| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bebloh TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.09.2014, 19:10
| #1 |
 |  Bebloh Trojaner Ja, einmal nicht aufgepasst...  Seit etwa 2 Wochen hab ich wohl den Trojaner drauf, denke aber dass er von Norton geblockt wird. Nach jedem neustart kommt wenige Minuten später eine Meldung von Norton, dass etwas gefunden wurde und mein PC neu gestartet werden muss. Direkte auswirkungen spüre ich sonst nicht, der Trojaner ist halt nach jedem neustart wieder da Will den nun los werden und bräuchte Hilfe!Habe ESET durchlaufen lassen mit folgendem Ergebnis: C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung gelöscht - in Quarantäne kopiert Arbeitsspeicher Variante von Win32/Spy.Bebloh.K Trojaner Mich stört dass ESET den bebloh gefunden hat, aber scheinbar nichts damit gemacht hat? Norton hat den wohl (automatisch) vorher von der Festplatte entfernt, aber im RAM ist wohl noch was? Wie sehen bitte die weiteren Schritte aus? Danke für die Hilfe im Vorhinein! Ah Sorry vergessen: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-09-2014 02
Ran by Benny at 2014-09-29 20:07:45
Running from D:\Benutzer\Benny\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 15.0.0.249 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.1.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 2.1.0 - Amazon Services LLC) Hidden
AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
BioShock 2 (x32 Version: 1.0.0005.131 - Take-Two Interactive Software) Hidden
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
c4200_Help (x32 Version: 82.0.210.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catan 1.0 (HKLM-x32\...\{A86DDB5D-FB15-4C7E-8838-849493A45DF8}_is1) (Version: 1.0 - USM)
CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5067 - CDBurnerXP)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.0.0.1 - Electronic Arts)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Free MP4 Video Converter version 5.0.48.923 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.48.923 - DVDVideoSoft Ltd.)
Glary Utilities 5.8 (HKLM-x32\...\Glary Utilities 5) (Version: 5.8.0.15 - Glarysoft Ltd)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Gtk# for .Net 2.12.10 (HKLM-x32\...\{04AE3BBC-ABFF-42CC-9F90-5B35D229328A}) (Version: 2.12.10 - Xamarin, Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1 (HKLM\...\{14BC5667-22B0-4DC4-8205-597053BBDDC9}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) Smart Connect Technology 3.0 x64 (HKLM\...\{5154B2E9-21C4-4765-8CA4-618468CC18E2}) (Version: 3.0.30.1483 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Quest III (nur deinstallation) (HKLM-x32\...\Jewel Quest III) (Version: - )
Jewel Quest: Heritage (nur deinstallation) (HKLM-x32\...\Jewel Quest: Heritage) (Version: - )
Logitech GamePanel Software 3.06.109 (HKLM\...\{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}) (Version: 3.06.109 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Xbox 360 Accessories 1.1 (HKLM\...\{8A837C47-2B21-4FDF-8370-41A1EB6A26E8}) (Version: 1.10.123.0 - Microsoft)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 31.1.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.1.1 (x86 de)) (Version: 31.1.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
Password Safe (HKLM-x32\...\Password Safe) (Version: - )
PDF24 Creator 6.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.309.0 - Tracker Software Products Ltd)
PS_AIO_Software_min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.1 - Rockstar Games)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited)
Sound Blaster Z-Series (HKLM-x32\...\{E48EE8B8-1CD6-4F60-AB93-7C398DAAE08E}) (Version: 1.00.21 - Creative Technology Limited)
Sound Blaster Z-Series Extras (HKLM-x32\...\{9D9DB4BA-E352-4AC8-AD2B-B10104F5AB80}) (Version: 1.0 - Creative Technology Limited)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Street Fighter X Tekken (x32 Version: 1.0.0004.130 - CAPCOM U.S.A., INC) Hidden
Super Street Fighter IV: Arcade Edition (HKLM-x32\...\Steam App 45760) (Version: - Capcom)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{E362724E-9320-4946-AF34-874E7B6B2927}) (Version: 6.0.7.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}) (Version: 4.5.5.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version: - )
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version: - Telltale Games)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version: - Creative Assembly)
