| |
| |||||||
Log-Analyse und Auswertung: Windows 7 - PC stürzt ab und startet unzuverlässig: Meldung "Non-System disk or disk error..."; Trojaner/Viren oder mechanisches Problem?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.11.2014, 00:04
| #1 |
 |  Windows 7 - PC stürzt ab und startet unzuverlässig: Meldung "Non-System disk or disk error..."; Trojaner/Viren oder mechanisches Problem? Hallo! In letzter Zeit arbeitet mein Notebook sehr unzuverlässig. Zunächst kam es immer wieder vor, dass es sich beim Zuklappen nach einiger Zeit selbst abgeschaltet hat (obwohl ich für diese Aktion nur den Energiesparmodus ausgewählt hatte). Vor 3 Tagen dann fuhr er plötzlich gar nicht mehr hoch und es kam die Meldung "Non-System disk or disk error; replace and strike any key when ready". Hinzu kam ein leises Klackern im Sekundentakt, das evtl. von der Festplatte kam (?). Mit ESC kam ich in den Boot-bzw. Einstellungsmodus, aber da ich kaum Ahnung habe, brachte mir das nicht viel. So musste ich den PC einfach per Knopfrduck ausschalten und nach mehrmaligen Versuchen blieb das Klackern aus und er ließ bzw. lässt er sich dann meistens (noch) hochfahren. Bei dem Versuch, meine Daten auf einer externen Festplatte zu sichern, ging bei 36 % dann gar nichts mehr. Selbst der Task-Manager gab keine Rückmeldung. Also musste ich das Notebook wieder per Knopfdruck einfach ausschalten. Nachdem ich vorher eher an ein mechanisches Problem der Festplatte oder des Mainboards gedacht habe (ein Bekannter gab mir den Hinweis), kam mir jetzt alles doch sehr komisch vor und ich entschloss mich, mir Malwarebites runterzuladen. Der Scan ergab einige Treffer, mit denen ich inhaltlich gar nichts anfangen kann (2 "rote" Treffer, 144 "orangene"). Ich habe alles in die Quarantäne geschoben und bin daraufhin auf diese Seite gestoßen und erhoffe mir jetzt von euch Hilfe, das alles zu interpretieren. Ich habe alles den Hinweisen entsprechend durchgeführt. "Defogger" hat irgendwie nicht geklappt, auf jeden Fall wurde kein Scan durchgeführt. Nach den Scans von FRST und GMR habe ich mit meinen Virenscanner (Norton) einen vollständigen Systemscan durchgeführt. Dabei wurde "Trojan.ZBot" gefunden und vollständig behoben. Leider passierte das automatisch. Ich habe hier gelesen, dass man lieber nichts selbst beheben, sondern auf Anweiseungen warten soll....Bei den regelmäßigen automatischen Scans durch Norton wurde übrigens nichts gefunden. Hier folgen nun die Logs. Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 06.11.2014 Suchlauf-Zeit: 19:29:35 Logdatei: Bedrohungssuchlauf_06_11_14.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.11.06.07 Rootkit Datenbank: v2014.11.01.02 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Raendel Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 418503 Verstrichene Zeit: 20 Min, 19 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 19 PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [276887b1cbb1270f57eeb2371be7a65a], PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [276887b1cbb1270f57eeb2371be7a65a], PUP.Optional.Babylon.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [99f661d7c5b7fe389148911e2ad810f0], PUP.Optional.Babylon.A, HKU\S-1-5-21-1657621607-3020073833-46604503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}, In Quarantäne, [99f661d7c5b7fe389148911e2ad810f0], PUP.Optional.Delta.A, HKU\S-1-5-21-1657621607-3020073833-46604503-1074-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{82E1477C-B154-48D3-9891-33D83C26BCD3}, In Quarantäne, [d9b68fa90c7088ae6fd69e4a9072f907], PUP.Optional.Delta.A, HKU\S-1-5-21-1657621607-3020073833-46604503-1074-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{82E1477C-B154-48D3-9891-33D83C26BCD3}, In Quarantäne, [d9b68fa90c7088ae6fd69e4a9072f907], PUP.Optional.Delta.A, HKU\S-1-5-21-1657621607-3020073833-46604503-1074-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}, In Quarantäne, [652abc7c9fdd76c04df75e8ab54db947], PUP.Optional.Delta.A, HKU\S-1-5-21-1657621607-3020073833-46604503-1074-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}, In Quarantäne, [652abc7c9fdd76c04df75e8ab54db947], PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Delta Chrome Toolbar, In Quarantäne, [a3ec32066319f93d80c68c0fc24214ec], PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, In Quarantäne, [6d2286b290ec06307425c981e51ee51b], PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\eooncjejnppfjjklapaamhcdmjbilmde, In Quarantäne, [4e411d1b59232d098441f34146bd5fa1], PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, In Quarantäne, [fd9251e768140c2a1ae80341bd46ec14], PUP.Optional.ConduitSearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, In Quarantäne, [137c3dfbacd0280e06723d3d7b89ee12], PUP.Optional.DataMngr.A, HKU\S-1-5-21-1657621607-3020073833-46604503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, In Quarantäne, [7d121f19d1ab7cba172f166752b28e72], PUP.Optional.DataMngr.A, HKU\S-1-5-21-1657621607-3020073833-46604503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, In Quarantäne, [c8c73ff9582448ee0540a6d79e6634cc], PUP.Optional.Babylon.A, HKU\S-1-5-21-1657621607-3020073833-46604503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, In Quarantäne, [701fbb7d37456fc7ee5b2d51af55fa06], PUP.Optional.BProtector.A, HKU\S-1-5-21-1657621607-3020073833-46604503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, In Quarantäne, [870836021567c373c4cbe997d52fde22], PUP.Optional.Softonic.A, HKU\S-1-5-21-1657621607-3020073833-46604503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [127d43f54b3165d1fb7459fd3bc87090], Registrierungswerte: 4 PUP.Optional.FreeMakeConverter.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|fmconverter@gmail.com, C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\, In Quarantäne, [eba408303f3d3ff7d4c689a2dd261ee2] PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, In Quarantäne, [fd9251e768140c2a1ae80341bd46ec14] PUP.BProtector, HKU\S-1-5-21-1657621607-3020073833-46604503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, hxxp://search.babylon.com/?babsrc=HP_ss_sps&mntrId=D2F80026C6083CCF&affID=121563&tsp=4932, In Quarantäne, [4f4053e57b013bfb26212954aa5ace32] PUP.BProtector, HKU\S-1-5-21-1657621607-3020073833-46604503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [ade2d563cdaf3cfa2028532aa65e25db] Registrierungsdaten: 1 PUP.Optional.Trovi.A, HKU\S-1-5-21-1657621607-3020073833-46604503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M12971E38-F356-47B5-BFF9-802F51A67A6E&SearchSource=55&CUI=&UM=5&UP=SP670D39C9-723C-4CDE-9459-636AFBDCB698&SSPV=, Gut: (www.google.com), Schlecht: (hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M12971E38-F356-47B5-BFF9-802F51A67A6E&SearchSource=55&CUI=&UM=5&UP=SP670D39C9-723C-4CDE-9459-636AFBDCB698&SSPV=),Ersetzt,[b8d761d795e743f3739c1d16b64f12ee] Ordner: 32 PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\rep, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\rep, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.Delta.A, C:\Users\Raendel\AppData\Roaming\BabSolution\Shared, In Quarantäne, [a3ec32066319f93d80c68c0fc24214ec], PUP.Optional.OpenCandy, C:\Users\Raendel\AppData\Roaming\OpenCandy, In Quarantäne, [226d0a2e473578be3aa5609c29d97a86], PUP.Optional.OpenCandy, C:\Users\Raendel\AppData\Roaming\OpenCandy\7010F58069DC4C2D8CDE8990CE153ACE, In Quarantäne, [226d0a2e473578be3aa5609c29d97a86], PUP.Optional.OpenCandy, C:\Users\Raendel\AppData\Roaming\OpenCandy\7281080E35F44B2487D1C521460A92DC, In Quarantäne, [226d0a2e473578be3aa5609c29d97a86], PUP.Optional.OpenCandy, C:\Users\Raendel\AppData\Roaming\OpenCandy\CD636EA7D59E4906AB6A9863239A3B6A, In Quarantäne, [226d0a2e473578be3aa5609c29d97a86], PUP.Optional.OpenCandy, C:\Users\Raendel\AppData\Roaming\OpenCandy\DAA5F0D2F4CD4933ABB20C45E5D8E9DA, In Quarantäne, [226d0a2e473578be3aa5609c29d97a86], PUP.Optional.OpenCandy, C:\Users\Raendel\AppData\Roaming\OpenCandy\E416A901C2324FAF88B46450A1504789, In Quarantäne, [226d0a2e473578be3aa5609c29d97a86], PUP.Optional.SearchProtect.A, C:\Users\Raendel\AppData\Local\SearchProtect, In Quarantäne, [018e74c40b711620b8ae4dc5d72cb44c], PUP.Optional.SearchProtect.A, C:\Users\Raendel\AppData\Local\SearchProtect\SearchProtect, In Quarantäne, [018e74c40b711620b8ae4dc5d72cb44c], PUP.Optional.SearchProtect.A, C:\Users\Raendel\AppData\Local\SearchProtect\SearchProtect\rep, In Quarantäne, [018e74c40b711620b8ae4dc5d72cb44c], PUP.Optional.SearchProtect.A, C:\Users\Raendel\AppData\Local\SearchProtect\SearchProtect\STG, In Quarantäne, [018e74c40b711620b8ae4dc5d72cb44c], PUP.Optional.SearchProtect.A, C:\Users\Raendel\AppData\Local\SearchProtect\UI, In Quarantäne, [018e74c40b711620b8ae4dc5d72cb44c], PUP.Optional.SearchProtect.A, C:\Users\Raendel\AppData\Local\SearchProtect\UI\rep, In Quarantäne, [018e74c40b711620b8ae4dc5d72cb44c], PUP.Optional.BabSolution.A, C:\Users\Raendel\AppData\Roaming\BabSolution\CR, In Quarantäne, [1c73da5e2359de581a6538dce3209e62], Dateien: 101 PUP.Optional.BabSolution.A, C:\Users\Raendel\AppData\Roaming\BabSolution\Shared\BUSolution.dll, In Quarantäne, [078820185e1ec4726110d2524db4a858], PUP.Optional.Babylon.A, C:\Users\Raendel\AppData\Roaming\OpenCandy\7281080E35F44B2487D1C521460A92DC\DeltaTB.exe, In Quarantäne, [414e76c2e29a1f177f7e29f4c9384db3], Trojan.RotBrowse, C:\Users\Raendel\AppData\Local\Temp\FE8A.tmp, In Quarantäne, [3c5382b66319f73f9cdfa66c0ff658a8], PUP.Optional.Installcore, C:\Users\Raendel\AppData\Local\Temp\nse9965.tmp\InstallManager.exe, In Quarantäne, [afe062d6a5d787af5beb19cf81804ab6], PUP.Optional.Installcore, C:\Users\Raendel\AppData\Local\Temp\nseBBD3.tmp\nsvmd.dll, In Quarantäne, [36592f0964186acc7ccac02849b84ab6], PUP.Optional.Monetizer, C:\Users\Raendel\AppData\Local\Temp\is-QN54C.tmp\CBStub.exe, In Quarantäne, [fb94b088295347ef5415d1bb04fe5ea2], PUP.Optional.BabSolution.A, C:\Users\Raendel\AppData\Local\Temp\bus4B51\BUSolution.dll, In Quarantäne, [aee1da5eb5c776c0c9a83be951b01ae6], PUP.Optional.Babylon.A, C:\Users\Raendel\AppData\Local\Temp\226F07AE-BAB0-7891-9FAD-9467E85590FF\Latest\BExternal.dll, In Quarantäne, [4847e157e894fc3a0c15a2813dc3a25e], Trojan.RotBrowse, C:\Users\Raendel\AppData\Local\Temp\226F07AE-BAB0-7891-9FAD-9467E85590FF\Latest\ccp.exe, In Quarantäne, [088746f27b01c175ec8fe929e2234cb4], PUP.Optional.Babylon.A, C:\Users\Raendel\AppData\Local\Temp\226F07AE-BAB0-7891-9FAD-9467E85590FF\Latest\CrxInstaller.dll, In Quarantäne, [404f91a7562665d19c8b9e93cd346b95], PUP.Optional.Delta, C:\Users\Raendel\AppData\Local\Temp\226F07AE-BAB0-7891-9FAD-9467E85590FF\Latest\MyDeltaTB.exe, In Quarantäne, [d1beb484c3b9ca6c0b08de431ae7d828], PUP.Optional.Babylon.A, C:\Users\Raendel\AppData\Local\Temp\226F07AE-BAB0-7891-9FAD-9467E85590FF\Latest\Setup.exe, In Quarantäne, [0788aa8ebac2ab8b125fbc622fd1f709], PUP.Optional.Conduit.A, C:\Windows\Temp\nsi90F4.exe, In Quarantäne, [26692a0ec5b7f73f127af9a10ff27b85], PUP.Optional.Conduit.A, C:\Windows\Temp\nss43EA.exe, In Quarantäne, [c3cc7dbbb5c7fa3c177596045da438c8], PUP.Optional.Conduit.A, C:\Windows\Temp\nsx722D.exe, In Quarantäne, [eaa586b245371d19107c0793d32ea957], PUP.Optional.Conduit.A, C:\Windows\Temp\nsy6B0B.exe, In Quarantäne, [6d22a692017b979faae2b5e54fb22cd4], PUP.Optional.Somoto, C:\Users\Raendel\Downloads\VeenPikto_downloader_by_Fonts101.exe, In Quarantäne, [315ef8407ffd20164f7671f1679e4db3], PUP.Optional.Softonic.A, C:\Users\Raendel\Downloads\SoftonicDownloader_fuer_easy-mp3-cutter.exe, In Quarantäne, [cdc25ddb9ddf7bbb12100b2d649dc23e], PUP.Optional.Babylon.A, C:\Windows\System32\Tasks\EPUpdater, In Quarantäne, [fb9451e73646f93dcfcdda6ac53e926e], PUP.Optional.BitGuard.A, C:\Windows\System32\Tasks\BitGuard, In Quarantäne, [59369c9c7a021521aff5b78de51e9c64], PUP.Optional.Trovi.A, C:\Users\Raendel\AppData\Roaming\Mozilla\Firefox\Profiles\ffe3z1xb.default-1401574501442\searchplugins\trovi-search.xml, In Quarantäne, [0f80290fa8d475c13f215ef18281f50b], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\EULA.txt, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.Delta.A, C:\Users\Raendel\AppData\Roaming\BabSolution\Shared\Delta.ico, In Quarantäne, [a3ec32066319f93d80c68c0fc24214ec], PUP.Optional.Delta.A, C:\Users\Raendel\AppData\Roaming\BabSolution\Shared\BabMaint.exe, In Quarantäne, [a3ec32066319f93d80c68c0fc24214ec], PUP.Optional.Delta.A, C:\Users\Raendel\AppData\Roaming\BabSolution\Shared\chu.js, In Quarantäne, [a3ec32066319f93d80c68c0fc24214ec], PUP.Optional.Delta.A, C:\Users\Raendel\AppData\Roaming\BabSolution\Shared\GUninstaller.exe, In Quarantäne, [a3ec32066319f93d80c68c0fc24214ec], PUP.Optional.Delta.A, C:\Users\Raendel\AppData\Roaming\BabSolution\Shared\SetupParams.ini, In Quarantäne, [a3ec32066319f93d80c68c0fc24214ec], PUP.Optional.Delta.A, C:\Users\Raendel\AppData\Roaming\BabSolution\Shared\sqlite3.dll, In Quarantäne, [a3ec32066319f93d80c68c0fc24214ec], PUP.Optional.OpenCandy, C:\Users\Raendel\AppData\Roaming\OpenCandy\7010F58069DC4C2D8CDE8990CE153ACE\TuneUpUtilities2014_de-DE.exe, In Quarantäne, [226d0a2e473578be3aa5609c29d97a86], PUP.Optional.OpenCandy, C:\Users\Raendel\AppData\Roaming\OpenCandy\DAA5F0D2F4CD4933ABB20C45E5D8E9DA\zafwSetupWeb_131_211_000.exe, In Quarantäne, [226d0a2e473578be3aa5609c29d97a86], PUP.Optional.OpenCandy, C:\Users\Raendel\AppData\Roaming\OpenCandy\E416A901C2324FAF88B46450A1504789\speedupmypcDE.exe, In Quarantäne, [226d0a2e473578be3aa5609c29d97a86], PUP.Optional.SearchProtect.A, C:\Users\Raendel\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, In Quarantäne, [018e74c40b711620b8ae4dc5d72cb44c], PUP.Optional.SearchProtect.A, C:\Users\Raendel\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, In Quarantäne, [018e74c40b711620b8ae4dc5d72cb44c], PUP.Optional.SearchProtect.A, C:\Users\Raendel\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, In Quarantäne, [018e74c40b711620b8ae4dc5d72cb44c], PUP.Optional.BabSolution.A, C:\Users\Raendel\AppData\Roaming\BabSolution\CR\Delta.crx, In Quarantäne, [1c73da5e2359de581a6538dce3209e62], PUP.Optional.Trovi.A, C:\Users\Raendel\AppData\Roaming\Mozilla\Firefox\Profiles\ffe3z1xb.default-1401574501442\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M12971E38-F356-47B5-BFF9-802F51A67A6E&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP670D39C9-723C-4CDE-9459-636AFBDCB698");), Ersetzt,[533c61d74438af87c873ee85699c6f91] Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014 Ran by Raendel (administrator) on KATHIS-NOTEBOOK on 06-11-2014 20:26:22 Running from C:\Users\Raendel\Saved Games\Desktop Loaded Profile: Raendel (Available profiles: Raendel & Kathi Neu & Kathi Neuneu) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe () C:\Program Files (x86)\HDD Health\HDDHealthService.