| |
| |||||||
Log-Analyse und Auswertung: Windows 8: Antivirenprogramm (Norton) und Internetbrowser durch Virus (?) lahmgelegtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.09.2014, 19:40
| #1 |
 |  Windows 8: Antivirenprogramm (Norton) und Internetbrowser durch Virus (?) lahmgelegt Liebe Experten, folgendes Problem: Auf dem PC meiner Schwester hat sich - nachdem dieses mit einem Android-Phone verbunden wurde - offensichtlich ein Virus breitgemacht. Dieser hat den Antivirus (Norton) lahmgelegt und auch die Browser (IE, Firefox) verbinden sich - trotz vorhandener Internetverbindung - nicht mit dem Netz. Norton wurde zwar im Windows-Sicherheitscenter als aktiv angezeigt, konnte aber weder tatsächlich gestartet noch deaktiviert werden. Die Downloads der Programme und das Auswerten der Logfiles müssen deshalb über andere PCs erfolgen. Defogger (kam leider eine Fehlermeldung): Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:21 on 25/09/2014 (Silvana)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-09-2014 01
Ran by Silvana (administrator) on SILVANA on 25-09-2014 20:22:36
Running from C:\Users\Silvana\Desktop
Loaded Profile: Silvana (Available profiles: Silvana)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\LiveComm.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-20] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-07-27] (Dritek System Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3842367625-1598834492-3847912599-1001\...\MountPoints2: {6d9595c6-f1f0-11e3-be96-208984cbfa58} - "E:\AutoRun.exe"
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM - DefaultScope {FEDB7C25-E954-4B82-AD9D-3F8BF865F322} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM - {FEDB7C25-E954-4B82-AD9D-3F8BF865F322} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope {FEDB7C25-E954-4B82-AD9D-3F8BF865F322} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 - {FEDB7C25-E954-4B82-AD9D-3F8BF865F322} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {FEDB7C25-E954-4B82-AD9D-3F8BF865F322} URL =
SearchScopes: HKCU - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=20&locale=de_DE&gct=kwd&qsrc=2869
SearchScopes: HKCU - {FEDB7C25-E954-4B82-AD9D-3F8BF865F322} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\Silvana\AppData\Roaming\Mozilla\Firefox\Profiles\64cb0veq.default
FF DefaultSearchEngine: Norton Safe Search
FF SelectedSearchEngine: Norton Safe Search
FF Homepage: hxxp://google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Silvana\AppData\Roaming\Mozilla\Firefox\Profiles\64cb0veq.default\searchplugins\safesearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn [2014-09-19]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\Exts\Chrome.crx []
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2012-11-20] (ELAN Microelectronics Corp.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2013-01-28] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe [276376 2014-07-31] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-07-27] (Dritek System INC.)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [1586904 2014-09-13] (Symantec Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1505000.013\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20140919.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140919.019\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140919.019\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-07-27] (Dritek System Inc.)
S1 SRTSP; C:\Windows\System32\Drivers\NISx64\1505000.013\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1505000.013\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1505000.013\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1505000.013\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1505000.013\SymELAM.sys [23568 2013-10-30] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-03] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1505000.013\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1505000.013\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 vpnva; \SystemRoot\system32\DRIVERS\vpnva64-6.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-25 20:22 - 2014-09-25 20:23 - 00017173 _____ () C:\Users\Silvana\Desktop\FRST.txt
2014-09-25 20:22 - 2014-09-25 20:22 - 00000000 ____D () C:\FRST
2014-09-25 20:22 - 2014-09-25 20:15 - 02108928 _____ (Farbar) C:\Users\Silvana\Desktop\FRST64.exe
2014-09-25 20:21 - 2014-09-25 20:21 - 00000476 _____ () C:\Users\Silvana\Desktop\defogger_disable.log
2014-09-25 20:21 - 2014-09-25 20:21 - 00000000 _____ () C:\Users\Silvana\defogger_reenable
2014-09-25 20:20 - 2014-09-25 20:15 - 00050477 _____ () C:\Users\Silvana\Desktop\Defogger.exe
2014-09-25 20:01 - 2014-09-25 20:02 - 00000184 _____ () C:\Users\Silvana\Desktop\norton fehler.txt
2014-09-24 13:00 - 2014-09-24 13:00 - 36189718 _____ () C:\Users\Silvana\Downloads\2014-09-23_Ruby.zip