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Tropico 5 (HKLM-x32\...\Steam App 245620) (Version: - Haemimont Games)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 4.0 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3801066478-2440529612-2960511939-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Benny\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3801066478-2440529612-2960511939-1000_Classes\CLSID\{d4489d3a-d27b-4095-a535-dd9ec7db324e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3801066478-2440529612-2960511939-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3801066478-2440529612-2960511939-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3801066478-2440529612-2960511939-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3801066478-2440529612-2960511939-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3801066478-2440529612-2960511939-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3801066478-2440529612-2960511939-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3801066478-2440529612-2960511939-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3801066478-2440529612-2960511939-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {07A69A44-B6B6-4038-A1BA-E913144487BC} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: {12816B81-2984-4696-889F-BF017CE6EBAC} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {29F88411-11A7-4CA6-906E-A8C7DC353D2C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {4FB23C89-20D0-48C5-A9A6-E3336BD33948} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2011-05-10] (Hewlett-Packard)
Task: {546DE9E6-2848-4B48-9F57-BE9A665825B2} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation)
Task: {58824646-3A5F-4E17-B46E-04518D7473A0} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
Task: {AF80F978-4CAE-488C-98AA-515502475264} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {BEB1C1B8-6DE1-470B-B86A-D129FF0AEDCD} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => d:\program files\windows defender\MpCmdRun.exe
Task: {CC7E19B7-7FCF-4A1A-AEF4-2C7B5BEB411A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D6960872-AB7C-41FF-8589-EE61B681A499} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {DF79E045-633E-44AC-80C1-CE2CF99A0C5C} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {E708C816-39EF-414A-A000-5B24D39FA68C} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2014-09-15] (Glarysoft Ltd)
Task: {FA13CF2A-C741-4CCC-8618-6C28FDA8DBB1} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-09-15] (Glarysoft Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
==================== Loaded Modules (whitelisted) =============
2012-08-06 12:48 - 2010-06-17 21:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2012-08-04 16:51 - 2012-02-21 12:29 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2012-06-29 15:09 - 2012-06-29 15:09 - 00145960 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2012-06-29 15:09 - 2012-06-29 15:09 - 00058920 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2014-07-22 21:09 - 2014-07-22 21:09 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2004-09-30 20:15 - 2004-09-30 20:15 - 00192000 _____ () C:\Program Files\LinkShellExtension\RockallDLL.dll
2012-03-19 22:09 - 2012-03-19 22:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-07-04 08:34 - 2014-09-06 02:54 - 06281536 _____ () C:\Users\Benny\AppData\Local\Amazon Music\Amazon Music Helper.exe
2012-11-23 09:04 - 2012-11-23 09:04 - 00741376 _____ () C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\de-DE\SBZ.resources.dll
2012-09-17 12:19 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2012-09-17 12:19 - 2009-03-26 14:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-09-12 16:09 - 2014-09-12 16:09 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\35c5b7e8c3dd9d2efb0f1e8ee45aaa5e\PSIClient.ni.dll
2012-08-04 16:51 - 2012-02-21 12:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-09-25 19:39 - 2014-09-25 19:39 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-3801066478-2440529612-2960511939-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3801066478-2440529612-2960511939-1003 - Limited - Enabled)
Asti (S-1-5-21-3801066478-2440529612-2960511939-1001 - Administrator - Enabled) => C:\Users\Asti
Benny (S-1-5-21-3801066478-2440529612-2960511939-1000 - Administrator - Enabled) => C:\Users\Benny
Gast (S-1-5-21-3801066478-2440529612-2960511939-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3801066478-2440529612-2960511939-1008 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/29/2014 08:04:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/29/2014 06:29:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/29/2014 06:29:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/29/2014 06:28:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/29/2014 06:27:49 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CSleepWakeTimeManager::SaveFFSSettings iRST driver does not exist
Error: (09/29/2014 06:27:49 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: EnableIsctErrorNotification iSCT error notification has been enabled.