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\nst.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\nst.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe (PANTERASoft) C:\Program Files (x86)\HDD Health\hddhealth.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Program Files (x86)\EnterDigital\updateEnterDigital.exe () C:\Program Files (x86)\EnterDigital\EnterDigital.FirstRun.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-03] (Synaptics Incorporated) HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-10-01] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1657621607-3020073833-46604503-1000\...\Run: [HP Photosmart 6520 series (NET)] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-1657621607-3020073833-46604503-1000\...\Run: [hddhealth] => C:\Program Files (x86)\HDD Health\hddhealth.exe [3246944 2013-03-08] (PANTERASoft) HKU\S-1-5-21-1657621607-3020073833-46604503-1000\...\RunOnce: [WSE_Astromenda] => wscript /E:vbscript /B "C:\Users\Raendel\AppData\Roaming\WSE_Astromenda\UpdateProc\bkup.dat" HKU\S-1-5-21-1657621607-3020073833-46604503-1000\...\RunOnce: [DigitalSites] => wscript /E:vbscript /B "C:\Users\Raendel\AppData\Roaming\DigitalSites\UpdateProc\bkup.dat" HKU\S-1-5-21-1657621607-3020073833-46604503-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000 AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://astromenda.com/?f=1&a=ast_ggfc_14_45_ff&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtA0FzzyC0B0A0FtAyC0FtN0D0Tzu0StCtDyEtCtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyDyEyDzzzyyEzzyBtGyByDtB0AtGyByByByEtG0A0E0DtAtGtB0CyCzztAyDzz0EyByEtAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtAyByB0CtCzz0BtGtA0AzytDtGyEtD0F0FtGzz0CzzyBtG0F0CtAyE0FzzyEyEzzyCzy0F2Q&cr=326973643&ir= StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_45_ff&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtA0FzzyC0B0A0FtAyC0FtN0D0Tzu0StCtDyEtCtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyDyEyDzzzyyEzzyBtGyByDtB0AtGyByByByEtG0A0E0DtAtGtB0CyCzztAyDzz0EyByEtAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtAyByB0CtCzz0BtGtA0AzytDtGyEtD0F0FtGzz0CzzyBtG0F0CtAyE0FzzyEyEzzyCzy0F2Q&cr=326973643&ir= SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_45_ff&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtA0FzzyC0B0A0FtAyC0FtN0D0Tzu0StCtDyEtCtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyDyEyDzzzyyEzzyBtGyByDtB0AtGyByByByEtG0A0E0DtAtGtB0CyCzztAyDzz0EyByEtAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtAyByB0CtCzz0BtGtA0AzytDtGyEtD0F0FtGzz0CzzyBtG0F0CtAyE0FzzyEyEzzyCzy0F2Q&cr=326973643&ir= SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_45_ff&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtA0FzzyC0B0A0FtAyC0FtN0D0Tzu0StCtDyEtCtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyDyEyDzzzyyEzzyBtGyByDtB0AtGyByByByEtG0A0E0DtAtGtB0CyCzztAyDzz0EyByEtAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtAyByB0CtCzz0BtGtA0AzytDtGyEtD0F0FtGzz0CzzyBtG0F0CtAyE0FzzyEyEzzyCzy0F2Q&cr=326973643&ir= SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_45_ff&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtA0FzzyC0B0A0FtAyC0FtN0D0Tzu0StCtDyEtCtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyDyEyDzzzyyEzzyBtGyByDtB0AtGyByByByEtG0A0E0DtAtGtB0CyCzztAyDzz0EyByEtAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtAyByB0CtCzz0BtGtA0AzytDtGyEtD0F0FtGzz0CzzyBtG0F0CtAyE0FzzyEyEzzyCzy0F2Q&cr=326973643&ir= BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: EnterDigital -> {91b8f7a9-1558-40b3-b1e9-824ae5a2089f} -> C:\Program Files (x86)\EnterDigital\EnterDigitalbho.dll (EnterDigital) BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2 FireFox: ======== FF ProfilePath: C:\Users\Raendel\AppData\Roaming\Mozilla\Firefox\Profiles\ffe3z1xb.default-1401574501442 FF DefaultSearchEngine: Astromenda FF SelectedSearchEngine: Astromenda FF Homepage: hxxp://astromenda.com/?f=1&a=ast_ggfc_14_45_ff&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtA0FzzyC0B0A0FtAyC0FtN0D0Tzu0StCtDyEtCtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyDyEyDzzzyyEzzyBtGyByDtB0AtGyByByByEtG0A0E0DtAtGtB0CyCzztAyDzz0EyByEtAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtAyByB0CtCzz0BtGtA0AzytDtGyEtD0F0FtGzz0CzzyBtG0F0CtAyE0FzzyEyEzzyCzy0F2Q&cr=326973643&ir= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH) FF user.js: detected! => C:\Users\Raendel\AppData\Roaming\Mozilla\Firefox\Profiles\ffe3z1xb.default-1401574501442\user.js FF SearchPlugin: C:\Users\Raendel\AppData\Roaming\Mozilla\Firefox\Profiles\ffe3z1xb.default-1401574501442\searchplugins\Astromenda.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: EnterDigital - C:\Users\Raendel\AppData\Roaming\Mozilla\Firefox\Profiles\ffe3z1xb.default-1401574501442\Extensions\{9015bae7-cdbb-4473-a5d0-ecfa559b2ca5}.xpi [2014-11-06] FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn [2014-11-06] FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-05-29] FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-09-25] CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-06-14] CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-09-25] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 HDDHealth; C:\Program Files (x86)\HDD Health\HDDHealthService.exe [17760 2013-03-08] () [File not signed] R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [262968 2014-09-21] (Symantec Corporation) R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation) S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH) R2 Update EnterDigital; C:\Program Files (x86)\EnterDigital\updateEnterDigital.exe [526064 2014-11-06] () S2 ZAPrivacyService; "C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation) S3 BioNTDrv; E:\Programme\program\BioNTDrv.SYS [18696 2014-05-19] (Paragon Software Group) R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07080.017\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-10] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-10] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20141105.001\IDSvia64.sys [633560 2014-10-11] (Symantec Corporation) R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20141105.035\ENG64.SYS [129752 2014-11-04] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20141105.035\EX64.SYS [2137304 2014-11-04] (Symantec Corporation) R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-21] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) U0 tugcsjul; C:\Windows\System32\drivers\oatf.sys [79064 2014-11-06] (Malwarebytes Corporation) R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-05-19] () R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-05-19] () R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700296 2014-05-19] () ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-06 20:25 - 2014-11-06 20:25 - 00001057 _____ () C:\Users\Raendel\Downloads\Defogger - Verknüpfung.lnk 2014-11-06 20:23 - 2014-11-06 20:26 - 00000000 ____D () C:\FRST 2014-11-06 20:23 - 2014-11-06 20:23 - 02114560 _____ (Farbar) C:\Users\Raendel\Downloads\FRST64.exe 2014-11-06 20:18 - 2014-11-06 20:18 - 00000248 _____ () C:\Users\Raendel\Downloads\defogger_enable.log 2014-11-06 20:17 - 2014-11-06 20:20 - 00000476 _____ () C:\Users\Raendel\Downloads\defogger_disable.log 2014-11-06 20:17 - 2014-11-06 20:18 - 00000000 _____ () C:\Users\Raendel\defogger_reenable 2014-11-06 20:15 - 2014-11-06 20:16 - 00050477 _____ () C:\Users\Raendel\Downloads\Defogger.exe 2014-11-06 20:14 - 2014-11-06 20:14 - 00003258 _____ () C:\Windows\System32\Tasks\Digital Sites 2014-11-06 20:14 - 2014-11-06 20:14 - 00000300 _____ () C:\Windows\Tasks\Digital Sites.job 2014-11-06 20:13 - 2014-11-06 20:13 - 00003258 _____ () C:\Windows\System32\Tasks\WSE_Astromenda 2014-11-06 20:13 - 2014-11-06 20:13 - 00000300 _____ () C:\Windows\Tasks\WSE_Astromenda.job 2014-11-06 20:13 - 2014-11-06 20:13 - 00000000 ____D () C:\Users\Raendel\AppData\Roaming\DigitalSites 2014-11-06 20:13 - 2014-11-06 20:13 - 00000000 ____D () C:\Users\Raendel\AppData\Roaming\1H1Q1V1N1N1O1R 2014-11-06 20:13 - 2014-11-06 20:13 - 00000000 ____D () C:\Program Files (x86)\EnterDigital 2014-11-06 20:12 - 2014-11-06 20:13 - 00000000 ____D () C:\Users\Raendel\AppData\Roaming\WSE_Astromenda 2014-11-06 20:12 - 2014-11-06 20:12 - 00001146 _____ () C:\Users\Public\Desktop\FileOpener.lnk 2014-11-06 20:12 - 2014-11-06 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener 2014-11-06 20:12 - 2014-11-06 20:12 - 00000000 ____D () C:\Program Files (x86)\WSE_Astromenda 2014-11-06 20:12 - 2014-11-06 20:12 - 00000000 ____D () C:\Program Files (x86)\Tweaks 2014-11-06 20:09 - 2014-11-06 20:09 - 00811232 _____ ( ) C:\Users\Raendel\Downloads\FileOpenerSetup.exe 2014-11-06 19:56 - 2014-11-06 19:56 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\oatf.sys 2014-11-06 19:56 - 2014-11-06 19:56 - 00000000 ____D () C:\Users\Raendel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte 2014-11-06 19:26 - 2014-11-06 19:26 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-06 19:25 - 2014-11-06 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-11-06 19:25 - 2014-11-06 19:25 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-06 19:25 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-06 19:25 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-06 19:25 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-06 19:22 - 2014-11-06 19:22 - 01125200 _____ () C:\Users\Raendel\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe 2014-11-05 22:32 - 2014-11-05 22:32 - 00025180 _____ () C:\Users\Raendel\AppData\Local\recently-used.xbel 2014-11-05 21:52 - 2014-11-05 21:52 - 00000000 ____D () C:\ProgramData\newbackup 2014-11-05 21:49 - 2014-11-05 21:49 - 00000000 ____D () C:\ProgramData\launcher 2014-11-05 21:43 - 2014-11-05 21:43 - 00001732 _____ () C:\Users\Public\Desktop\Paragon Backup and Recovery™ 2014 Free.lnk 2014-11-05 21:43 - 2014-11-05 21:43 - 00001670 _____ () C:\Users\Public\Desktop\Paragon Recovery Media Builder™.lnk 2014-11-05 21:43 - 2014-11-05 21:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_blockmounter_01_09_00.Wdf 2014-11-05 21:43 - 2014-11-05 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup and Recovery™ 2014 Free 2014-11-05 21:37 - 2014-11-05 21:37 - 00000000 ____D () C:\ProgramData\explauncher 2014-11-05 20:58 - 2014-11-05 20:58 - 01125200 _____ () C:\Users\Raendel\Downloads\Paragon Backup Recovery 2014 Free - CHIP-Installer.exe 2014-11-04 14:03 - 2014-11-04 14:03 - 00000000 ____D () C:\Windows\pss 2014-11-04 13:59 - 2014-11-04 13:59 - 00000017 _____ () C:\Users\Raendel\AppData\Local\resmon.resmoncfg 2014-11-04 13:20 - 2014-11-04 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune 2014-11-04 13:20 - 2014-11-04 13:20 - 00000000 ____D () C:\Program Files (x86)\HD Tune 2014-11-04 13:16 - 2014-11-04 13:19 - 00000000 ____D () C:\Users\Raendel\AppData\Roaming\HDDHealth 2014-11-04 13:15 - 2014-11-04 13:16 - 00000000 ____D () C:\Program Files (x86)\HDD Health 2014-11-04 13:15 - 2014-11-04 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Health 2014-11-04 13:14 - 2014-11-04 13:14 - 04211152 _____ ( ) C:\Users\Kathi Neuneu\Downloads\hddh.exe 2014-11-04 13:13 - 2014-11-04 13:13 - 00642632 _____ (EFD Software ) C:\Users\Kathi Neuneu\Downloads\hdtune_255.exe 2014-11-04 13:06 - 2014-11-04 13:06 - 00000000 ____D () C:\Users\Kathi Neuneu\AppData\Roaming\Mozilla 2014-11-04 13:06 - 2014-11-04 13:06 - 00000000 ____D () C:\Users\Kathi Neuneu\AppData\Local\Mozilla 2014-11-04 13:06 - 2014-11-04 13:06 - 00000000 ____D () C:\Users\Kathi Neuneu\AppData\Local\Macromedia 2014-11-04 13:05 - 2014-11-04 13:05 - 00000000 __SHD () C:\Users\Kathi Neuneu\AppData\Local\EmieUserList 2014-11-04 13:05 - 2014-11-04 13:05 - 00000000 __SHD () C:\Users\Kathi Neuneu\AppData\Local\EmieSiteList 2014-11-04 13:01 - 2014-11-04 13:01 - 00105736 _____ () C:\Users\Kathi Neuneu\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-29 20:50 - 2014-10-29 20:50 - 00000000 ____D () C:\ProgramData\Visan 2014-10-29 20:49 - 2014-10-29 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2014-10-29 20:49 - 2014-10-29 20:49 - 00003642 _____ () C:\Windows\System32\Tasks\HPCustParticipation HP Photosmart 6520 series 2014-10-29 20:49 - 2014-10-29 20:49 - 00002248 _____ () C:\Users\Public\Desktop\HP Photosmart 6520 series.lnk 2014-10-29 20:49 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMAF11.dll 2014-10-29 20:45 - 2014-10-29 20:45 - 00000057 _____ () C:\ProgramData\Ament.ini 2014-10-29 19:59 - 2014-10-29 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2 2014-10-29 19:58 - 2014-10-29 19:59 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2 2014-10-29 19:58 - 2014-10-29 19:58 - 00000000 ____D () C:\Users\Raendel\Documents\PDF Architect 2 2014-10-29 19:57 - 2014-10-29 19:57 - 00001031 _____ () C:\Users\Public\Desktop\PDFCreator.lnk 2014-10-29 19:57 - 2014-10-29 19:57 - 00000000 ____D () C:\Users\Raendel\AppData\Roaming\pdfforge 2014-10-29 19:57 - 2014-10-29 19:57 - 00000000 ____D () C:\ProgramData\PDF Architect 2 2014-10-29 19:57 - 2014-10-29 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator 2014-10-29 19:57 - 2014-10-29 19:57 - 00000000 ____D () C:\Program Files (x86)\PDFCreator 2014-10-29 19:57 - 2014-09-23 09:43 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX 2014-10-29 19:57 - 2014-09-23 09:43 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX 2014-10-29 19:57 - 2014-09-23 09:43 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll 2014-10-29 19:57 - 2014-09-23 09:43 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL 2014-10-29 19:57 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL 2014-10-29 19:57 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL 2014-10-29 19:57 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL 2014-10-29 19:35 - 2014-10-29 19:35 - 27855352 _____ (pdfforge ) C:\Users\Raendel\Downloads\PDFCreator-1_7_3_setup.exe 2014-10-28 20:27 - 2014-10-28 20:27 - 00000000 ____D () C:\Program Files (x86)\Intel 2014-10-28 20:27 - 2014-10-28 20:27 - 00000000 ____D () C:\Intel 2014-10-27 22:40 - 2014-10-27 22:40 - 00000000 ____D () C:\Users\Raendel\Documents\Fax 2014-10-24 14:06 - 2014-10-24 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-10-24 14:06 - 2014-09-26 17:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-10-24 14:06 - 2014-09-26 17:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-10-24 14:06 - 2014-09-26 17:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-10-24 14:06 - 2014-09-26 17:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-10-24 14:05 - 2014-10-24 14:06 - 00004387 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log 2014-10-24 09:31 - 2014-10-24 09:31 - 00000000 ____D () C:\Users\Kathi Neuneu\Documents\Bluetooth-Exchange-Ordner 2014-10-24 09:31 - 2014-10-24 09:31 - 00000000 ____D () C:\Users\Kathi Neuneu\AppData\Local\Broadcom 2014-10-16 09:24 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-16 09:24 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-10-16 09:24 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-10-16 09:24 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-16 09:24 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-16 09:24 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-16 09:24 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-16 09:24 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-16 09:24 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-16 09:23 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-10-16 09:23 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-10-16 09:23 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-10-16 09:23 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-16 09:23 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-16 09:23 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-16 09:23 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-16 09:23 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-16 09:23 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-16 09:23 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-16 09:23 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-16 09:23 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-16 09:23 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-16 09:23 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-16 09:23 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-16 09:23 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-16 09:23 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-16 09:23 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-16 09:23 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-16 09:23 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-16 09:23 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-16 09:23 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-16 09:23 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-16 09:23 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-16 09:23 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-16 09:23 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-16 09:23 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-16 09:23 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-16 09:23 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-16 09:23 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-16 09:23 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-16 09:23 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-16 09:23 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-16 09:23 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-16 09:23 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-16 09:23 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-16 09:23 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-16 09:23 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-16 09:23 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-16 09:23 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-16 09:23 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-16 09:23 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-16 09:23 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-16 09:23 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-16 09:23 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-16 09:23 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-16 09:23 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-16 09:23 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-16 09:23 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-16 09:23 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-16 09:23 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-16 09:23 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-16 09:23 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-16 09:23 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-16 09:23 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-16 09:23 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-16 09:23 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-16 09:23 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-16 09:23 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-16 09:23 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-16 09:23 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-16 09:23 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-16 09:23 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-16 09:23 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-16 09:23 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-16 09:23 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-16 09:23 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-16 09:23 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-16 09:23 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-16 09:23 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-16 09:23 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-16 09:23 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-16 09:23 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-16 09:23 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-16 09:23 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-16 09:23 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-10-16 09:23 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2014-10-16 09:23 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-16 09:23 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-16 09:23 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-16 09:23 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-15 16:25 - 2014-10-15 16:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-08 17:13 - 2014-11-05 21:18 - 00000000 ____D () C:\Users\Raendel\AppData\Roaming\HpUpdate 2014-10-08 17:13 - 2014-10-29 20:50 - 00000000 ____D () C:\ProgramData\HP Photo Creations 2014-10-08 17:13 - 2014-10-29 20:50 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations 2014-10-08 17:12 - 2014-10-29 20:49 - 00000000 ____D () C:\Program Files (x86)\HP 2014-10-08 17:12 - 2014-10-08 17:12 - 00000000 ____D () C:\Program Files\HP 2014-10-08 17:07 - 2014-10-29 20:51 - 00000000 ____D () C:\Users\Raendel\AppData\Local\HP ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-06 20:18 - 2012-11-28 23:15 - 00000000 ____D () C:\Users\Raendel 2014-11-06 20:13 - 2014-02-04 23:58 - 00000000 ____D () C:\Users\Raendel\AppData\Local\CrashDumps 2014-11-06 20:03 - 2012-11-28 00:07 - 02034737 _____ () C:\Windows\WindowsUpdate.log 2014-11-06 19:58 - 2011-04-12 08:43 - 00699682 _____ () C:\Windows\system32\perfh007.dat 2014-11-06 19:58 - 2011-04-12 08:43 - 00149790 _____ () C:\Windows\system32\perfc007.dat 2014-11-06 19:58 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-06 19:56 - 2013-07-03 19:41 - 00000000 ___HD () C:\Users\Raendel\AppData\Roaming\BabSolution 2014-11-06 19:55 - 2013-01-22 17:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-06 19:29 - 2009-07-14 05:45 - 00031872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-06 19:29 - 2009-07-14 05:45 - 00031872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-06 19:20 - 2014-08-16 11:21 - 00006738 _____ () C:\Windows\setupact.log 2014-11-06 19:20 - 2014-06-20 17:16 - 00000330 _____ () C:\Windows\Tasks\GlaryInitialize.job 2014-11-06 19:20 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-06 00:52 - 2013-02-22 23:45 - 00000000 ____D () C:\Users\Raendel\.gimp-2.8 2014-11-05 21:39 - 2014-07-16 10:36 - 00000000 ____D () C:\Users\Raendel\AppData\Local\Downloaded Installations 2014-11-04 15:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-11-04 13:56 - 2013-06-11 06:33 - 00000000 ____D () C:\Windows\Minidump 2014-11-04 13:25 - 2012-11-28 23:16 - 00000000 ___HD () C:\Users\Raendel\AppData\Local\VirtualStore 2014-11-04 13:13 - 2013-04-01 16:48 - 00000000 ____D () C:\Program Files (x86)\Google 2014-10-30 18:06 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-30 18:05 - 2010-11-21 04:47 - 00343074 _____ () C:\Windows\PFRO.log 2014-10-29 20:50 - 2012-11-28 23:36 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard 2014-10-29 20:48 - 2013-02-25 19:30 - 00000000 ____D () C:\ProgramData\HP 2014-10-24 14:06 - 2013-06-24 18:59 - 00000000 ____D () C:\Program Files (x86)\Java 2014-10-24 14:05 - 2013-01-22 17:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-10-24 14:05 - 2012-12-16 14:19 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-10-24 14:05 - 2012-12-16 14:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-10-24 14:03 - 2012-12-15 20:05 - 00000000 ____D () C:\Users\Raendel\AppData\Local\Adobe 2014-10-24 09:31 - 2013-08-29 23:05 - 00001421 _____ () C:\Users\Kathi Neuneu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-10-17 13:42 - 2014-05-31 12:34 - 00000000 ____D () C:\Users\Raendel\AppData\Roaming\vlc 2014-10-17 10:47 - 2009-07-14 05:45 - 00380816 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-17 10:46 - 2014-05-07 06:30 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-16 10:59 - 2013-01-22 15:37 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-16 10:53 - 2013-08-29 21:39 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-16 10:44 - 2012-11-28 23:38 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-16 09:29 - 2013-08-30 00:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-10-14 19:07 - 2014-06-20 17:16 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 2014-10-14 19:07 - 2014-01-08 18:34 - 00000000 ____D () C:\Users\Raendel\AppData\Roaming\Spotify 2014-10-14 19:07 - 2013-11-21 19:16 - 00000000 ____D () C:\ProgramData\Norton 2014-10-14 19:07 - 2013-08-29 23:05 - 00000000 ____D () C:\Users\Kathi Neuneu 2014-10-14 19:07 - 2013-08-29 21:14 - 00000000 ____D () C:\Users\Kathi Neu 2014-10-14 19:07 - 2011-04-12 08:54 - 00000000 __RHD () C:\Users\Public\Recorded TV 2014-10-14 19:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2014-10-14 19:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-10-14 19:04 - 2014-07-16 10:44 - 00000000 ____D () C:\Users\Raendel\AppData\Roaming\Samsung 2014-10-14 19:04 - 2014-07-16 10:39 - 00000000 ____D () C:\Program Files (x86)\Samsung 2014-10-09 16:24 - 2014-07-16 11:56 - 00000000 ____D () C:\Users\Raendel\Documents\SelfMV Some content of TEMP: ==================== C:\Users\Raendel\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\Raendel\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Raendel\AppData\Local\Temp\ose00000.exe C:\Users\Raendel\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-05 00:49 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by Raendel at 2014-11-06 20:27:12
Running from C:\Users\Raendel\Saved Games\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton AntiVirus (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton AntiVirus (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AAVUpdateManager (HKLM-x32\...\{B82157D3-6D31-4650-93B4-FC39BB08D6CE}) (Version: 15.00.0000 - Akademische Arbeitsgemeinschaft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BitGuard (HKLM-x32\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version: - MediaTechSoft Inc.) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 2070 Bluetooth 2.1 + EDR (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
Canon iP4800 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series) (Version: - )
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.0.3661 - CDBurnerXP)
Easy MP3 Cutter 3.0 (HKLM-x32\...\Easy MP3 Cutter_is1) (Version: - ManiacTools.com)
EnterDigital (HKLM\...\EnterDigital) (Version: 2014.11.06.180621 - EnterDigital)
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Extended Update (HKCU\...\Digital Sites) (Version: - Extended Update) <==== ATTENTION
FastStone Image Viewer 4.8 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.8 - FastStone Soft)
File Opener Packages (HKCU\...\File Opener Packages) (Version: - ) <==== ATTENTION
FileOpener (HKLM-x32\...\Tweaks FileOpener) (Version: 1.1.1 - Tweaks)
FileZilla Client 3.7.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.7.0.2 - FileZilla Project)
Free Video Flip and Rotate version 2.1.8.628 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 2.1.8.628 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.35.514 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.35.514 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Glary Utilities 2.56.0.1822 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.56.0.1822 - Glarysoft Ltd)
GMX MediaCenter 1.3.1235.0 (HKCU\...\GMX Application {sync-000021}) (Version: 1.3.1235.0 - 1&1 Mail & Media GmbH)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
HDD Health v4.2 (HKLM-x32\...\HDD Health_is1) (Version: - )
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 6520 series - Grundlegende Software für das Gerät (HKLM\...\{97771E91-1EF5-4EAA-B19E-94901CF363AA}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 6520 series Hilfe (HKLM-x32\...\{CF29A236-2802-415A-AF44-4383892BD804}) (Version: 28.0.0 - Hewlett Packard)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
InfoBibliothek 2 (HKLM-x32\...\{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}) (Version: 1.08.03.00 - Akademische Arbeitsgemeinschaft Verlag Wolters Kluwer GmbH)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.710 - Oracle)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Mp3tag v2.54 (HKLM-x32\...\Mp3tag) (Version: v2.54 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
myphotobook.de (HKLM-x32\...\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.6.0.1047 - myphotobook GmbH)
myphotobook.de (x32 Version: 1.6.0 - myphotobook GmbH) Hidden
Nero 12 (HKLM-x32\...\{95E152CF-0EB5-4BFA-B6EE-8FC7F9601BA5}) (Version: 12.0.02900 - Nero AG)
Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.6.0.32 - Symantec Corporation)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.8.23 - Symantec Corporation)
OLYMPUS Digital Camera Updater (HKLM-x32\...\{A68C62E8-B243-4777-89BB-12173DFA1D45}) (Version: 1.0.1 - OLYMPUS IMAGING CORP.)