2014-09-20 09:08 - 2014-09-25 19:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-14 09:16 - 2014-09-25 19:52 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-09-11 21:14 - 2014-08-16 11:34 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 21:14 - 2014-08-16 11:34 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 21:14 - 2014-08-16 11:34 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-09-11 21:14 - 2014-08-16 11:34 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 21:14 - 2014-08-16 11:33 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 21:14 - 2014-08-16 11:33 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 21:14 - 2014-08-16 11:32 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 21:14 - 2014-08-16 11:32 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 21:14 - 2014-08-16 11:32 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 21:14 - 2014-08-16 11:32 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 21:14 - 2014-08-16 11:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-11 21:14 - 2014-08-16 11:32 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 21:14 - 2014-08-16 11:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 21:14 - 2014-08-16 11:32 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 21:14 - 2014-08-16 09:37 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 21:14 - 2014-08-16 09:37 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 21:14 - 2014-08-16 09:36 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 21:14 - 2014-08-16 09:36 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 21:14 - 2014-08-16 09:36 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 21:14 - 2014-08-16 09:36 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-11 21:14 - 2014-08-16 09:36 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 21:14 - 2014-08-16 09:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 21:14 - 2014-08-16 09:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 21:14 - 2014-08-16 09:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 21:14 - 2014-08-16 09:36 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 21:14 - 2014-08-16 09:35 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 21:13 - 2014-08-16 11:33 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 21:13 - 2014-08-16 09:36 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 20:47 - 2014-08-28 13:34 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-11 20:47 - 2014-08-28 08:05 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-11 20:47 - 2014-08-28 08:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-11 20:47 - 2014-08-28 08:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-11 20:47 - 2014-08-28 08:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-11 20:47 - 2014-08-28 08:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-11 20:47 - 2014-08-28 08:01 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-11 20:47 - 2014-08-28 08:01 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-11 20:47 - 2014-08-28 08:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-11 20:47 - 2014-08-28 08:01 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-09-11 20:47 - 2014-08-28 08:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-09-11 20:47 - 2014-08-28 08:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-11 20:47 - 2014-08-28 08:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-11 20:47 - 2014-08-28 08:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-09-11 20:47 - 2014-08-01 01:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-11 20:47 - 2014-06-05 03:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2014-09-11 20:47 - 2014-06-04 01:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2014-09-11 20:46 - 2014-07-24 05:33 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-11 20:46 - 2014-07-24 05:33 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-09-09 20:48 - 2014-09-09 20:48 - 17903792 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-07 18:13 - 2014-09-07 18:13 - 00000000 ____D () C:\Users\Silvana\Documents\Neuer Ordner mit Objekten
2014-08-28 08:27 - 2014-08-23 08:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-25 20:23 - 2014-09-25 20:22 - 00017173 _____ () C:\Users\Silvana\Desktop\FRST.txt
2014-09-25 20:22 - 2014-09-25 20:22 - 00000000 ____D () C:\FRST
2014-09-25 20:21 - 2014-09-25 20:21 - 00000476 _____ () C:\Users\Silvana\Desktop\defogger_disable.log
2014-09-25 20:21 - 2014-09-25 20:21 - 00000000 _____ () C:\Users\Silvana\defogger_reenable
2014-09-25 20:21 - 2013-10-12 19:45 - 00000000 ____D () C:\Users\Silvana
2014-09-25 20:18 - 2013-07-27 20:02 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-09-25 20:18 - 2013-07-27 20:02 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-09-25 20:18 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-25 20:15 - 2014-09-25 20:22 - 02108928 _____ (Farbar) C:\Users\Silvana\Desktop\FRST64.exe
2014-09-25 20:15 - 2014-09-25 20:20 - 00050477 _____ () C:\Users\Silvana\Desktop\Defogger.exe
2014-09-25 20:06 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-25 20:05 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-25 20:02 - 2014-09-25 20:01 - 00000184 _____ () C:\Users\Silvana\Desktop\norton fehler.txt
2014-09-25 20:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-09-25 19:54 - 2012-07-26 07:37 - 00000000 ____D () C:\Windows\servicing
2014-09-25 19:52 - 2014-09-14 09:16 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-09-25 19:52 - 2014-05-03 14:23 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-09-25 19:52 - 2014-01-27 23:31 - 00000000 ____D () C:\Users\Silvana\AppData\Roaming\vlc