Error: (09/29/2014 06:27:49 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: RegInit OEM default registry path does not exist.
Error: (09/28/2014 10:33:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/28/2014 10:32:08 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CSleepWakeTimeManager::SaveFFSSettings iRST driver does not exist
Error: (09/28/2014 10:32:08 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: EnableIsctErrorNotification iSCT error notification has been enabled.
System errors:
=============
Error: (09/29/2014 06:27:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "WWAN - automatische Konfiguration" wurde mit folgendem Fehler beendet:
%%5
Error: (09/28/2014 10:32:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "WWAN - automatische Konfiguration" wurde mit folgendem Fehler beendet:
%%5
Error: (09/28/2014 10:27:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "WWAN - automatische Konfiguration" wurde mit folgendem Fehler beendet:
%%5
Error: (09/28/2014 09:53:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "WWAN - automatische Konfiguration" wurde mit folgendem Fehler beendet:
%%5
Error: (09/28/2014 07:58:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "WWAN - automatische Konfiguration" wurde mit folgendem Fehler beendet:
%%5
Error: (09/28/2014 03:34:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "WWAN - automatische Konfiguration" wurde mit folgendem Fehler beendet:
%%5
Error: (09/27/2014 07:51:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "WWAN - automatische Konfiguration" wurde mit folgendem Fehler beendet:
%%5
Error: (09/27/2014 07:45:52 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "WWAN - automatische Konfiguration" wurde mit folgendem Fehler beendet:
%%5
Error: (09/26/2014 09:33:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "WWAN - automatische Konfiguration" wurde mit folgendem Fehler beendet:
%%5
Error: (09/26/2014 05:25:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "WWAN - automatische Konfiguration" wurde mit folgendem Fehler beendet:
%%5
Microsoft Office Sessions:
=========================
Error: (09/29/2014 08:04:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Benutzer\Benny\Downloads\esetsmartinstaller_deu.exe
Error: (09/29/2014 06:29:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Benutzer\Benny\Downloads\esetsmartinstaller_deu.exe
Error: (09/29/2014 06:29:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/29/2014 06:28:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Benutzer\Benny\Downloads\esetsmartinstaller_deu.exe
Error: (09/29/2014 06:27:49 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CSleepWakeTimeManager::SaveFFSSettings iRST driver does not exist
Error: (09/29/2014 06:27:49 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: EnableIsctErrorNotification iSCT error notification has been enabled.
Error: (09/29/2014 06:27:49 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: RegInit OEM default registry path does not exist.
Error: (09/28/2014 10:33:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/28/2014 10:32:08 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CSleepWakeTimeManager::SaveFFSSettings iRST driver does not exist
Error: (09/28/2014 10:32:08 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: EnableIsctErrorNotification iSCT error notification has been enabled.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3550 CPU @ 3.30GHz
Percentage of memory in use: 36%
Total physical RAM: 8087.07 MB
Available physical RAM: 5165.56 MB
Total Pagefile: 16172.33 MB
Available Pagefile: 13225.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:238.25 GB) (Free:105.34 GB) NTFS
Drive d: (Spiele) (Fixed) (Total:465.76 GB) (Free:198.86 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FD9D279E)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: 96BE439A)
Partition: GPT Partition Type.