Paragon Backup and Recovery™ 2014 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{D691E998-CF53-4F6C-AC20-E4284660E0E7}) (Version: 2.1.6.19758 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - )
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Schroedel Arbeitsblätter (HKLM-x32\...\Schroedel Arbeitsblätter) (Version: - )
Security Task Manager 1.8d (HKLM-x32\...\Security Task Manager) (Version: 1.8d - Neuber Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Steuer-Spar-Erklärung Lehrer 2010 (HKLM-x32\...\{ED96CB56-FD5E-4883-8D2C-7D685B8688E0}) (Version: 15.16 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung Lehrer 2011 (HKLM-x32\...\{7661B93C-C34D-43C2-B23A-AAFC267EFB09}) (Version: 16.17 - Akademische Arbeitsgemeinschaft Verlag)
Studie zur Verbesserung von HP Photosmart 6520 series Produkten (HKLM\...\{A04015F2-20F7-468F-B058-57D7DA8892FC}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Welcome App (Start-up experience) (x32 Version: 12.0.15000 - Nero AG) Hidden
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414) (HKLM\...\7E38E30BB92ED94B21CF062A7386554CBA991FEB) (Version: 12/16/2009 6.2.0.9414 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WSE_Astromenda (HKLM-x32\...\WSE_Astromenda) (Version: - WSE_Astromenda) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
04-11-2014 22:27:33 Geplanter Prüfpunkt
05-11-2014 20:42:05 Installiert Paragon Backup and Recovery™ 2014 Free.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {128303DA-F33E-4617-80BF-7C103DAE0F48} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {16EE56CC-1808-41E1-9AB5-F2FBE99F5320} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-05-27] (Glarysoft Ltd)
Task: {399BE116-2C2D-4448-89FB-9E7B76B3C968} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-24] (Adobe Systems Incorporated)
Task: {4E30C165-4854-447C-9C42-A5BFCC41D973} - \BitGuard No Task File <==== ATTENTION
Task: {73A9F07C-FAD0-47A6-ACA3-08C5C73472FF} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {7DC07FEA-F97A-43B0-9B6B-2C37155F604A} - System32\Tasks\HPCustParticipation HP Photosmart 6520 series => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {8A78E796-8DEA-46B3-AB6D-E1AC5A159527} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {8EF1166E-FB47-43BE-B1F7-B5F810BA8F57} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {964579DC-BC2C-4F4C-9BAB-33BFE9256ECE} - System32\Tasks\Digital Sites => C:\Users\Raendel\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2014-11-06] () <==== ATTENTION
Task: {A0BB5E83-CAFA-4E96-8A2C-3E3F66BC71B2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {AA8FED45-9EBC-47A9-B483-44BA253A6A7A} - System32\Tasks\WSE_Astromenda => C:\Users\Raendel\AppData\Roaming\WSE_Astromenda\UpdateProc\UpdateTask.exe [2014-11-06] ()
Task: {D3DE5C39-2AC5-4371-991B-B89FDD524623} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {FF151A1B-D315-4398-951F-676936F21D2C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Raendel\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\Windows\Tasks\WSE_Astromenda.job => C:\Users\Raendel\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2014-11-04 13:15 - 2013-03-08 09:54 - 00017760 _____ () C:\Program Files (x86)\HDD Health\HDDHealthService.exe
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () E:\Programme\FileZilla FTP Client\fzshellext_64.dll
2009-12-29 13:19 - 2009-12-29 13:19 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2014-11-06 19:08 - 2014-11-06 19:08 - 00526064 _____ () C:\Program Files (x86)\EnterDigital\updateEnterDigital.exe
2014-11-06 20:13 - 2014-11-06 19:08 - 01596656 _____ () C:\Program Files (x86)\EnterDigital\EnterDigital.FirstRun.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-26 16:53 - 2013-05-26 16:53 - 00093696 _____ () E:\Programme\FileZilla FTP Client\fzshellext.dll
2014-10-15 16:25 - 2014-10-15 16:25 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-10-24 14:05 - 2014-10-24 14:05 - 16832176 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HDDHealth.lnk => C:\Windows\pss\HDDHealth.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: GMX Application {sync-000021} => "C:\Users\Raendel\AppData\Local\GMX Application {sync-000021}\gmx_mediacenter.exe" /autostart
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Raendel\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Raendel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-1657621607-3020073833-46604503-500 - Administrator - Disabled)
Gast (S-1-5-21-1657621607-3020073833-46604503-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1657621607-3020073833-46604503-1129 - Limited - Enabled)
Kathi Neu (S-1-5-21-1657621607-3020073833-46604503-1074 - Limited - Enabled) => C:\Users\Kathi Neu
Kathi Neuneu (S-1-5-21-1657621607-3020073833-46604503-1075 - Limited - Enabled) => C:\Users\Kathi Neuneu
Raendel (S-1-5-21-1657621607-3020073833-46604503-1000 - Administrator - Enabled) => C:\Users\Raendel
==================== Faulty Device Manager Devices =============
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/06/2014 08:12:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.0.0.5397, Zeitstempel: 0x543924b1
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.0.0.5397, Zeitstempel: 0x5438ffbb
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x4d4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (11/06/2014 07:20:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/06/2014 05:37:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Check OnIdentifyError" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070057, Falscher Parameter.
.
Vorgang:
PrepareForBackup-Ereignis
Kontext:
Ausführungskontext: ASR Writer
Ausführungskontext: Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {39753715-0a3c-4706-968d-570164164d11}
Fehlerspezifische
Details:
ASR Writer: Falscher Parameter. (0x80070057)
Error: (11/06/2014 05:34:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "IVssAsrWriterBackup::GetDiskComponents" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070057, Falscher Parameter.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: ASR Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {39753715-0a3c-4706-968d-570164164d11}
Error: (11/06/2014 05:20:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "IVssAsrWriterBackup::GetDiskComponents" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070057, Falscher Parameter.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: ASR Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {d048902d-45e7-4495-a467-0fc971298ee5}
Error: (11/06/2014 05:20:12 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "IVssAsrWriterBackup::GetDiskComponents" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070057, Falscher Parameter.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: ASR Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {d048902d-45e7-4495-a467-0fc971298ee5}
Error: (11/06/2014 05:19:23 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "IVssAsrWriterBackup::GetDiskComponents" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070057, Falscher Parameter.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: ASR Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {d048902d-45e7-4495-a467-0fc971298ee5}
Error: (11/06/2014 05:18:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/06/2014 07:27:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/06/2014 07:24:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31341
System errors:
=============
Error: (11/06/2014 07:20:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search Protect Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/06/2014 07:20:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/06/2014 07:20:04 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{bc296843-38e6-11e2-929a-806e6f6e6963}" können nicht gelesen werden.
Error: (11/06/2014 07:19:58 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 06.11.2014 um 19:12:15 unerwartet heruntergefahren.
Error: (11/06/2014 07:13:37 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (11/06/2014 07:13:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Modules Installer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (11/06/2014 07:13:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Modules Installer erreicht.
Error: (11/06/2014 07:13:35 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED}
Error: (11/06/2014 05:17:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search Protect Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/06/2014 05:17:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (11/06/2014 08:12:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.0.0.5397543924b1mozalloc.dll33.0.0.53975438ffbb80000003000014254d401cff9f4a5770614C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlle396fbef-65e8-11e4-a4ed-70f395671c47
Error: (11/06/2014 07:20:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/06/2014 05:37:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Check OnIdentifyError0x80070057, Falscher Parameter.
Vorgang:
PrepareForBackup-Ereignis
Kontext:
Ausführungskontext: ASR Writer
Ausführungskontext: Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {39753715-0a3c-4706-968d-570164164d11}
Fehlerspezifische
Details:
ASR Writer: Falscher Parameter. (0x80070057)
Error: (11/06/2014 05:34:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: IVssAsrWriterBackup::GetDiskComponents0x80070057, Falscher Parameter.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: ASR Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {39753715-0a3c-4706-968d-570164164d11}
Error: (11/06/2014 05:20:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: IVssAsrWriterBackup::GetDiskComponents0x80070057, Falscher Parameter.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: ASR Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {d048902d-45e7-4495-a467-0fc971298ee5}
Error: (11/06/2014 05:20:12 PM) (Source: VSS) (EventID: 8193) (User: )
Description: IVssAsrWriterBackup::GetDiskComponents0x80070057, Falscher Parameter.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: ASR Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {d048902d-45e7-4495-a467-0fc971298ee5}
Error: (11/06/2014 05:19:23 PM) (Source: VSS) (EventID: 8193) (User: )
Description: IVssAsrWriterBackup::GetDiskComponents0x80070057, Falscher Parameter.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: ASR Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {d048902d-45e7-4495-a467-0fc971298ee5}
Error: (11/06/2014 05:18:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/06/2014 07:27:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/06/2014 07:24:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31341
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz
Percentage of memory in use: 48%
Total physical RAM: 3996.27 MB
Available physical RAM: 2057.79 MB
Total Pagefile: 7990.71 MB
Available Pagefile: 5969.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:78.03 GB) (Free:12.76 GB) NTFS
Drive e: (Daten_Linux_Win) (Fixed) (Total:811.37 GB) (Free:504.82 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0004CB02)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=78 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=853.4 GB) - (Type=OF Extended)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-06 21:02:49
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000LM024_HN-M101MBB rev.2AR10002 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Raendel\AppData\Local\Temp\awpcapog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\HDD Health\hddhealth.exe[2468] C:\Windows\SysWOW64\ntdll.dll!LdrAccessResource 0000000077631fc0 5 bytes JMP 0000000100518940
.text C:\Program Files (x86)\HDD Health\hddhealth.exe[2468] C:\Windows\SysWOW64\ntdll.dll!LdrFindResource_U 0000000077631fdd 5 bytes JMP 00000001005188b0
.text C:\Program Files (x86)\HDD Health\hddhealth.exe[2468] C:\Windows\syswow64\KERNELBASE.dll!LoadStringA 0000000075fc4b4e 5 bytes JMP 00000001005187c0
.text C:\Program Files (x86)\HDD Health\hddhealth.exe[2468] C:\Windows\syswow64\KERNELBASE.dll!LoadStringW 0000000075fc4bbb 5 bytes JMP 0000000100518850
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [1832:1904] 000007fef8743438
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f395671c47
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f395671c47@fcc7345cbb5d 0xA2 0xD4 0x58 0x08 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f395671c47@000c8ab64fbf 0x5A 0x40 0x61 0x27 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f395671c47 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f395671c47@fcc7345cbb5d 0xA2 0xD4 0x58 0x08 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f395671c47@000c8ab64fbf 0x5A 0x40 0x61 0x27 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Raendel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paragon Backup and Recovery\x2122 2014 Free\Paragon Recovery Media Builder\x2122.lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup and Recovery\x2122 2014 Free\Paragon Recovery Media Builder\x2122.lnk 1
---- EOF - GMER 2.1 ----
Code:
ATTFilter Scan-Informationen:
Version der Virendefinitionen: 2014.11.05.035
Sequ.-ID der Virendefinitionen: 158682
Scanstatistiken:
Scanstart:
Lokal: 06.11.2014 21:03
UTC: 06.11.2014 20:03
Scanzeit: 8.026 Sekunden
Scanziele: Gesamter Computer
Zähler:
Gescannte Elemente insgesamt: 768.548
– Dateien und Laufwerke: 765.950
– Registrierungseinträge: 521
– Prozesse und Elemente beim Start: 1.478
– Netzwerk- und Browser-Elemente: 591
– Sonstiges: 4
– Vertrauenswürdige Dateien: 14.517
– Übersprungene Dateien: 20.066
Erkannte Sicherheitsrisiken insgesamt: 3
Behobene Elemente insgesamt: 1
Elemente insgesamt, die Aufmerksamkeit erfordern: 2
Behobene Bedrohungen:
Trojan.Zbot
Typ: Komprimiert
Risiko: Hoch (Hoch Verbergen, Hoch Entfernen, Hoch Leistung, Hoch Datenschutz)
Kategorien: Virus
Status: Vollst. behoben
-----------
1 Datei
- Gelöscht
Nicht behobene Bedrohungen:
Astromenda
Typ: Anomalie
Risiko: Gering (Gering Verbergen, Gering Entfernen, Gering Leistung, Gering Datenschutz)
Kategorien: Sicherheitsrisiko
Status: Kein Versuch
-----------
1 Datei
c:\program files (x86)\wse_astromenda\uninstall.exe - Keine Aktion unternommen
1 Browser-Cache
SAPE.Downloader.326
Typ: Anomalie
Risiko: Gering (Gering Verbergen, Gering Entfernen, Gering Leistung, Gering Datenschutz)
Kategorien: Adware
Status: Kein Versuch
-----------
1 Datei
c:\users\raendel\downloads\vlc media player 32 bit - chip-installer.exe - Keine Aktion unternommen
1 Browser-Cache
 Vielen Dank im Voraus für alle, die Zeit und Mühe für mein Problem opfern! Katwell |
|
07.11.2014, 00:25
| #2 |
| Ruhe in Frieden † 2019     | Windows 7 - PC stürzt ab und startet unzuverlässig: Meldung "Non-System disk or disk error..."; Trojaner/Viren oder mechanisches Problem? Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist. Du hast da noch etwas Adware auf dem Rechner, aber deine Beschreibung klingt eher nach nem Hardwaredefekt. Was für eine Festplatte ist in deinem Rechner?
__________________ |
|
07.11.2014, 00:41
| #3 |
| | Windows 7 - PC stürzt ab und startet unzuverlässig: Meldung "Non-System disk or disk error..."; Trojaner/Viren oder mechanisches Problem? Hallo Sandra!
__________________Bei der Festplatte handelt es sich um eine Seagate ST1000LM024. Reicht das als Info? |
|
07.11.2014, 00:45
| #4 |
| Ruhe in Frieden † 2019 | Windows 7 - PC stürzt ab und startet unzuverlässig: Meldung "Non-System disk or disk error..."; Trojaner/Viren oder mechanisches Problem? Hallo, ja das reicht, danke. Bitte lade dir von hier Seatools herunter und teste damit deine Festplatte |
|
07.11.2014, 00:57
| #5 |
| | Windows 7 - PC stürzt ab und startet unzuverlässig: Meldung "Non-System disk or disk error..."; Trojaner/Viren oder mechanisches Problem? Ohje, das war wohl ein Volltreffer! habe nur den Kurztest gemacht bzw. versucht und der ist schon gescheitert: Code:
ATTFilter --------------- SeaTools for Windows v1.2.0.10 ---------------
07.11.2014 00:52:34
Modell: ST1000LM024 HN-M101MBB
Seriennummer: S2TBJA0C139884
Firmware-Revision: 2AR10002
Einfacher Kurztest - Gestartet 07.11.2014 00:52:34
Einfacher Kurztest - Gescheitert 07.11.2014 00:52:36
SeaTools Test Code: 6C9AC2A4
 Ich hoffe, es klappt noch. Soll ich einfach versuchen, meine wichtigen Ordner auf die externe Festplatte zu ziehen, bevor ich weitere Schritte unternehme? |
|
07.11.2014, 01:07
| #6 |
| Ruhe in Frieden † 2019 | Windows 7 - PC stürzt ab und startet unzuverlässig: Meldung "Non-System disk or disk error..."; Trojaner/Viren oder mechanisches Problem? Hallo, die Aussage von SeaTools ist mir zu unspezifisch, kannst du bitte einen weiteren Test mit CrystalDiskInfo machen? Hier
__________________ --> Windows 7 - PC stürzt ab und startet unzuverlässig: Meldung "Non-System disk or disk error..."; Trojaner/Viren oder mechanisches Problem? |
|
07.11.2014, 01:15
| #7 |
| | Windows 7 - PC stürzt ab und startet unzuverlässig: Meldung "Non-System disk or disk error..."; Trojaner/Viren oder mechanisches Problem? Hi, hier wird der Zustand als "gut" bezeichnet. Parameter: Code:
ATTFilter ----------------------------------------------------------------------------
CrystalDiskInfo 6.2.1 (C) 2008-2014 hiyohiyo
Crystal Dew World : hxxp://crystalmark.info/
----------------------------------------------------------------------------
OS : Windows 7 Professional SP1 [6.1 Build 7601] (x64)
Date : 2014/11/07 1:12:54
-- Controller Map ----------------------------------------------------------
+ ATA Channel 0 (0) [ATA]
- ST1000LM024 HN-M101MBB ATA Device
+ ATA Channel 1 (1) [ATA]
- TSSTcorp CDDVDW TS-L633F ATA Device
- ATA Channel 5 (5) [ATA]
+ Standard AHCI 1.0 Serieller-ATA-Controller [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
- ATA Channel 5 (5)
-- Disk List ---------------------------------------------------------------
(1) ST1000LM024 HN-M101MBB : 1000,2 GB [0/0/0, pd1] - st
(2) ST5000DM000-1FK178 : 5000,9 GB [1/X/X, sa1] (V=0BC2, P=3312) - st
----------------------------------------------------------------------------
(1) ST1000LM024 HN-M101MBB
----------------------------------------------------------------------------
Model : ST1000LM024 HN-M101MBB
Firmware : 2AR10002
Serial Number : S2TBJA0C139884
Disk Size : 1000,2 GB (8,4/137,4/1000,2/1000,2)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 1953525168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 6
Transfer Mode : SATA/300 | SATA/300
Power On Hours : 1591 Std.