2014-09-25 19:52 - 2013-12-13 15:53 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-09-25 19:52 - 2013-10-20 18:26 - 00000000 ____D () C:\Users\Silvana\AppData\Roaming\PhotoScape
2014-09-25 19:52 - 2013-10-12 20:08 - 00000000 ____D () C:\Users\Silvana\AppData\Local\clear.fi
2014-09-25 19:52 - 2013-07-27 10:44 - 00000000 ____D () C:\ProgramData\Norton
2014-09-25 19:52 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-09-25 19:52 - 2012-07-26 07:38 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-09-25 19:47 - 2014-09-20 09:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-25 19:47 - 2013-10-12 19:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-25 19:42 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\registration
2014-09-25 19:36 - 2014-04-20 20:05 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-25 19:33 - 2013-07-27 10:17 - 01446528 _____ () C:\Windows\WindowsUpdate.log
2014-09-25 19:27 - 2014-01-04 22:03 - 00000000 ____D () C:\Users\Silvana\AppData\Local\CrashDumps
2014-09-25 19:14 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-09-25 18:57 - 2013-05-23 06:13 - 00192152 _____ () C:\Windows\PFRO.log
2014-09-25 13:13 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-24 13:00 - 2014-09-24 13:00 - 36189718 _____ () C:\Users\Silvana\Downloads\2014-09-23_Ruby.zip
2014-09-21 14:09 - 2014-04-18 15:48 - 00000000 ____D () C:\Users\Silvana\AppData\Local\Deployment
2014-09-20 21:16 - 2013-10-12 21:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-20 21:09 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-09-20 20:48 - 2014-03-20 11:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-17 15:30 - 2013-10-15 23:16 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-14 18:10 - 2013-10-12 19:45 - 00000000 ____D () C:\Users\Silvana\AppData\Local\Packages
2014-09-14 09:10 - 2014-05-03 14:24 - 00002505 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-09-14 09:10 - 2013-12-13 15:55 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-09-11 21:22 - 2012-07-26 09:21 - 00042442 _____ () C:\Windows\setupact.log
2014-09-09 20:48 - 2014-09-09 20:48 - 17903792 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-09 20:48 - 2014-03-20 11:13 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-07 18:13 - 2014-09-07 18:13 - 00000000 ____D () C:\Users\Silvana\Documents\Neuer Ordner mit Objekten
2014-09-06 23:38 - 2013-10-16 22:31 - 00000000 ____D () C:\Users\Silvana\AppData\Roaming\Skype
2014-09-02 21:32 - 2014-08-19 19:46 - 00705480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-02 21:32 - 2014-08-19 19:46 - 00104904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-28 14:56 - 2014-07-10 21:42 - 00429120 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 13:34 - 2014-09-11 20:47 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-28 08:05 - 2014-09-11 20:47 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-28 08:05 - 2014-09-11 20:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-28 08:05 - 2014-09-11 20:47 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-28 08:05 - 2014-09-11 20:47 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-28 08:02 - 2014-09-11 20:47 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-28 08:01 - 2014-09-11 20:47 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-28 08:01 - 2014-09-11 20:47 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-28 08:01 - 2014-09-11 20:47 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-28 08:01 - 2014-09-11 20:47 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-28 08:01 - 2014-09-11 20:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-28 08:01 - 2014-09-11 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-28 08:01 - 2014-09-11 20:47 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-28 08:01 - 2014-09-11 20:47 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
Some content of TEMP:
====================
C:\Users\Silvana\AppData\Local\Temp\COMAP.EXE
C:\Users\Silvana\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\Silvana\AppData\Local\Temp\NortonNISDownloader.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-20 09:33
==================== End Of Log ============================
--- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2014 01
Ran by Silvana at 2014-09-25 20:23:37
Running from C:\Users\Silvana\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2021 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.2.1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 9 (HKLM-x32\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Benutzerhandbuch EPSON XP-202 203 206 Series (HKLM-x32\...\EPSON XP-202 203 206 Series Useg) (Version: - )
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3729_45993 - CyberLink Corp.)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3729_45993 - CyberLink Corp.) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
Elements 9 Organizer (x32 Version: 9.0 - Ihr Firmenname) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{30E01116-5666-4807-8EF1-D80E9FF16717}) (Version: 2.3.2.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-202 203 206 Series Printer Uninstall (HKLM\...\EPSON XP-202 203 206 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ETDWare PS/2-X64 11.6.16.003_WHQL (HKLM\...\Elantech) (Version: 11.6.16.003 - ELAN Microelectronic Corp.)