==================== End Of Log ============================
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-09-2014 02 Ran by Benny (administrator) on SENECA on 29-09-2014 20:07:02 Running from D:\Benutzer\Benny\Downloads Loaded Profile: Benny (Available profiles: Benny & Asti) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe () C:\Windows\System32\PnkBstrA.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe () C:\Users\Benny\AppData\Local\Amazon Music\Amazon Music Helper.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [855608 2007-09-26] (Microsoft Corporation) HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation) HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [735744 2013-02-27] (Creative Technology Ltd) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3801066478-2440529612-2960511939-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-09-15] (Glarysoft Ltd) HKU\S-1-5-21-3801066478-2440529612-2960511939-1000\...\Run: [Amazon Music] => C:\Users\Benny\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] () HKU\S-1-5-21-3801066478-2440529612-2960511939-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-3801066478-2440529612-2960511939-1000\...\MountPoints2: {b7aeadd5-268b-11e2-b8ef-bc5ff4442c3d} - F:\AutoRun.exe HKU\S-1-5-21-3801066478-2440529612-2960511939-1000\...\MountPoints2: {b7aeadf9-268b-11e2-b8ef-bc5ff4442c3d} - F:\AutoRun.exe ShellIconOverlayIdentifiers: HardLinkMenu -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll (Hermann Schinagl) ShellIconOverlayIdentifiers: IconOverlayHardLink -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll (Hermann Schinagl) ShellIconOverlayIdentifiers: IconOverlaySymbolicLink -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll (Hermann Schinagl) BootExecute: autocheck autochk * ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCEFC7B495072CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKCU - DefaultScope {314B1554-3842-480F-9D3A-4CEBF76FDA46} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {314B1554-3842-480F-9D3A-4CEBF76FDA46} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=20&locale=de_DE&gct=kwd&qsrc=2869 BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Benny\AppData\Roaming\Mozilla\Firefox\Profiles\lkcwxvxz.default FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @esn/esnlaunch,version=1.132.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Benny\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ProxTube - C:\Users\Benny\AppData\Roaming\Mozilla\Firefox\Profiles\lkcwxvxz.default\Extensions\ich@maltegoetz.de.xpi [2014-09-11] FF Extension: YouTube High Definition - C:\Users\Benny\AppData\Roaming\Mozilla\Firefox\Profiles\lkcwxvxz.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-07-13] FF Extension: Adblock Plus - C:\Users\Benny\AppData\Roaming\Mozilla\Firefox\Profiles\lkcwxvxz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-04] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn [2014-09-29] Chrome: ======= CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-24] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-24] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-12-28] (Creative Labs) [File not signed] S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-12-28] (Creative Labs) [File not signed] R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed] R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [112640 2013-05-22] (Creative Technology Ltd) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed] R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] () R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [145960 2012-06-29] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation) R4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-22] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-11] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.) R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [49760 2011-09-21] (Asmedia Technology) R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [1586904 2014-09-13] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation) R3 cthda; C:\Windows\System32\drivers\cthda.sys [1060632 2013-05-22] (Creative Technology Ltd) R3 cthdb; C:\Windows\System32\DRIVERS\cthdb.sys [25088 2014-04-16] (Creative Technology Ltd) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-10] (Symantec Corporation) R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20672 2014-09-11] (Glarysoft Ltd) R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [27456 2012-07-09] (Intel Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20140926.003\IDSvia64.sys [633560 2014-08-30] (Symantec Corporation) R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [20968 2012-06-29] () R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [19944 2012-06-29] () R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-06-29] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-29] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140928.022\ENG64.SYS [129752 2014-09-10] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140928.022\EX64.SYS [2137304 2014-09-10] (Symantec Corporation) R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-31] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-09-29] () S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-29 20:06 - 2014-09-29 20:07 - 00000000 ____D () C:\FRST 2014-09-29 19:45 - 2014-09-29 19:45 - 00000000 ____D () C:\Users\Benny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos 2014-09-29 19:45 - 2014-09-29 19:45 - 00000000 ____D () C:\Program Files (x86)\Sophos 2014-09-29 18:29 - 2014-09-29 18:29 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-09-29 18:27 - 2014-09-29 18:27 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp 2014-09-28 22:29 - 2014-09-29 20:02 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-28 22:29 - 2014-09-28 22:29 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-28 22:28 - 2014-09-28 22:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-28 22:28 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-28 22:28 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-28 22:28 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-28 21:53 - 2014-09-29 18:27 - 00096168 _____ () C:\Windows\setupact.log 2014-09-28 21:53 - 2014-09-29 18:27 - 00001336 _____ () C:\Windows\PFRO.log 2014-09-28 21:53 - 2014-09-28 21:53 - 00000000 _____ () C:\Windows\setuperr.log 2014-09-28 20:05 - 2014-09-28 20:05 - 00001083 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk 2014-09-25 19:39 - 2014-09-25 19:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-25 12:16 - 2014-09-25 12:16 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security 2014-09-24 13:02 - 2014-09-24 13:02 - 00000000 ____D () C:\AMD 2014-09-24 13:00 - 2014-09-24 13:00 - 00001481 _____ () C:\Users\Public\Desktop\Free MP4 Video Converter.lnk 2014-09-24 13:00 - 2014-09-24 13:00 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2014-09-24 10:36 - 2014-09-24 10:36 - 00000693 _____ () C:\Users\Public\Desktop\FIFA 15.lnk 2014-09-24 07:49 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-24 07:49 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-09-23 21:43 - 2014-09-23 21:43 - 00000658 _____ () C:\Users\Public\Desktop\Hearthstone.lnk 2014-09-22 09:15 - 2014-09-22 09:15 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-09-19 19:29 - 2014-09-21 12:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-09-10 09:25 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-10 09:25 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-10 09:25 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-10 09:25 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-10 09:25 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-10 09:25 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-10 09:25 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-10 09:25 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-10 09:25 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-10 09:25 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-10 09:25 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-10 09:25 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-10 09:25 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-10 09:25 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-10 09:25 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-10 09:25 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-10 09:25 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-10 09:25 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-10 09:25 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-10 09:25 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-10 09:25 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-10 09:25 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-10 09:25 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-10 09:25 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-10 09:25 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-10 09:25 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-10 09:25 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-10 09:25 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-10 09:25 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-10 09:25 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-10 09:25 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-10 09:25 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-10 09:25 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-10 09:25 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-10 09:25 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-10 09:25 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-10 09:25 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-10 09:25 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-10 09:25 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-10 09:25 