Power On Count : 2160 mal
Temperature : 49 C (120 F)
Health Status : Gut
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 0080h [OFF]
AAM Level : FE80h [ON]
-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _51 000000000060 Lesefehlerrate
02 252 252 __0 000000000000 Leistungsfähigkeit
03 _89 _89 _25 000000000D85 Beschleunigungszeit
04 _98 _98 __0 00000000083D Start/Stop des Spindels
05 252 252 _10 000000000000 Neu zugewiesene Sektoren
07 252 252 _51 000000000000 Suchfehlerrate
08 252 252 _15 000000000000 Suchzeitleistung
09 100 100 __0 000000000637 Eingeschaltete Stunden
0A 252 252 _51 000000000000 Drehwiederholungen
0B 100 100 __0 0000000000B2 Rekalibrierungswiederholungen
0C _98 _98 __0 000000000870 Ein-/Ausschaltungen
B7 252 252 _10 000000000000 Verkäuferspezifisch
B8 252 252 _48 000000000000 Ende-zu-Ende Fehler
BF 100 100 __0 00000000007C G-Sense Fehlerrate
C0 252 252 __0 000000000000 Ausschaltungsabbrüche
C1 _98 _98 __0 0000000075A3 Laden/Entladen Zyklus
C2 _51 _43 __0 0039000A0031 Temperatur
C3 100 100 __0 000000000000 Hardware ECC wiederhergestellt
C4 252 252 __0 000000000000 Neuzuweisungsereignisse
C5 252 100 __0 000000000000 Aktuell schwebende Sektoren
C6 252 100 __0 000000000000 Unkorrigierbare Sektoren
C7 200 200 __0 000000000000 UltraDMA CRC Fehler
C8 100 100 __0 0000000000C0 Schreibfehlerrate
DF 100 100 __0 0000000000B2 Laden/Entladen Wiederholungen
E1 _98 _98 __0 0000000075A3 Laden/Entladen Zyklus
F1 _95 _94 __0 00000071867D LBA geschrieben (gesamt)
F2 _96 _92 __0 000000674EC3 LBA gelesen (gesamt)
FE 252 252 __0 000000000000 Freifallschutz
-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 5332 5442 4A41 3043 3133 3938 3834
020: 0000 4000 0004 3241 5231 3030 3032 5354 3130 3030
030: 4C4D 3032 3420 484E 2D4D 3130 314D 4242 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0000
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 1F06 0004 004C 0040
080: 01FF 0028 746B 7F69 6123 7469 BE41 6123 017F 006C
090: 006C 0080 FFFE 0000 FE80 0000 0000 0000 0000 0000
100: 6DB0 7470 0000 0000 0000 0000 4000 0000 5000 4CF2
110: 06BE 5CC2 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 3241
130: 5237 7875 6B4D 2E64 3637 0000 0000 0000 0000 0000
140: FFFF 0400 4E19 2100 5C00 9A00 0800 2400 0000 0000
150: 0000 0388 AD1B 0000 1028 0000 4000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0003 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 003F 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 103F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0400 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 D5A5
-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 64 64 60 00 00 00 00 00 00 02 26
010: 00 FC FC 00 00 00 00 00 00 00 03 23 00 59 59 85
020: 0D 00 00 00 00 00 04 32 00 62 62 3D 08 00 00 00
030: 00 00 05 33 00 FC FC 00 00 00 00 00 00 00 07 2E
040: 00 FC FC 00 00 00 00 00 00 00 08 24 00 FC FC 00
050: 00 00 00 00 00 00 09 32 00 64 64 37 06 00 00 00
060: 00 00 0A 32 00 FC FC 00 00 00 00 00 00 00 0B 32
070: 00 64 64 B2 00 00 00 00 00 00 0C 32 00 62 62 70
080: 08 00 00 00 00 00 B7 32 00 FC FC 00 00 00 00 00
090: 00 00 B8 33 00 FC FC 00 00 00 00 00 00 00 BF 22
0A0: 00 64 64 7C 00 00 00 00 00 00 C0 22 00 FC FC 00
0B0: 00 00 00 00 00 00 C1 32 00 62 62 A3 75 00 00 00
0C0: 00 00 C2 02 00 33 2B 31 00 0A 00 39 00 00 C3 3A
0D0: 00 64 64 00 00 00 00 00 00 00 C4 32 00 FC FC 00
0E0: 00 00 00 00 00 00 C5 32 00 FC 64 00 00 00 00 00
0F0: 00 00 C6 30 00 FC 64 00 00 00 00 00 00 00 C7 36
100: 00 C8 C8 00 00 00 00 00 00 00 C8 2A 00 64 64 C0
110: 00 00 00 00 00 00 DF 32 00 64 64 B2 00 00 00 00
120: 00 00 E1 32 00 62 62 A3 75 00 00 00 00 00 F1 32
130: 00 5F 5E 7D 86 71 00 00 00 00 F2 32 00 60 5C C3
140: 4E 67 00 00 00 00 FE 32 00 FC FC 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 82 00 F8 34 00 5B
170: 03 00 01 00 02 E2 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 DB
-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 00 00 00 00 00 00 00 00 00 00 02 00
010: 00 00 00 00 00 00 00 00 00 00 03 19 00 00 00 00
020: 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00
030: 00 00 05 0A 00 00 00 00 00 00 00 00 00 00 07 33
040: 00 00 00 00 00 00 00 00 00 00 08 0F 00 00 00 00
050: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00
060: 00 00 0A 33 00 00 00 00 00 00 00 00 00 00 0B 00
070: 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 00 00
080: 00 00 00 00 00 00 B7 0A 00 00 00 00 00 00 00 00
090: 00 00 B8 30 00 00 00 00 00 00 00 00 00 00 BF 00
0A0: 00 00 00 00 00 00 00 00 00 00 C0 00 00 00 00 00
0B0: 00 00 00 00 00 00 C1 00 00 00 00 00 00 00 00 00
0C0: 00 00 C2 00 00 00 00 00 00 00 00 00 00 00 C3 00
0D0: 00 00 00 00 00 00 00 00 00 00 C4 00 00 00 00 00
0E0: 00 00 00 00 00 00 C5 00 00 00 00 00 00 00 00 00
0F0: 00 00 C6 00 00 00 00 00 00 00 00 00 00 00 C7 00
100: 00 00 00 00 00 00 00 00 00 00 C8 00 00 00 00 00
110: 00 00 00 00 00 00 DF 00 00 00 00 00 00 00 00 00
120: 00 00 E1 00 00 00 00 00 00 00 00 00 00 00 F1 00
130: 00 00 00 00 00 00 00 00 00 00 F2 00 00 00 00 00
140: 00 00 00 00 00 00 FE 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 F0
----------------------------------------------------------------------------
(2) ST5000DM000-1FK178
----------------------------------------------------------------------------
Enclosure : Seagate Expansion Desk USB Device (V=0BC2, P=3312, sa1) - st
Model : ST5000DM000-1FK178
Firmware : CC44
Serial Number : W4J04ZC7
Disk Size : 5000,9 GB (8,4/137,4/5000,9/5000,9)
Buffer Size : 16384 KB
Queue Depth : 32
# of Sectors : 9767541168
Rotation Rate : 5980 RPM
Interface : USB (Serial ATA)
Major Version : ACS-2
Minor Version : ACS-3 Revision 3b
Transfer Mode : SATA/300 | SATA/600
Power On Hours : 9 Std.
Power On Count : 11 mal
Temperature : 24 C (75 F)
Health Status : Gut
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 8080h [ON]
AAM Level : ----
-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 117 100 __6 000007123498 Lesefehlerrate
03 _94 _93 __0 000000000000 Beschleunigungszeit
04 100 100 _20 00000000000B Start/Stop des Spindels
05 100 100 _10 000000000000 Neu zugewiesene Sektoren
07 _60 _60 _30 000000132AF4 Suchfehlerrate
09 100 100 __0 000000000009 Eingeschaltete Stunden
0A 100 100 _97 000000000000 Drehwiederholungen
0C 100 100 _20 00000000000B Ein-/Ausschaltungen
B7 100 100 __0 000000000000 Verkäuferspezifisch
B8 100 100 _99 000000000000 Ende-zu-Ende Fehler
BB 100 100 __0 000000000000 Gemeldete unkorrigierbare Fehler
BC 100 100 __0 000000000000 Befehlszeitüberschreitung
BD 100 100 __0 000000000000 Übergeordnete Schreibvorgänge
BE _76 _51 _45 000018140018 Luftstromtemperatur
BF 100 100 __0 0000000000DA G-Sense Fehlerrate
C0 100 100 __0 000000000004 Ausschaltungsabbrüche
C1 100 100 __0 000000000023 Laden/Entladen Zyklus
C2 _24 _49 __0 001200000018 Temperatur
C3 117 100 __0 000007123498 Hardware ECC wiederhergestellt
C5 100 100 __0 000000000000 Aktuell schwebende Sektoren
C6 100 100 __0 000000000000 Unkorrigierbare Sektoren
C7 200 200 __0 000000000000 UltraDMA CRC Fehler
F0 100 253 __0 4A2A00000007 Kopfpositionierungszeit
F1 100 253 __0 00002AE0B578 LBA geschrieben (gesamt)
F2 100 253 __0 0000002E67B7 LBA gelesen (gesamt)
-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0C5A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 2020 5734 4A30 345A 4337
020: 0000 8000 0000 4343 3434 2020 2020 5354 3530 3030
030: 444D 3030 302D 3146 4B31 3738 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0010
060: FFFF 0FFF 0000 0407 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 8D0E 0024 00CC 0040
080: 03F0 001F 346B 7D69 6163 3469 BC49 6163 007F 8139
090: 8139 8080 FFFE 0000 D0D0 0000 0000 0000 0000 0000
100: D9B0 4630 0002 0000 0000 0000 6003 0000 5000 C500
110: 7C0E 08AB 0000 0000 0000 0000 0000 0000 0000 405C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0021 D9B0
130: 4630 D9B0 4630 2020 0002 0140 0108 5000 3C06 3C0A
140: 0000 003C 0000 0008 0000 0000 BDFF 0280 0000 0000
150: 0008 0000 0000 0000 0000 8000 0000 0185 7900 8000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 3035 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 175C 0000 0000
220: 0000 0000 107F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 8EA5
-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0A 00 01 0F 00 75 64 98 34 12 07 00 00 00 03 03
010: 00 5E 5D 00 00 00 00 00 00 00 04 32 00 64 64 0B
020: 00 00 00 00 00 00 05 33 00 64 64 00 00 00 00 00
030: 00 00 07 0F 00 3C 3C F4 2A 13 00 00 00 00 09 32
040: 00 64 64 09 00 00 00 00 00 00 0A 13 00 64 64 00
050: 00 00 00 00 00 00 0C 32 00 64 64 0B 00 00 00 00
060: 00 00 B7 32 00 64 64 00 00 00 00 00 00 00 B8 32
070: 00 64 64 00 00 00 00 00 00 00 BB 32 00 64 64 00
080: 00 00 00 00 00 00 BC 32 00 64 64 00 00 00 00 00
090: 00 00 BD 3A 00 64 64 00 00 00 00 00 00 00 BE 22
0A0: 00 4C 33 18 00 14 18 00 00 00 BF 32 00 64 64 DA
0B0: 00 00 00 00 00 00 C0 32 00 64 64 04 00 00 00 00
0C0: 00 00 C1 32 00 64 64 23 00 00 00 00 00 00 C2 22
0D0: 00 18 31 18 00 00 00 12 00 00 C3 1A 00 75 64 98
0E0: 34 12 07 00 00 00 C5 12 00 64 64 00 00 00 00 00
0F0: 00 00 C6 10 00 64 64 00 00 00 00 00 00 00 C7 3E
100: 00 C8 C8 00 00 00 00 00 00 00 F0 00 00 64 FD 07
110: 00 00 00 2A 4A 1A F1 00 00 64 FD 78 B5 E0 2A 00
120: 00 00 F2 00 00 64 FD B7 67 2E 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73
170: 03 00 01 00 01 FF 02 71 02 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 03 06 04 08 08 08 08 05
190: 08 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00
1A0: 00 00 00 00 DA 00 00 00 A6 26 77 AF 07 00 00 00
1B0: 00 00 00 00 01 00 0D 00 78 B5 E0 2A 00 00 00 00
1C0: B7 67 2E 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 94 16 00 00 01 00 00 00
1E0: 00 00 00 00 30 82 01 00 00 00 00 00 00 00 03 01
1F0: 00 00 00 00 00 00 00 00 00 00 03 19 00 00 00 63
-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 01 00 01 06 00 00 00 00 00 00 00 00 00 00 03 00
010: 00 00 00 00 00 00 00 00 00 00 04 14 00 00 00 00
020: 00 00 00 00 00 00 05 0A 00 00 00 00 00 00 00 00
030: 00 00 07 1E 00 00 00 00 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 61 00 00 00 00
050: 00 00 00 00 00 00 0C 14 00 00 00 00 00 00 00 00
060: 00 00 B7 00 00 00 00 00 00 00 00 00 00 00 B8 63
070: 00 00 00 00 00 00 00 00 00 00 BB 00 00 00 00 00
080: 00 00 00 00 00 00 BC 00 00 00 00 00 00 00 00 00
090: 00 00 BD 00 00 00 00 00 00 00 00 00 00 00 BE 2D
0A0: 00 00 00 00 00 00 00 00 00 00 BF 00 00 00 00 00
0B0: 00 00 00 00 00 00 C0 00 00 00 00 00 00 00 00 00
0C0: 00 00 C1 00 00 00 00 00 00 00 00 00 00 00 C2 00
0D0: 00 00 00 00 00 00 00 00 00 00 C3 00 00 00 00 00
0E0: 00 00 00 00 00 00 C5 00 00 00 00 00 00 00 00 00
0F0: 00 00 C6 00 00 00 00 00 00 00 00 00 00 00 C7 00
100: 00 00 00 00 00 00 00 00 00 00 F0 00 00 00 00 00
110: 00 00 00 00 00 00 F1 00 00 00 00 00 00 00 00 00
120: 00 00 F2 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3A
|
|
07.11.2014, 01:25
| #8 |
| Ruhe in Frieden † 2019 | Windows 7 - PC stürzt ab und startet unzuverlässig: Meldung "Non-System disk or disk error..."; Trojaner/Viren oder mechanisches Problem? Hallo, ja, das sieht besser aus. Ist das Notebook mal heruntergefallen oder etwas härter aufgekommen? Es kann durchaus sein, dass sich da ein Stecker gelockert hat. Nicht destotrotz solltest du eine Sicherung vornehmen. Wir sollten trotzdem die Adware entfernen: Schritt 1 Bitte deinstalliere folgende Programme (falls vorhanden) : BitGuard Extended Update File Opener Packages WSE_Astromenda Dazu gehe auf: den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen Falls du ein Programm nicht deinstallieren kannst, lade dir von hier den Revo-uninstaller herunter und deinstalliere es damit, wähle dabei den moderaten Modus. Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Starte noch einmal FRST.