Free YouTube to MP3 Converter version 3.12.13.925 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.13.925 - DVDVideoSoft Ltd.)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.20.00.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 32.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 de)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nero BackItUp (x32 Version: 12.5.5000 - Nero AG) Hidden
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Nero BackItUp Help (CHM) (x32 Version: 12.0.10000 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.20200 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.3001 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Netzwerkhandbuch EPSON XP-202 203 206 Series (HKLM-x32\...\EPSON XP-202 203 206 Series Netg) (Version: - )
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.5.0.19 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r2 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.39 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
10-07-2014 09:45:58 Windows Update
11-08-2014 10:51:17 Windows Update
18-08-2014 08:23:43 Windows Update
28-08-2014 07:22:39 Windows Update
11-09-2014 19:12:42 Windows Update
20-09-2014 19:09:10 Windows Update
24-09-2014 11:40:38 Windows Update
25-09-2014 17:32:04 Wiederherstellungsvorgang
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05213698-A30E-4087-A857-31B7B60B5F25} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {064C2245-5F36-46E9-A9A9-1A71B218A94E} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {07F6AA07-6EB8-49FF-8AA8-AE8C2483DF55} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-19] (Microsoft Corporation)
Task: {09DDAA8B-4142-450F-AE83-D1EFA39CE0F5} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2013-02-08] (CyberLink)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1D3C5B10-88BB-4E75-81F9-089AC54D7060} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
Task: {20850515-6079-456E-AB44-DCEBB8D45EF1} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {233C13DB-1B76-443B-93F0-AA1C12AA2ED3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-23] (Microsoft Corporation)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3E1F33CE-03AA-4FCF-BC5F-BE8A1F08D0E2} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {8F68F8ED-D400-46A6-B3C3-EE4AC0ABF6BC} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {9B92336C-4ED4-4181-86A7-BE9B89497732} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
Task: {A52C1D40-7F83-44D1-AE99-E12BE304C979} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-23] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C01D4682-586E-4004-8B0F-7413B88EC193} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-w.silvana@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D7283558-E0E5-4923-8E5B-EA3B30DB91F8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {E1DD24EC-3CEE-43A0-858F-A101734551C5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-08-23] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F1B5DF6F-BCB0-40B8-83EC-335FEB04C9CC} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-04-20 20:05 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-06-18 17:41 - 2013-01-28 04:49 - 00239184 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2013-05-23 07:06 - 2012-10-23 20:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-27 10:23 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-3842367625-1598834492-3847912599-500 - Disabled - Status: Degraded)
Gast (S-1-5-21-3842367625-1598834492-3847912599-501 - Disabled - Status: Degraded)
Silvana (S-1-5-21-3842367625-1598834492-3847912599-1001 - Enabled - Status: OK) => C:\Users\Silvana
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/25/2014 08:00:00 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1344) SRUJet: Fehler -1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\Windows\system32\SRU\SRU00E48.log.
Error: (09/25/2014 07:55:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -528.
Error: (09/25/2014 07:55:39 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Catalog Database (1028) Catalog Database: Fehler -1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\Windows\system32\CatRoot2\edb00104.log.
Error: (09/25/2014 07:29:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: SILVANA)
Description: Die App „Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.
