\Common Files\postureAgent 2014-09-01 22:31 . 2014-09-01 22:31 -------- d-----w- c:\program files\Synaptics 2014-09-01 22:30 . 2014-09-01 22:36 -------- d-----w- c:\program files (x86)\Intel 2014-09-01 22:30 . 2013-02-27 23:37 53248 ----a-w- c:\windows\SysWow64\CSVer.dll 2014-09-01 22:30 . 2014-09-01 22:30 -------- d-----w- C:\Intel 2014-09-01 22:27 . 2014-09-01 22:27 -------- d-----w- C:\Recovery . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-09-02 08:09 . 2012-07-26 08:13 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7e6d4e3e-fc66-4036-9799-ce5c625c4c56}] 2014-09-02 08:24 250096 ----a-w- c:\program files (x86)\ClearThink\ClearThinkbho.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BRS"="c:\program files (x86)\WSE_Astromenda\BRS\brs.exe" [2014-09-02 1072128] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-09-02 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AccelerometerSysTrayApplet"="c:\program files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe" [2013-03-01 77088] "HPMessageService"="c:\program files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe" [2013-05-03 1045304] "YouCam Service"="c:\program files (x86)\CyberLink\YouCam\YouCamService.exe" [2013-05-22 267224] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-09-02 4085896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "EnableUIADesktopToggle"= 0 (0x0) "EnableCursorSuppression"= 1 (0x1) "ConsentPromptBehaviorUser"= 3 (0x3) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x] R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64;{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64;c:\windows\system32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys;c:\windows\SYSNATIVE\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x] S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [x] S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [x] S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [x] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x] S2 Update ClearThink;Update ClearThink;c:\program files (x86)\ClearThink\updateClearThink.exe;c:\program files (x86)\ClearThink\updateClearThink.exe [x] S2 Util ClearThink;Util ClearThink;c:\program files (x86)\ClearThink\bin\utilClearThink.exe;c:\program files (x86)\ClearThink\bin\utilClearThink.exe [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x] S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x] S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x] S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] apphost REG_MULTI_SZ apphostsvc iissvcs REG_MULTI_SZ w3svc was . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-09-02 08:24 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.102\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2014-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-02 08:23] . 2014-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-02 08:23] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-09-02 08:22 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-05-28 7188552] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-07-03 165872] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-07-03 407536] "Persistence"="c:\windows\system32\igfxpers.exe" [2013-07-03 444400] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\62ogzq68.default\ user_pref(extensions.autoDisableScopes,14); . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-{C88F84E5-AE23-44BD-922C-2ABEACACAF7A} - c:\program files (x86)\InstallShield Installation Information\{C88F84E5-AE23-44BD-922C-2ABEACACAF7A}\setup.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) @SACL=(02 0000) . Zeit der Fertigstellung: 2014-09-02 14:32:41 ComboFix-quarantined-files.txt 2014-09-02 12:32 . Vor Suchlauf: 11 Verzeichnis(se), 437.850.660.864 Bytes frei Nach Suchlauf: 18 Verzeichnis(se), 437.704.470.528 Bytes frei . - - End Of File - - D63919489D41F2999842F516F32FEA7E 5FB38429D5D77768867C76DCBDB35194 |
03.09.2014, 09:54 | #8 |
/// the machine /// TB-Ausbilder | LaptopBildschirm leuchtet schwarz Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu LaptopBildschirm leuchtet schwarz |
abgesicherte, abgesicherten, abgesicherten modus, anmache, awesomehp, awesomehp entfernen, fehlercode 0x5, gelangen, gestern, laptop, laptop reagiert nicht, modus, nichtmehr, probleme, ratlos, schwarzer bildschirm, schwarzer bildschirm mit mauszeiger, spyhunter, spyhunter entfernen, starten, windows, windows 8 |