|
|
07.11.2014, 01:29
| #9 |
| | Windows 7 - PC stürzt ab und startet unzuverlässig: Meldung "Non-System disk or disk error..."; Trojaner/Viren oder mechanisches Problem? Hi Sandra, an ein Herunterfallen kann ich mich nicht erinnern, aber wer weiß, besonders zimperlich gehe ich damit nicht um. Ich werde deine Anweisungen morgen durchführen, jetzt wird`s Zeit fürs Bett! Vielen Dank schon mal! Echt toll, dass das so schnell ging und ich jetzt weiß, in welche Richtung es gehen könnte. Morgen Nachmittag werde ich die Logs posten. LG, Katwell |
|
07.11.2014, 17:33
| #11 |
| | Windows 7 - PC stürzt ab und startet unzuverlässig: Meldung "Non-System disk or disk error..."; Trojaner/Viren oder mechanisches Problem? Hi Sandra, da bin ich wieder! Hier die Logs: Code:
ATTFilter # AdwCleaner v4.002 - Bericht erstellt am 07/11/2014 um 17:14:22
# DB v2014-11-02.1
# Aktualisiert 27/10/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Raendel - KATHIS-NOTEBOOK
# Gestartet von : C:\Users\Raendel\Downloads\AdwCleaner_4.002.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : {9015bae7-cdbb-4473-a5d0-ecfa559b2ca5}Gw64
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Raendel\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\Raendel\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Raendel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Ordner Gelöscht : C:\Windows\SysWOW64\BrowserDefender
Ordner Gelöscht : C:\Users\Kathi Neu\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Raendel\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Raendel\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\Raendel\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\ProgramData\SecTaskMan
Ordner Gelöscht : C:\Users\Raendel\AppData\Roaming\wse_astromenda
Datei Gelöscht : C:\Windows\System32\\drivers\{9015bae7-cdbb-4473-a5d0-ecfa559b2ca5}Gw64.sys
Datei Gelöscht : C:\Users\Kathi Neuneu\AppData\Roaming\Mozilla\Firefox\Profiles\1bjk9erf.default\searchplugins\astromenda.xml
Datei Gelöscht : C:\Users\Raendel\AppData\Roaming\Mozilla\Firefox\Profiles\ffe3z1xb.default-1401574501442\searchplugins\astromenda.xml
Datei Gelöscht : C:\Users\Raendel\AppData\Roaming\Mozilla\Firefox\Profiles\ffe3z1xb.default-1401574501442\user.js
***** [ Tasks ] *****
Task Gelöscht : BitGuard
Task Gelöscht : Digital Sites
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKCU\Software\f488d1e23fea17
Schlüssel Gelöscht : HKLM\SOFTWARE\f488d1e23fea17
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gelöscht : HKCU\Software\BABSOLUTION
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v33.0.3 (x86 de)
[1bjk9erf.default] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "Astromenda");
[1bjk9erf.default] - Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://astromenda.com/?f=1&a=ast_ggfc_14_45_ff&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtA0FzzyC0B0A0FtAyC0FtN0D0Tzu0StCtDyEtCtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1[...]
*************************
AdwCleaner[R0].txt - [8917 octets] - [07/11/2014 17:12:02]
AdwCleaner[S0].txt - [8197 octets] - [07/11/2014 17:14:22]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8257 octets] ##########
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Raendel (administrator) on KATHIS-NOTEBOOK on 07-11-2014 17:19:53
Running from C:\Users\Raendel\Saved Games\Desktop
Loaded Profile: Raendel (Available profiles: Raendel & Kathi Neu & Kathi Neuneu)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files (x86)\HDD Health\HDDHealthService.exe
() C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\nst.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\nst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
(PANTERASoft) C:\Program Files (x86)\HDD Health\hddhealth.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-03] (Synaptics Incorporated)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1657621607-3020073833-46604503-1000\...\Run: [HP Photosmart 6520 series (NET)] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1657621607-3020073833-46604503-1000\...\Run: [hddhealth] => C:\Program Files (x86)\HDD Health\hddhealth.exe [3246944 2013-03-08] (PANTERASoft)
HKU\S-1-5-21-1657621607-3020073833-46604503-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
FireFox:
========
FF ProfilePath: C:\Users\Raendel\AppData\Roaming\Mozilla\Firefox\Profiles\ffe3z1xb.default-1401574501442
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn [2014-11-07]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-05-29]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-09-25]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-09-25]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 HDDHealth; C:\Program Files (x86)\HDD Health\HDDHealthService.exe [17760 2013-03-08] () [File not signed]
R2 MaintainerSvc6.37.565328; C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exe [123632 2014-11-07] ()
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [262968 2014-09-21] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
S2 ZAPrivacyService; "C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
S3 BioNTDrv; E:\Programme\program\BioNTDrv.SYS [18696 2014-05-19] (Paragon Software Group)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07080.017\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-10] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20141106.001\IDSvia64.sys [633560 2014-10-11] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20141106.035\ENG64.SYS [129752 2014-11-04] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20141106.035\EX64.SYS [2137304 2014-11-04] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-21] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-05-19] ()
R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-05-19] ()
R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700296 2014-05-19] ()
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-07 17:11 - 2014-11-07 17:14 - 00000000 ____D () C:\AdwCleaner
2014-11-07 17:11 - 2014-11-07 17:11 - 01998336 _____ () C:\Users\Raendel\Downloads\AdwCleaner_4.002.exe
2014-11-07 08:59 - 2014-11-07 08:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-07 01:45 - 2014-11-07 16:48 - 00000000 ____D () C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7
2014-11-07 01:08 - 2014-11-07 01:08 - 02817974 _____ () C:\Users\Raendel\Downloads\CrystalDiskInfo6_2_1.zip
2014-11-07 01:02 - 2014-11-07 01:02 - 00000000 ____D () C:\Users\Raendel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-11-07 00:50 - 2014-11-07 00:50 - 00000690 _____ () C:\Users\Public\Desktop\SeaTools for Windows.lnk
2014-11-07 00:49 - 2014-11-07 00:49 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-07 00:49 - 2014-11-07 00:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2014-11-07 00:47 - 2014-11-07 00:47 - 26771088 _____ () C:\Users\Raendel\Downloads\SeaToolsforWindowsSetup.exe
2014-11-07 00:35 - 2014-11-07 00:35 - 00000047 _____ () C:\Users\Raendel\AppData\Roaming\WB.CFG
2014-11-06 20:39 - 2014-11-06 20:39 - 00277408 _____ () C:\Windows\Minidump\110614-31621-01.dmp
2014-11-06 20:29 - 2014-11-06 20:29 - 00380416 _____ () C:\Users\Raendel\Downloads\Gmer-19357.exe
2014-11-06 20:25 - 2014-11-06 20:25 - 00001057 _____ () C:\Users\Raendel\Downloads\Defogger - Verknüpfung.lnk
2014-11-06 20:23 - 2014-11-07 17:19 - 00000000 ____D () C:\FRST
2014-11-06 20:23 - 2014-11-06 20:23 - 02114560 _____ (Farbar) C:\Users\Raendel\Downloads\FRST64.exe
2014-11-06 20:18 - 2014-11-06 20:18 - 00000248 _____ () C:\Users\Raendel\Downloads\defogger_enable.log
2014-11-06 20:17 - 2014-11-06 20:20 - 00000476 _____ () C:\Users\Raendel\Downloads\defogger_disable.log
2014-11-06 20:17 - 2014-11-06 20:18 - 00000000 _____ () C:\Users\Raendel\defogger_reenable
2014-11-06 20:15 - 2014-11-06 20:16 - 00050477 _____ () C:\Users\Raendel\Downloads\Defogger.exe
2014-11-06 20:09 - 2014-11-06 20:09 - 00811232 _____ ( ) C:\Users\Raendel\Downloads\FileOpenerSetup.exe
2014-11-06 19:26 - 2014-11-06 19:26 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-06 19:25 - 2014-11-06 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-11-06 19:25 - 2014-11-06 19:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-06 19:25 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-06 19:25 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-06 19:25 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-06 19:22 - 2014-11-06 19:22 - 01125200 _____ () C:\Users\Raendel\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-11-05 22:32 - 2014-11-05 22:32 - 00025180 _____ () C:\Users\Raendel\AppData\Local\recently-used.xbel
2014-11-05 21:52 - 2014-11-05 21:52 - 00000000 ____D () C:\ProgramData\newbackup
2014-11-05 21:49 - 2014-11-05 21:49 - 00000000 ____D () C:\ProgramData\launcher
2014-11-05 21:43 - 2014-11-05 21:43 - 00001732 _____ () C:\Users\Public\Desktop\Paragon Backup and Recovery™ 2014 Free.lnk
2014-11-05 21:43 - 2014-11-05 21:43 - 00001670 _____ () C:\Users\Public\Desktop\Paragon Recovery Media Builder™.lnk
2014-11-05 21:43 - 2014-11-05 21:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_blockmounter_01_09_00.Wdf
2014-11-05 21:43 - 2014-11-05 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup and Recovery™ 2014 Free
2014-11-05 21:37 - 2014-11-05 21:37 - 00000000 ____D () C:\ProgramData\explauncher
2014-11-05 20:58 - 2014-11-05 20:58 - 01125200 _____ () C:\Users\Raendel\Downloads\Paragon Backup Recovery 2014 Free - CHIP-Installer.exe
2014-11-04 14:03 - 2014-11-04 14:03 - 00000000 ____D () C:\Windows\pss
2014-11-04 13:59 - 2014-11-04 13:59 - 00000017 _____ () C:\Users\Raendel\AppData\Local\resmon.resmoncfg
2014-11-04 13:20 - 2014-11-04 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
2014-11-04 13:20 - 2014-11-04 13:20 - 00000000 ____D () C:\Program Files (x86)\HD Tune
2014-11-04 13:16 - 2014-11-04 13:19 - 00000000 ____D () C:\Users\Raendel\AppData\Roaming\HDDHealth
2014-11-04 13:15 - 2014-11-04 13:16 - 00000000 ____D () C:\Program Files (x86)\HDD Health
2014-11-04 13:15 - 2014-11-04 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Health
2014-11-04 13:14 - 2014-11-04 13:14 - 04211152 _____ ( ) C:\Users\Kathi Neuneu\Downloads\hddh.exe
2014-11-04 13:13 - 2014-11-04 13:13 - 00642632 _____ (EFD Software ) C:\Users\Kathi Neuneu\Downloads\hdtune_255.exe
2014-11-04 13:06 - 2014-11-04 13:06 - 00000000 ____D () C:\Users\Kathi Neuneu\AppData\Roaming\Mozilla
2014-11-04 13:06 - 2014-11-04 13:06 - 00000000 ____D () C:\Users\Kathi Neuneu\AppData\Local\Mozilla
2014-11-04 13:06 - 2014-11-04 13:06 - 00000000 ____D () C:\Users\Kathi Neuneu\AppData\Local\Macromedia
2014-11-04 13:05 - 2014-11-04 13:05 - 00000000 __SHD () C:\Users\Kathi Neuneu\AppData\Local\EmieUserList
2014-11-04 13:05 - 2014-11-04 13:05 - 00000000 __SHD () C:\Users\Kathi Neuneu\AppData\Local\EmieSiteList
2014-11-04 13:01 - 2014-11-04 13:01 - 00105736 _____ () C:\Users\Kathi Neuneu\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-29 20:50 - 2014-10-29 20:50 - 00000000 ____D () C:\ProgramData\Visan
2014-10-29 20:49 - 2014-10-29 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-10-29 20:49 - 2014-10-29 20:49 - 00003642 _____ () C:\Windows\System32\Tasks\HPCustParticipation HP Photosmart 6520 series
2014-10-29 20:49 - 2014-10-29 20:49 - 00002248 _____ () C:\Users\Public\Desktop\HP Photosmart 6520 series.lnk
2014-10-29 20:49 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMAF11.dll
2014-10-29 20:45 - 2014-10-29 20:45 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-10-29 19:59 - 2014-10-29 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-10-29 19:58 - 2014-10-29 19:59 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2
2014-10-29 19:58 - 2014-10-29 19:58 - 00000000 ____D () C:\Users\Raendel\Documents\PDF Architect 2
2014-10-29 19:57 - 2014-10-29 19:57 - 00001031 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-10-29 19:57 - 2014-10-29 19:57 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-10-29 19:57 - 2014-10-29 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-10-29 19:57 - 2014-10-29 19:57 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-10-29 19:57 - 2014-09-23 09:43 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2014-10-29 19:57 - 2014-09-23 09:43 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2014-10-29 19:57 - 2014-09-23 09:43 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2014-10-29 19:57 - 2014-09-23 09:43 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2014-10-29 19:57 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2014-10-29 19:57 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2014-10-29 19:57 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2014-10-29 19:35 - 2014-10-29 19:35 - 27855352 _____ (pdfforge ) C:\Users\Raendel\Downloads\PDFCreator-1_7_3_setup.exe
2014-10-28 20:27 - 2014-10-28 20:27 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-10-28 20:27 - 2014-10-28 20:27 - 00000000 ____D () C:\Intel
2014-10-27 22:40 - 2014-10-27 22:40 - 00000000 ____D () C:\Users\Raendel\Documents\Fax
2014-10-24 14:06 - 2014-10-24 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-24 14:06 - 2014-09-26 17:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-24 14:06 - 2014-09-26 17:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-24 14:06 - 2014-09-26 17:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-24 14:06 - 2014-09-26 17:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-24 14:05 - 2014-10-24 14:06 - 00004387 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-10-24 09:31 - 2014-10-24 09:31 - 00000000 ____D () C:\Users\Kathi Neuneu\Documents\Bluetooth-Exchange-Ordner
2014-10-24 09:31 - 2014-10-24 09:31 - 00000000 ____D () C:\Users\Kathi Neuneu\AppData\Local\Broadcom
2014-10-16 09:24 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 09:24 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-16 09:24 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-16 09:24 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 09:24 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 09:24 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 09:24 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 09:24 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 09:24 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 09:23 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 09:23 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 09:23 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 09:23 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 09:23 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 09:23 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 09:23 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 09:23 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 09:23 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 09:23 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 09:23 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 09:23 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 09:23 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 09:23 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 09:23 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 09:23 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 09:23 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 09:23 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 09:23 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 09:23 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 09:23 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 09:23 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 09:23 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 09:23 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 09:23 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 09:23 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 09:23 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 09:23 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 09:23 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 09:23 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 09:23 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 09:23 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 09:23 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 09:23 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 09:23 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 09:23 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 09:23 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 09:23 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 09:23 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 09:23 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 09:23 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 09:23 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 09:23 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 09:23 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 09:23 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 09:23 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 09:23 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 09:23 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 09:23 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 09:23 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 09:23 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 09:23 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 09:23 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 09:23 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 09:23 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 09:23 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 09:23 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 09:23 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 09:23 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 09:23 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 09:23 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 09:23 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 09:23 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 09:23 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 09:23 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 09:23 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 09:23 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 09:23 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 09:23 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 09:23 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 09:23 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 09:23 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 09:23 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 09:23 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 09:23 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 09:23 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 09:23 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 09:23 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 09:23 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 09:23 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 09:23 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-08 17:13 - 2014-11-05 21:18 - 00000000 ____D () C:\Users\Raendel\AppData\Roaming\HpUpdate