Error: (09/25/2014 07:27:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.2.9200.16628, Zeitstempel: 0x51a94434
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16864, Zeitstempel: 0x531d34d8
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000000000047b8c
ID des fehlerhaften Prozesses: 0xb84
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3
Vollständiger Name des fehlerhaften Pakets: explorer.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: explorer.exe5
Error: (09/25/2014 07:14:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.2.9200.16628, Zeitstempel: 0x51a94434
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16864, Zeitstempel: 0x531d34d8
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000000000047b8c
ID des fehlerhaften Prozesses: 0xec4
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3
Vollständiger Name des fehlerhaften Pakets: explorer.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: explorer.exe5
Error: (09/25/2014 07:08:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.2.9200.16628, Zeitstempel: 0x51a94434
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16864, Zeitstempel: 0x531d34d8
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000000000047b8c
ID des fehlerhaften Prozesses: 0x9ec
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3
Vollständiger Name des fehlerhaften Pakets: explorer.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: explorer.exe5
Error: (09/25/2014 07:06:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.2.9200.16628, Zeitstempel: 0x51a94434
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16864, Zeitstempel: 0x531d34d8
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000000000047b8c
ID des fehlerhaften Prozesses: 0xf80
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3
Vollständiger Name des fehlerhaften Pakets: explorer.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: explorer.exe5
Error: (09/25/2014 07:06:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.2.9200.16628, Zeitstempel: 0x51a94434
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16864, Zeitstempel: 0x531d34d8
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000000000047b8c
ID des fehlerhaften Prozesses: 0x10a8
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3
Vollständiger Name des fehlerhaften Pakets: explorer.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: explorer.exe5
Error: (09/25/2014 07:05:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.2.9200.16628, Zeitstempel: 0x51a94434
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16864, Zeitstempel: 0x531d34d8
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000000000047b8c
ID des fehlerhaften Prozesses: 0xb54
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5
System errors:
=============
Error: (09/25/2014 08:07:09 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "McAfee AP Service" ist von folgendem Dienst abhängig: mfevtp. Dieser Dienst ist möglicherweise nicht installiert.
Error: (09/25/2014 08:06:08 PM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.
Error: (09/25/2014 07:54:35 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "McAfee AP Service" ist von folgendem Dienst abhängig: mfevtp. Dieser Dienst ist möglicherweise nicht installiert.
Error: (09/25/2014 07:53:49 PM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.
Error: (09/25/2014 07:37:36 PM) (Source: DCOM) (EventID: 10029) (User: NT-AUTORITÄT)
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}winmgmt
Error: (09/25/2014 06:58:04 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "McAfee AP Service" ist von folgendem Dienst abhängig: mfevtp. Dieser Dienst ist möglicherweise nicht installiert.
Error: (09/21/2014 02:25:50 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (09/19/2014 01:44:42 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "McAfee AP Service" ist von folgendem Dienst abhängig: mfevtp. Dieser Dienst ist möglicherweise nicht installiert.
Error: (09/19/2014 01:44:12 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 18.09.2014 um 20:56:31 unerwartet heruntergefahren.
Error: (09/14/2014 09:11:44 AM) (Source: DCOM) (EventID: 10010) (User: SILVANA)
Description: Microsoft.WindowsLive.Chat.wwa
Microsoft Office Sessions:
=========================
Error: (09/25/2014 08:00:00 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost1344SRUJet: C:\Windows\system32\SRU\SRU00E48.log-1811 (0xfffff8ed)
Error: (09/25/2014 07:55:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -528
Error: (09/25/2014 07:55:39 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Catalog Database1028Catalog Database: C:\Windows\system32\CatRoot2\edb00104.log-1811 (0xfffff8ed)
Error: (09/25/2014 07:29:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: SILVANA)
Description: Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo
Error: (09/25/2014 07:27:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.2.9200.1662851a94434KERNELBASE.dll6.2.9200.16864531d34d8c06d007e0000000000047b8cb8401cfd8e4266ea865C:\Windows\explorer.exeC:\Windows\system32\KERNELBASE.dll2de01979-44d9-11e4-bea4-208984cbfa58
Error: (09/25/2014 07:14:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.2.9200.1662851a94434KERNELBASE.dll6.2.9200.16864531d34d8c06d007e0000000000047b8cec401cfd8e3436af813C:\Windows\explorer.exeC:\Windows\system32\KERNELBASE.dll61b40d43-44d7-11e4-bea4-208984cbfa58