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-10 09:25 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-10 09:25 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-10 09:25 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-10 09:25 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-10 09:25 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-10 09:25 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-10 09:25 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-10 09:25 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-10 09:25 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-10 09:25 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-10 09:25 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-10 09:25 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-10 09:25 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-10 09:25 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-10 09:25 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-10 09:25 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-10 09:22 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-10 09:22 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-10 08:54 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-10 08:54 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-10 08:54 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-10 08:54 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-10 08:54 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-10 08:54 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-10 08:54 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-10 08:54 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-10 08:54 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-10 08:54 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-10 08:54 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-29 20:07 - 2012-08-05 14:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-29 19:19 - 2012-08-06 12:43 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2014-09-29 18:35 - 2009-07-14 06:45 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-29 18:35 - 2009-07-14 06:45 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-29 18:33 - 2011-04-12 09:43 - 00710922 _____ () C:\Windows\system32\perfh007.dat 2014-09-29 18:33 - 2011-04-12 09:43 - 00154856 _____ () C:\Windows\system32\perfc007.dat 2014-09-29 18:33 - 2009-07-14 07:13 - 01652842 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-29 18:31 - 2014-02-03 14:19 - 01227809 _____ () C:\Windows\WindowsUpdate.log 2014-09-29 18:29 - 2014-05-16 11:59 - 00000334 _____ () C:\Windows\Tasks\GlaryInitialize 5.job 2014-09-29 18:28 - 2012-12-01 09:38 - 00000326 _____ () C:\Windows\Tasks\GlaryInitialize.job 2014-09-29 18:28 - 2012-08-06 12:43 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2014-09-29 18:27 - 2012-08-06 13:00 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys 2014-09-29 18:27 - 2012-08-04 18:40 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs 2014-09-29 18:27 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-28 22:37 - 2013-08-24 09:54 - 00000000 ____D () C:\Users\Benny\AppData\Local\NPE 2014-09-28 21:51 - 2012-10-12 18:28 - 00000000 ___RD () C:\Users\Benny\Dropbox 2014-09-28 20:07 - 2012-10-12 18:27 - 00000000 ____D () C:\Users\Benny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-09-28 20:07 - 2012-10-12 18:27 - 00000000 ____D () C:\Users\Benny\AppData\Roaming\Dropbox 2014-09-28 20:06 - 2013-12-28 17:20 - 00001159 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk 2014-09-28 20:06 - 2013-12-28 17:20 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP 2014-09-28 20:05 - 2012-10-19 12:15 - 00000000 ____D () C:\Program Files (x86)\PDF24 2014-09-28 20:04 - 2013-08-29 15:08 - 00000000 ____D () C:\Users\Benny\AppData\Local\CrashDumps 2014-09-28 20:03 - 2014-05-16 11:59 - 00002968 _____ () C:\Windows\System32\Tasks\GU5SkipUAC 2014-09-28 20:03 - 2014-05-16 11:59 - 00002626 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5 2014-09-28 20:03 - 2014-05-16 11:59 - 00001084 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk 2014-09-28 20:03 - 2014-05-16 11:59 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5 2014-09-27 08:11 - 2014-05-02 12:10 - 00000000 ____D () C:\Users\Benny\AppData\Local\Deployment 2014-09-26 11:27 - 2013-10-16 08:07 - 00000000 ____D () C:\Users\Benny\AppData\Local\Battle.net 2014-09-26 08:50 - 2012-08-04 16:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-25 12:11 - 2014-05-31 14:38 - 00002501 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk 2014-09-25 12:11 - 2012-08-12 09:09 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2014-09-25 12:11 - 2012-08-12 09:09 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64 2014-09-25 07:46 - 2014-06-05 14:43 - 00000000 ____D () C:\Users\Benny\AppData\Local\PasswordSafe 2014-09-24 20:50 - 2012-08-27 16:57 - 00000000 ____D () C:\Games 2014-09-24 13:00 - 2014-06-17 11:20 - 00000000 ____D () C:\Users\Benny\AppData\Roaming\DVDVideoSoft 2014-09-24 12:18 - 2013-08-21 12:14 - 00007654 _____ () C:\Users\Benny\AppData\Local\Resmon.ResmonCfg 2014-09-24 11:47 - 2012-08-05 13:58 - 00000000 ____D () C:\Users\Benny\AppData\Roaming\Skype 2014-09-23 21:07 - 2012-08-05 14:03 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-23 21:07 - 2012-08-05 14:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-23 21:07 - 2012-08-05 14:03 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-23 19:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-09-22 09:15 - 2014-03-11 13:12 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-09-18 13:01 - 2012-09-18 12:38 - 00000000 ____D () C:\Users\Asti\AppData\Roaming\Skype 2014-09-14 22:28 - 2012-08-05 13:05 - 00000000 ____D () C:\Users\Benny\AppData\Roaming\TS3Client 2014-09-13 10:29 - 2013-08-08 15:40 - 00028672 _____ () C:\Windows\system32\config\SECURITY.gu 2014-09-13 10:29 - 2013-07-19 18:36 - 00094208 _____ () C:\Windows\system32\config\SAM.gu 2014-09-13 10:29 - 2013-07-19 18:36 - 00036864 _____ () C:\Windows\system32\config\SYSTEM.gu 2014-09-13 10:29 - 2012-09-17 12:20 - 00000000 ____D () C:\Users\Benny 2014-09-13 10:29 - 2009-07-14 04:34 - 75235328 _____ () C:\Windows\system32\config\SOFTWARE.gu.bak 2014-09-13 10:29 - 2009-07-14 04:34 - 18087936 _____ () C:\Windows\system32\config\SYSTEM.gu.bak 2014-09-13 10:28 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.gu.bak 2014-09-12 15:59 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-09-11 20:05 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\restore 2014-09-11 10:13 - 2014-05-16 11:59 - 00020672 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys 2014-09-10 09:24 - 2013-07-11 20:32 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-10 09:24 - 2012-09-17 12:19 - 01626186 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-10 09:23 - 2012-09-17 12:39 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-10 09:22 - 2014-04-25 17:45 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-08 11:34 - 2013-12-23 16:28 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins 2014-09-02 19:16 - 2012-12-31 11:17 - 00000000 ____D () C:\Windows\SysWOW64\directx 2014-09-01 08:14 - 2013-07-19 18:36 - 00028960 _____ (Glarysoft Ltd) C:\Windows\system32\RegBootDefrag.exe Some content of TEMP: ==================== C:\Users\Benny\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0a2xpq.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-23 11:48 ==================== End Of Log ============================ --- --- --- |
|
29.09.2014, 20:05
| #2 |
| /// the machine /// TB-Ausbilder    | Bebloh Trojaner Hi,
__________________wo findet Norton den?
__________________ |
|
29.09.2014, 20:12
| #3 |
| | Bebloh Trojaner c:\windows\syswow64\00001066.tmp
__________________und c:\windows\syswow64\00023483.tmp Nach jedem neustart "behebt" er den trojaner und setzt ihn in Quarantäne, wie man aber sieht is der wohl noch im RAM |
|
30.09.2014, 15:23
| #4 |
| /// the machine /// TB-Ausbilder | Bebloh Trojaner hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.10.2014, 18:58
| #5 |
| | Bebloh Trojaner Ich habe gestern dann einen Anruf meiner Bank bekommen, dass mein Onlinekonto vorübergebend gesperrt wurde aufgrund eines Phishing versuches Habe dann nicht mehr lange rumgemacht, eine komplette Neuinstallation meines Systemes war eh langsam wieder nötig. Hab also die Systemfestplatte komplett formatiert und das System neu aufgesetzt. Bin noch nicht dazu gekommen, meine Spielefestplatte und die angeschlossene Externe Festplatte durchzuscannen, ist da noch was zu erwarten? Die Systemfestplatte ist laut Notron clean  Edit: Die Systemfestplatte ist eine SSD, die zweite Spielefestplatte eine andere Festplatte. Also keine Partitionen oder sowas. Es wird auch nur ausschliesslich von der (ehemals befallenen) SSD gebootet Geändert von LineofFire (01.10.2014 um 19:11 Uhr) |
|
02.10.2014, 11:36
| #6 |
| /// the machine /// TB-Ausbilder | Bebloh Trojaner Nein die Platten sollten nix haben, einfach einmal scannen. Ändere alle Zugänge und Passwörter!
__________________ --> Bebloh Trojaner |
|
02.10.2014, 17:06
| #7 |
| | Bebloh Trojaner Alle Festplatten mit Norton und Malewarebytes durchgescannt, alles sauber Zugänge und Passwörter sind bereits geändert (bis auf die unwichtigen Forenaccounts und so, da dürften in der Regel keine verwertbaren Daten drin stehen  ) Vielen Dank trotzdem! Hätte man den Trojaner auch so sicher weg bekommen? |
|
03.10.2014, 11:29
| #8 |
| /// the machine /// TB-Ausbilder | Bebloh Trojaner Ich hab keine weiteren Logs gesehen, aber ich sag mal ja 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Bebloh Trojaner |
| adobe, auswirkungen, automatisch, branding, bräuchte, dvdvideosoft ltd., entfernt, ergebnis, eset, festplatte, folge, geblockt, gen, meldung, neustart, nichts, norton, platte, quarantäne, ram, sichere, system, system32, tracker, trojaner, windows, woche, wochen |
Linear-Darstellung