2014-10-08 17:13 - 2014-10-29 20:50 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-10-08 17:13 - 2014-10-29 20:50 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-10-08 17:12 - 2014-10-29 20:49 - 00000000 ____D () C:\Program Files (x86)\HP
2014-10-08 17:12 - 2014-10-08 17:12 - 00000000 ____D () C:\Program Files\HP
2014-10-08 17:07 - 2014-10-29 20:51 - 00000000 ____D () C:\Users\Raendel\AppData\Local\HP
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-07 17:18 - 2014-06-20 17:16 - 00000330 _____ () C:\Windows\Tasks\GlaryInitialize.job
2014-11-07 17:17 - 2014-08-16 11:21 - 00006953 _____ () C:\Windows\setupact.log
2014-11-07 17:17 - 2013-08-30 00:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-07 17:17 - 2010-11-21 04:47 - 00380520 _____ () C:\Windows\PFRO.log
2014-11-07 17:17 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-07 17:15 - 2012-11-28 00:07 - 02083773 _____ () C:\Windows\WindowsUpdate.log
2014-11-07 16:55 - 2013-01-22 17:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-07 13:19 - 2009-07-14 03:34 - 00000505 _____ () C:\Windows\win.ini
2014-11-07 01:08 - 2011-04-12 08:43 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-11-07 01:08 - 2011-04-12 08:43 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-11-07 01:08 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-06 20:46 - 2009-07-14 05:45 - 00031872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-06 20:46 - 2009-07-14 05:45 - 00031872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-06 20:39 - 2013-06-11 06:33 - 00000000 ____D () C:\Windows\Minidump
2014-11-06 20:18 - 2012-11-28 23:15 - 00000000 ____D () C:\Users\Raendel
2014-11-06 20:13 - 2014-02-04 23:58 - 00000000 ____D () C:\Users\Raendel\AppData\Local\CrashDumps
2014-11-06 00:52 - 2013-02-22 23:45 - 00000000 ____D () C:\Users\Raendel\.gimp-2.8
2014-11-05 21:39 - 2014-07-16 10:36 - 00000000 ____D () C:\Users\Raendel\AppData\Local\Downloaded Installations
2014-11-04 15:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-04 13:25 - 2012-11-28 23:16 - 00000000 ___HD () C:\Users\Raendel\AppData\Local\VirtualStore
2014-11-04 13:13 - 2013-04-01 16:48 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-30 18:06 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-29 20:50 - 2012-11-28 23:36 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-10-29 20:48 - 2013-02-25 19:30 - 00000000 ____D () C:\ProgramData\HP
2014-10-24 14:06 - 2013-06-24 18:59 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-24 14:05 - 2013-01-22 17:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-24 14:05 - 2012-12-16 14:19 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-24 14:05 - 2012-12-16 14:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-24 14:03 - 2012-12-15 20:05 - 00000000 ____D () C:\Users\Raendel\AppData\Local\Adobe
2014-10-24 09:31 - 2013-08-29 23:05 - 00001421 _____ () C:\Users\Kathi Neuneu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-17 13:42 - 2014-05-31 12:34 - 00000000 ____D () C:\Users\Raendel\AppData\Roaming\vlc
2014-10-17 10:47 - 2009-07-14 05:45 - 00380816 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 10:46 - 2014-05-07 06:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 10:59 - 2013-01-22 15:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 10:53 - 2013-08-29 21:39 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 10:44 - 2012-11-28 23:38 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 19:07 - 2014-06-20 17:16 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities
2014-10-14 19:07 - 2014-01-08 18:34 - 00000000 ____D () C:\Users\Raendel\AppData\Roaming\Spotify
2014-10-14 19:07 - 2013-11-21 19:16 - 00000000 ____D () C:\ProgramData\Norton
2014-10-14 19:07 - 2013-08-29 23:05 - 00000000 ____D () C:\Users\Kathi Neuneu
2014-10-14 19:07 - 2013-08-29 21:14 - 00000000 ____D () C:\Users\Kathi Neu
2014-10-14 19:07 - 2011-04-12 08:54 - 00000000 __RHD () C:\Users\Public\Recorded TV
2014-10-14 19:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-10-14 19:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-14 19:04 - 2014-07-16 10:44 - 00000000 ____D () C:\Users\Raendel\AppData\Roaming\Samsung
2014-10-14 19:04 - 2014-07-16 10:39 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-10-09 16:24 - 2014-07-16 11:56 - 00000000 ____D () C:\Users\Raendel\Documents\SelfMV
Some content of TEMP:
====================
C:\Users\Raendel\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Raendel\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Raendel\AppData\Local\Temp\ose00000.exe
C:\Users\Raendel\AppData\Local\Temp\Quarantine.exe
C:\Users\Raendel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Raendel\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-05 00:49
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by Raendel at 2014-11-07 17:27:24
Running from C:\Users\Raendel\Saved Games\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton AntiVirus (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton AntiVirus (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AAVUpdateManager (HKLM-x32\...\{B82157D3-6D31-4650-93B4-FC39BB08D6CE}) (Version: 15.00.0000 - Akademische Arbeitsgemeinschaft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 2070 Bluetooth 2.1 + EDR (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
Canon iP4800 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series) (Version: - )
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.0.3661 - CDBurnerXP)
Easy MP3 Cutter 3.0 (HKLM-x32\...\Easy MP3 Cutter_is1) (Version: - ManiacTools.com)
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
FastStone Image Viewer 4.8 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.8 - FastStone Soft)
FileZilla Client 3.7.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.7.0.2 - FileZilla Project)
Free Video Flip and Rotate version 2.1.8.628 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 2.1.8.628 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.35.514 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.35.514 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Glary Utilities 2.56.0.1822 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.56.0.1822 - Glarysoft Ltd)
GMX MediaCenter 1.3.1235.0 (HKCU\...\GMX Application {sync-000021}) (Version: 1.3.1235.0 - 1&1 Mail & Media GmbH)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
HDD Health v4.2 (HKLM-x32\...\HDD Health_is1) (Version: - )
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 6520 series - Grundlegende Software für das Gerät (HKLM\...\{97771E91-1EF5-4EAA-B19E-94901CF363AA}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 6520 series Hilfe (HKLM-x32\...\{CF29A236-2802-415A-AF44-4383892BD804}) (Version: 28.0.0 - Hewlett Packard)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
InfoBibliothek 2 (HKLM-x32\...\{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}) (Version: 1.08.03.00 - Akademische Arbeitsgemeinschaft Verlag Wolters Kluwer GmbH)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.710 - Oracle)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Mozilla Firefox 33.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 de)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Mp3tag v2.54 (HKLM-x32\...\Mp3tag) (Version: v2.54 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
myphotobook.de (HKLM-x32\...\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.6.0.1047 - myphotobook GmbH)
myphotobook.de (x32 Version: 1.6.0 - myphotobook GmbH) Hidden
Nero 12 (HKLM-x32\...\{95E152CF-0EB5-4BFA-B6EE-8FC7F9601BA5}) (Version: 12.0.02900 - Nero AG)
Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.6.0.32 - Symantec Corporation)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.8.23 - Symantec Corporation)
OLYMPUS Digital Camera Updater (HKLM-x32\...\{A68C62E8-B243-4777-89BB-12173DFA1D45}) (Version: 1.0.1 - OLYMPUS IMAGING CORP.)
Paragon Backup and Recovery™ 2014 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{D691E998-CF53-4F6C-AC20-E4284660E0E7}) (Version: 2.1.6.19758 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - )
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Schroedel Arbeitsblätter (HKLM-x32\...\Schroedel Arbeitsblätter) (Version: - )
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version: - Seagate Technology)
Security Task Manager 1.8d (HKLM-x32\...\Security Task Manager) (Version: 1.8d - Neuber Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Steuer-Spar-Erklärung Lehrer 2010 (HKLM-x32\...\{ED96CB56-FD5E-4883-8D2C-7D685B8688E0}) (Version: 15.16 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung Lehrer 2011 (HKLM-x32\...\{7661B93C-C34D-43C2-B23A-AAFC267EFB09}) (Version: 16.17 - Akademische Arbeitsgemeinschaft Verlag)
Studie zur Verbesserung von HP Photosmart 6520 series Produkten (HKLM\...\{A04015F2-20F7-468F-B058-57D7DA8892FC}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Welcome App (Start-up experience) (x32 Version: 12.0.15000 - Nero AG) Hidden
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414) (HKLM\...\7E38E30BB92ED94B21CF062A7386554CBA991FEB) (Version: 12/16/2009 6.2.0.9414 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
04-11-2014 22:27:33 Geplanter Prüfpunkt
05-11-2014 20:42:05 Installiert Paragon Backup and Recovery™ 2014 Free.
06-11-2014 23:49:19 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {128303DA-F33E-4617-80BF-7C103DAE0F48} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {16EE56CC-1808-41E1-9AB5-F2FBE99F5320} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-05-27] (Glarysoft Ltd)
Task: {399BE116-2C2D-4448-89FB-9E7B76B3C968} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-24] (Adobe Systems Incorporated)
Task: {73A9F07C-FAD0-47A6-ACA3-08C5C73472FF} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {7DC07FEA-F97A-43B0-9B6B-2C37155F604A} - System32\Tasks\HPCustParticipation HP Photosmart 6520 series => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {8A78E796-8DEA-46B3-AB6D-E1AC5A159527} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {8EF1166E-FB47-43BE-B1F7-B5F810BA8F57} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {A0BB5E83-CAFA-4E96-8A2C-3E3F66BC71B2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {D3DE5C39-2AC5-4371-991B-B89FDD524623} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {FF151A1B-D315-4398-951F-676936F21D2C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
==================== Loaded Modules (whitelisted) =============
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2014-11-04 13:15 - 2013-03-08 09:54 - 00017760 _____ () C:\Program Files (x86)\HDD Health\HDDHealthService.exe
2014-11-07 01:31 - 2014-11-07 16:48 - 00123632 _____ () C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exe
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () E:\Programme\FileZilla FTP Client\fzshellext_64.dll
2009-12-29 13:19 - 2009-12-29 13:19 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-26 16:53 - 2013-05-26 16:53 - 00093696 _____ () E:\Programme\FileZilla FTP Client\fzshellext.dll
2014-11-07 08:59 - 2014-11-07 08:59 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HDDHealth.lnk => C:\Windows\pss\HDDHealth.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: GMX Application {sync-000021} => "C:\Users\Raendel\AppData\Local\GMX Application {sync-000021}\gmx_mediacenter.exe" /autostart
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Raendel\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Raendel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-1657621607-3020073833-46604503-500 - Administrator - Disabled)
Gast (S-1-5-21-1657621607-3020073833-46604503-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1657621607-3020073833-46604503-1129 - Limited - Enabled)
Kathi Neu (S-1-5-21-1657621607-3020073833-46604503-1074 - Limited - Enabled) => C:\Users\Kathi Neu
Kathi Neuneu (S-1-5-21-1657621607-3020073833-46604503-1075 - Limited - Enabled) => C:\Users\Kathi Neuneu
Raendel (S-1-5-21-1657621607-3020073833-46604503-1000 - Administrator - Enabled) => C:\Users\Raendel
==================== Faulty Device Manager Devices =============
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/07/2014 05:18:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2014 00:49:20 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "IVssAsrWriterBackup::GetDiskComponents" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070057, Falscher Parameter.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: ASR Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {66d87e44-4145-4523-81ef-b125bec654fe}
Error: (11/06/2014 08:40:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/06/2014 08:12:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.0.0.5397, Zeitstempel: 0x543924b1
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.0.0.5397, Zeitstempel: 0x5438ffbb
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x4d4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (11/06/2014 07:20:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/06/2014 05:37:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Check OnIdentifyError" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070057, Falscher Parameter.
.
Vorgang:
PrepareForBackup-Ereignis
Kontext:
Ausführungskontext: ASR Writer
Ausführungskontext: Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {39753715-0a3c-4706-968d-570164164d11}
Fehlerspezifische
Details:
ASR Writer: Falscher Parameter. (0x80070057)
Error: (11/06/2014 05:34:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "IVssAsrWriterBackup::GetDiskComponents" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070057, Falscher Parameter.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: ASR Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {39753715-0a3c-4706-968d-570164164d11}
Error: (11/06/2014 05:20:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "IVssAsrWriterBackup::GetDiskComponents" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070057, Falscher Parameter.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: ASR Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {d048902d-45e7-4495-a467-0fc971298ee5}
Error: (11/06/2014 05:20:12 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "IVssAsrWriterBackup::GetDiskComponents" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070057, Falscher Parameter.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: ASR Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {d048902d-45e7-4495-a467-0fc971298ee5}
Error: (11/06/2014 05:19:23 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "IVssAsrWriterBackup::GetDiskComponents" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070057, Falscher Parameter.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: ASR Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {d048902d-45e7-4495-a467-0fc971298ee5}
System errors:
=============
Error: (11/07/2014 05:18:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/07/2014 05:17:55 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{bc296843-38e6-11e2-929a-806e6f6e6963}" können nicht gelesen werden.
Error: (11/07/2014 05:04:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Update EnterDigital" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/07/2014 05:04:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Util EnterDigital" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/06/2014 08:39:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/06/2014 08:39:34 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{bc296843-38e6-11e2-929a-806e6f6e6963}" können nicht gelesen werden.
Error: (11/06/2014 08:39:23 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000109 (0xa3a039d89cc6a9e4, 0xb3b7465eef44e45e, 0xfffff80000b95080, 0x0000000000000002)C:\Windows\MEMORY.DMP110614-31621-01
Error: (11/06/2014 08:39:07 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 06.11.2014 um 20:38:00 unerwartet heruntergefahren.