Error: (09/25/2014 07:08:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.2.9200.1662851a94434KERNELBASE.dll6.2.9200.16864531d34d8c06d007e0000000000047b8c9ec01cfd8e304fa2737C:\Windows\explorer.exeC:\Windows\system32\KERNELBASE.dll802b780f-44d6-11e4-bea4-208984cbfa58
Error: (09/25/2014 07:06:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.2.9200.1662851a94434KERNELBASE.dll6.2.9200.16864531d34d8c06d007e0000000000047b8cf8001cfd8e3008d9ad2C:\Windows\explorer.exeC:\Windows\system32\KERNELBASE.dll417a46c6-44d6-11e4-bea4-208984cbfa58
Error: (09/25/2014 07:06:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.2.9200.1662851a94434KERNELBASE.dll6.2.9200.16864531d34d8c06d007e0000000000047b8c10a801cfd8e2e270d44aC:\Windows\explorer.exeC:\Windows\system32\KERNELBASE.dll3c34c1a6-44d6-11e4-bea4-208984cbfa58
Error: (09/25/2014 07:05:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.2.9200.1662851a94434KERNELBASE.dll6.2.9200.16864531d34d8c06d007e0000000000047b8cb5401cfd8e2c9081507C:\Windows\Explorer.EXEC:\Windows\system32\KERNELBASE.dll1cb71a9a-44d6-11e4-bea4-208984cbfa58
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 27%
Total physical RAM: 3911.27 MB
Available physical RAM: 2817.7 MB
Total Pagefile: 4615.27 MB
Available Pagefile: 3527.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:449.19 GB) (Free:357.63 GB) NTFS
Drive e: (INTENSO) (Removable) (Total:7.26 GB) (Free:7.26 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: D20BB895)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 7.3 GB) (Disk ID: B42A5947)
Partition 1: (Not Active) - (Size=7.3 GB) - (Type=0B)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-25 20:29:27
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000039 WDC_WD5000LPVX-22V0TT0 rev.01.01A01 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Silvana\AppData\Local\Temp\kgloypob.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\dwm.exe[920] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb6f031532 4 bytes [03, 6F, FB, 07]
.text C:\Windows\system32\dwm.exe[920] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb6f03153a 4 bytes [03, 6F, FB, 07]
.text C:\Windows\system32\dwm.exe[920] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb6f03165a 4 bytes [03, 6F, FB, 07]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1748] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb77ec177a 4 bytes [EC, 77, FB, 07]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1748] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb77ec1782 4 bytes [EC, 77, FB, 07]
.text C:\Windows\system32\taskhostex.exe[1860] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb6f031532 4 bytes [03, 6F, FB, 07]
.text C:\Windows\system32\taskhostex.exe[1860] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb6f03153a 4 bytes [03, 6F, FB, 07]
.text C:\Windows\system32\taskhostex.exe[1860] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb6f03165a 4 bytes [03, 6F, FB, 07]
.text C:\Windows\Explorer.EXE[1896] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb6f031532 4 bytes [03, 6F, FB, 07]
.text C:\Windows\Explorer.EXE[1896] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb6f03153a 4 bytes [03, 6F, FB, 07]
.text C:\Windows\Explorer.EXE[1896] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb6f03165a 4 bytes [03, 6F, FB, 07]
.text C:\Windows\Explorer.EXE[1896] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb77ec177a 4 bytes [EC, 77, FB, 07]
.text C:\Windows\Explorer.EXE[1896] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb77ec1782 4 bytes [EC, 77, FB, 07]
.text C:\Program Files\Elantech\ETDCtrl.exe[1660] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb6f031532 4 bytes [03, 6F, FB, 07]
.text C:\Program Files\Elantech\ETDCtrl.exe[1660] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb6f03153a 4 bytes [03, 6F, FB, 07]
.text C:\Program Files\Elantech\ETDCtrl.exe[1660] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb6f03165a 4 bytes [03, 6F, FB, 07]
.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2428] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fb72ab1b32 4 bytes [AB, 72, FB, 07]
.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2428] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fb72ab1b3a 4 bytes [AB, 72, FB, 07]
.text C:\Windows\system32\EscSvc64.exe[2720] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb77ec177a 4 bytes [EC, 77, FB, 07]
.text C:\Windows\system32\EscSvc64.exe[2720] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb77ec1782 4 bytes [EC, 77, FB, 07]
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[3292] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb6f031532 4 bytes [03, 6F, FB, 07]
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[3292] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb6f03153a 4 bytes [03, 6F, FB, 07]
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[3292] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb6f03165a 4 bytes [03, 6F, FB, 07]
.text C:\Windows\system32\wbem\unsecapp.exe[3444] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb6f031532 4 bytes [03, 6F, FB, 07]
.text C:\Windows\system32\wbem\unsecapp.exe[3444] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb6f03153a 4 bytes [03, 6F, FB, 07]
.text C:\Windows\system32\wbem\unsecapp.exe[3444] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb6f03165a 4 bytes [03, 6F, FB, 07]
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3504] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb6f031532 4 bytes [03, 6F, FB, 07]
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3504] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb6f03153a 4 bytes [03, 6F, FB, 07]
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3504] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb6f03165a 4 bytes [03, 6F, FB, 07]
.text C:\Windows\System32\igfxtray.exe[3516] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb6f031532 4 bytes [03, 6F, FB, 07]
.text C:\Windows\System32\igfxtray.exe[3516] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb6f03153a 4 bytes [03, 6F, FB, 07]
.text C:\Windows\System32\igfxtray.exe[3516] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb6f03165a 4 bytes [03, 6F, FB, 07]
.text C:\Windows\system32\igfxext.exe[3580] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb6f031532 4 bytes [03, 6F, FB, 07]
.text C:\Windows\system32\igfxext.exe[3580] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb6f03153a 4 bytes [03, 6F, FB, 07]
.text C:\Windows\system32\igfxext.exe[3580] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb6f03165a 4 bytes [03, 6F, FB, 07]
.text C:\Windows\System32\hkcmd.exe[3608] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb6f031532 4 bytes [03, 6F, FB, 07]
.text C:\Windows\System32\hkcmd.exe[3608] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb6f03153a 4 bytes [03, 6F, FB, 07]
.text C:\Windows\System32\hkcmd.exe[3608] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb6f03165a 4 bytes [03, 6F, FB, 07]
.text C:\Windows\System32\igfxpers.exe[3632] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb77ec177a 4 bytes [EC, 77, FB, 07]
.text C:\Windows\System32\igfxpers.exe[3632] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb77ec1782 4 bytes [EC, 77, FB, 07]
.text C:\Windows\System32\igfxpers.exe[3632] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb6f031532 4 bytes [03, 6F, FB, 07]
.text C:\Windows\System32\igfxpers.exe[3632] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb6f03153a 4 bytes [03, 6F, FB, 07]
.text C:\Windows\System32\igfxpers.exe[3632] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb6f03165a 4 bytes [03, 6F, FB, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3672] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb6f031532 4 bytes [03, 6F, FB, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3672] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb6f03153a 4 bytes [03, 6F, FB, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3672] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb6f03165a 4 bytes [03, 6F, FB, 07]
.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe[3812] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb77ec177a 4 bytes [EC, 77, FB, 07]
.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe[3812] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb77ec1782 4 bytes [EC, 77, FB, 07]
.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe[3812] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb6f031532 4 bytes [03, 6F, FB, 07]
.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe[3812] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb6f03153a 4 bytes [03, 6F, FB, 07]
.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe[3812] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb6f03165a 4 bytes [03, 6F, FB, 07]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[3992] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb77ec177a 4 bytes [EC, 77, FB, 07]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[3992] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb77ec1782 4 bytes [EC, 77, FB, 07]
.text C:\Windows\system32\igfxsrvc.exe[4052] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb6f031532 4 bytes [03, 6F, FB, 07]
.text C:\Windows\system32\igfxsrvc.exe[4052] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb6f03153a 4 bytes [03, 6F, FB, 07]
.text C:\Windows\system32\igfxsrvc.exe[4052] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb6f03165a 4 bytes [03, 6F, FB, 07]
.text C:\Windows\system32\wbem\unsecapp.exe[4080] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb6f031532 4 bytes [03, 6F, FB, 07]
.text C:\Windows\system32\wbem\unsecapp.exe[4080] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb6f03153a 4 bytes [03, 6F, FB, 07]
.text C:\Windows\system32\wbem\unsecapp.exe[4080] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb6f03165a 4 bytes [03, 6F, FB, 07]
.text C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[2132] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb6f031532 4 bytes [03, 6F, FB, 07]
.text C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[2132] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb6f03153a 4 bytes [03, 6F, FB, 07]
.text C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[2132] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb6f03165a 4 bytes [03, 6F, FB, 07]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [556:572] fffff960008bf5e8
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Fehlermeldung Norton-Antivirenprogramm Code:
ATTFilter Norton Internet Security
21.5.0.19
Fehler: 8504, 104
Windows 8
9200.16912.amd64fre.win8_gdr.140502-1507
Ergebnisse von Norton AutoFix: 1 Element(e)
LiveUpdate :: Fehlgeschlagen
Lg Christian |
| Themen zu Windows 8: Antivirenprogramm (Norton) und Internetbrowser durch Virus (?) lahmgelegt |
| adware, antivirus, auswerten, browser, converter, cpu, dvdvideosoft ltd., firefox, flash player, homepage, installation, launch, mozilla, mp3, office 365, problem, programm, realtek, registry, rundll, scan, security, software, svchost.exe, symantec, updates, virus, windows, windowsapps |
Baum-Darstellung