Error: (11/06/2014 07:20:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search Protect Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/06/2014 07:20:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (11/07/2014 05:18:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/07/2014 00:49:20 AM) (Source: VSS) (EventID: 8193) (User: )
Description: IVssAsrWriterBackup::GetDiskComponents0x80070057, Falscher Parameter.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: ASR Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {66d87e44-4145-4523-81ef-b125bec654fe}
Error: (11/06/2014 08:40:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/06/2014 08:12:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.0.0.5397543924b1mozalloc.dll33.0.0.53975438ffbb80000003000014254d401cff9f4a5770614C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlle396fbef-65e8-11e4-a4ed-70f395671c47
Error: (11/06/2014 07:20:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/06/2014 05:37:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Check OnIdentifyError0x80070057, Falscher Parameter.
Vorgang:
PrepareForBackup-Ereignis
Kontext:
Ausführungskontext: ASR Writer
Ausführungskontext: Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {39753715-0a3c-4706-968d-570164164d11}
Fehlerspezifische
Details:
ASR Writer: Falscher Parameter. (0x80070057)
Error: (11/06/2014 05:34:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: IVssAsrWriterBackup::GetDiskComponents0x80070057, Falscher Parameter.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: ASR Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {39753715-0a3c-4706-968d-570164164d11}
Error: (11/06/2014 05:20:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: IVssAsrWriterBackup::GetDiskComponents0x80070057, Falscher Parameter.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: ASR Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {d048902d-45e7-4495-a467-0fc971298ee5}
Error: (11/06/2014 05:20:12 PM) (Source: VSS) (EventID: 8193) (User: )
Description: IVssAsrWriterBackup::GetDiskComponents0x80070057, Falscher Parameter.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: ASR Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {d048902d-45e7-4495-a467-0fc971298ee5}
Error: (11/06/2014 05:19:23 PM) (Source: VSS) (EventID: 8193) (User: )
Description: IVssAsrWriterBackup::GetDiskComponents0x80070057, Falscher Parameter.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: ASR Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {d048902d-45e7-4495-a467-0fc971298ee5}
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz
Percentage of memory in use: 56%
Total physical RAM: 3996.27 MB
Available physical RAM: 1755.17 MB
Total Pagefile: 7990.71 MB
Available Pagefile: 5906.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:78.03 GB) (Free:11.71 GB) NTFS
Drive e: (Daten_Linux_Win) (Fixed) (Total:811.37 GB) (Free:504.77 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0004CB02)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=78 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=853.4 GB) - (Type=OF Extended)
==================== End Of Log ============================
 LG, Katwell |
|
08.11.2014, 23:07
| #12 |
| Ruhe in Frieden † 2019 | Windows 7 - PC stürzt ab und startet unzuverlässig: Meldung "Non-System disk or disk error..."; Trojaner/Viren oder mechanisches Problem? Hallo, was macht die Festplatte? Deinstalliere bitte noch Java 7 Update 71 Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 3 Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern  ESET Online Scanner
Schritt 4 Starte noch einmal FRST.
|
|
09.11.2014, 14:43
| #13 |
| | Windows 7 - PC stürzt ab und startet unzuverlässig: Meldung "Non-System disk or disk error..."; Trojaner/Viren oder mechanisches Problem? Hi! Nachdem mein Rechner gestern auch aus dem Sleep-Modus nicht mehr zu wecken war und mich nur mit dem Klackern der Festplatte beglückte, habe ich es erstmal aufgegeben, weil ich weg musste. Heute Morgen ging es erst auch nicht, aber nachdem ich den Rechner einmal umgedreht hatte um mir schon mal die Schrauben des Festplattensteckplatzes anzuschauen (ich traue mich noch nicht so ans aufschrauben  ), ging er dann wieder. Mit dem mechanischen Fehler scheinst du also Recht zu haben. Ich besorge mir heute mal kleine Schraubendreher und werde es wagen, nach den Steckern zu schauen... oder sollte ich damit doch lieber zu einem Experten gehen?! Nun aber erstmal das Fixlog-file: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-11-2014 01
Ran by Raendel at 2014-11-09 10:30:43 Run:1
Running from C:\Users\Raendel\Saved Games\Desktop
Loaded Profile: Raendel (Available profiles: Raendel & Kathi Neu & Kathi Neuneu)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7
*****************
C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7 => Moved successfully.
==== End of Fixlog ====
Die Auswertung kommt gleich. LG Hier die Auswertung von Malwarebites: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 09.11.2014 Suchlauf-Zeit: 10:38:56 Logdatei: mbam.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.11.09.02 Rootkit Datenbank: v2014.11.08.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Raendel Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 418367 Verstrichene Zeit: 27 Min, 44 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 1 PUP.Optional.MaintainerSvc.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MaintainerSvc6.37.565328, In Quarantäne, [0ea8dd5c1c6021155a5f2e791ce8d030], Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 2 PUP.Optional.BPlug, C:\Users\Raendel\AppData\Local\Temp\is765589038\147F230B_stp.EXE, In Quarantäne, [585ebb7eeb9125119d0cf7cb10f1ed13], PUP.Optional.InstalLCore, C:\Users\Raendel\AppData\Local\Temp\is765589038\52614A36_stp.EXE, In Quarantäne, [5d59db5e007c7fb7252ba27ccd38ff01], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end)  Soo... es hat für mehrere Kaffee gereicht ;-) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e728fc7bf1827f4aa9d7968ef0b60bdb
# engine=21002
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-09 12:54:00
# local_time=2014-11-09 01:54:00 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Norton AntiVirus'
# compatibility_mode=3599 16777213 100 100 3537797 234527026 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 30479180 167167490 0 0
# scanned=331903
# found=24
# cleaned=0
# scan_time=8649
sh=7AD5C0518EBA84F472220C18061EB3A905971210 ft=1 fh=5c073c24e8e7f306 vn="Variante von Win64/BrowseFox.CG evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{9015bae7-cdbb-4473-a5d0-ecfa559b2ca5}Gw64.sys.vir"
sh=9BE25A868F6BC6F1F04D2FF5F19B97A25D4893DF ft=1 fh=118588c59862d9f9 vn="Win32/BrowseFox.V evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.bak"
sh=70CE4D6B0CFD0B77E7450CBAC8B4282680120E4F ft=1 fh=45bef3de74f019d8 vn="Win32/BrowseFox.V evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exe"
sh=83862B51062A3A5F521BCE6AFB8228AF44B87BA1 ft=0 fh=0000000000000000 vn="Win32/bProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js"
sh=B709DBD7DDBE11A383A5B843E75A0BF5A05AA9D3 ft=1 fh=dadd8eabfe5a6bbe vn="Win32/InstallCore.BN evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kathi Neu\Downloads\ImageEditorSetup.exe"
sh=3A6502D209BEF43D373564174C23BC195354531A ft=1 fh=53d5926d9f21d5b8 vn="Variante von Win32/OpenInstall evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kathi Neu\Downloads\norddruck.exe"
sh=D0357617961BF3D526BEFAAB0048CBB983EA4DF9 ft=1 fh=c604c933e8b9509f vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kathi Neu\Downloads\PDFCreator-1_7_0_setup(1).exe"
sh=D0357617961BF3D526BEFAAB0048CBB983EA4DF9 ft=1 fh=c604c933e8b9509f vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kathi Neu\Downloads\PDFCreator-1_7_0_setup.exe"
sh=E0814D0F17EE1122F6D3507DC676030F8E1CC133 ft=1 fh=0e0f46db8e6ee8c4 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Raendel\AppData\Local\Temp\226F07AE-BAB0-7891-9FAD-9467E85590FF\Latest\BabMaint.exe"
sh=E2BA5F8A7BD2BAF32FF31730BAD873C8E7957030 ft=1 fh=6e8622963c31f56a vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Raendel\AppData\Local\Temp\226F07AE-BAB0-7891-9FAD-9467E85590FF\Latest\BUSolution.dll"
sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Raendel\AppData\Local\Temp\226F07AE-BAB0-7891-9FAD-9467E85590FF\Latest\IEHelper.dll"
sh=B7BCAF66B2BB0CA2EE89D16A94A4D4C4BB1CE025 ft=1 fh=9dabbe262182f2d2 vn="Variante von Win32/Toolbar.Babylon.V evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Raendel\AppData\Local\Temp\226F07AE-BAB0-7891-9FAD-9467E85590FF\Latest\MntrDLLInstall.dll"
sh=2DAAB83B0439BC76845E58F3F7DDB84EE8E210C4 ft=1 fh=855a37aa5dbeb36f vn="Win32/InstallCore.PC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Raendel\AppData\Local\Temp\73451292.Uninstall\uninstaller.exe"
sh=2DAAB83B0439BC76845E58F3F7DDB84EE8E210C4 ft=1 fh=855a37aa5dbeb36f vn="Win32/InstallCore.PC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Raendel\AppData\Local\Temp\73580960.Uninstall\uninstaller.exe"
sh=2DAAB83B0439BC76845E58F3F7DDB84EE8E210C4 ft=1 fh=855a37aa5dbeb36f vn="Win32/InstallCore.PC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Raendel\AppData\Local\Temp\73591209.Uninstall\uninstaller.exe"
sh=2DAAB83B0439BC76845E58F3F7DDB84EE8E210C4 ft=1 fh=855a37aa5dbeb36f vn="Win32/InstallCore.PC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Raendel\AppData\Local\Temp\is765589038\5D4B7A38_stp\uninstaller.exe"
sh=787E969B7C7A943CE84C118997D4D1B73AB4E49B ft=1 fh=0a175d9f8772ecfc vn="Win32/InstallMonetizer.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Raendel\AppData\Local\Temp\nseBBD3.tmp\nsManeshWeb.dll"
sh=E0814D0F17EE1122F6D3507DC676030F8E1CC133 ft=1 fh=0e0f46db8e6ee8c4 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Raendel\AppData\Local\Temp\updFF66\BabMaint.x"
sh=7664F6A327E5201011200E703489577A0971AB77 ft=1 fh=c71c0011451c6a93 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Raendel\AppData\Local\Temp\updFF66\BUSolution.x"
sh=B709DBD7DDBE11A383A5B843E75A0BF5A05AA9D3 ft=1 fh=dadd8eabfe5a6bbe vn="Win32/InstallCore.BN evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Raendel\Downloads\ImageEditorSetup.exe"
sh=3A6502D209BEF43D373564174C23BC195354531A ft=1 fh=53d5926d9f21d5b8 vn="Variante von Win32/OpenInstall evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Raendel\Downloads\norddruck.exe"
sh=D0357617961BF3D526BEFAAB0048CBB983EA4DF9 ft=1 fh=c604c933e8b9509f vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Raendel\Downloads\PDFCreator-1_7_0_setup(1).exe"
sh=D0357617961BF3D526BEFAAB0048CBB983EA4DF9 ft=1 fh=c604c933e8b9509f vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Raendel\Downloads\PDFCreator-1_7_0_setup.exe"
sh=534999ED85CB0AE3C21385B37B538044EA2AB339 ft=1 fh=28e16a9d033375cd vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Raendel\Downloads\PDFCreator-1_7_3_setup.exe"
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-11-2014 01
Ran by Raendel (administrator) on KATHIS-NOTEBOOK on 09-11-2014 14:32:24
Running from C:\Users\Raendel\Saved Games\Desktop
Loaded Profile: Raendel (Available profiles: Raendel & Kathi Neu & Kathi Neuneu)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files (x86)\HDD Health\HDDHealthService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\nst.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\nst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(PANTERASoft) C:\Program Files (x86)\HDD Health\hddhealth.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-03] (Synaptics Incorporated)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1657621607-3020073833-46604503-1000\...\Run: [HP Photosmart 6520 series (NET)] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1657621607-3020073833-46604503-1000\...\Run: [hddhealth] => C:\Program Files (x86)\HDD Health\hddhealth.exe [3246944 2013-03-08] (PANTERASoft)
HKU\S-1-5-21-1657621607-3020073833-46604503-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
FireFox:
========
FF ProfilePath: C:\Users\Raendel\AppData\Roaming\Mozilla\Firefox\Profiles\ffe3z1xb.default-1401574501442
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn [2014-11-09]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-05-29]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-09-25]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-09-25]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 HDDHealth; C:\Program Files (x86)\HDD Health\HDDHealthService.exe [17760 2013-03-08] () [File not signed]
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [262968 2014-09-21] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
S2 ZAPrivacyService; "C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
S3 BioNTDrv; E:\Programme\program\BioNTDrv.SYS [18696 2014-05-19] (Paragon Software Group)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07080.017\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-10] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20141107.001\IDSvia64.sys [633560 2014-10-11] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20141108.003\ENG64.SYS [129752 2014-11-04] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20141108.003\EX64.SYS [2137304 2014-11-04] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-21] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-05-19] ()
R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-05-19] ()
R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700296 2014-05-19] ()
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-09 11:20 - 2014-11-09 11:20 - 02347384 _____ (ESET) C:\Users\Raendel\Downloads\esetsmartinstaller_deu.exe
2014-11-07 17:11 - 2014-11-07 17:14 - 00000000 ____D () C:\AdwCleaner
2014-11-07 17:11 - 2014-11-07 17:11 - 01998336 _____ () C:\Users\Raendel\Downloads\AdwCleaner_4.002.exe
2014-11-07 08:59 - 2014-11-07 08:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-07 01:08 - 2014-11-07 01:08 - 02817974 _____ () C:\Users\Raendel\Downloads\CrystalDiskInfo6_2_1.zip
2014-11-07 00:50 - 2014-11-07 00:50 - 00000690 _____ () C:\Users\Public\Desktop\SeaTools for Windows.lnk
2014-11-07 00:49 - 2014-11-07 00:49 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-07 00:49 - 2014-11-07 00:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2014-11-07 00:47 - 2014-11-07 00:47 - 26771088 _____ () C:\Users\Raendel\Downloads\SeaToolsforWindowsSetup.exe
2014-11-07 00:35 - 2014-11-07 00:35 - 00000047 _____ () C:\Users\Raendel\AppData\Roaming\WB.CFG
2014-11-06 20:39 - 2014-11-06 20:39 - 00277408 _____ () C:\Windows\Minidump\110614-31621-01.dmp
2014-11-06 20:29 - 2014-11-06 20:29 - 00380416 _____ () C:\Users\Raendel\Downloads\Gmer-19357.exe
2014-11-06 20:25 - 2014-11-06 20:25 - 00001057 _____ () C:\Users\Raendel\Downloads\Defogger - Verknüpfung.lnk
2014-11-06 20:23 - 2014-11-09 14:32 - 00000000 ____D () C:\FRST
2014-11-06 20:23 - 2014-11-06 20:23 - 02114560 _____ (Farbar) C:\Users\Raendel\Downloads\FRST64.exe
2014-11-06 20:18 - 2014-11-06 20:18 - 00000248 _____ () C:\Users\Raendel\Downloads\defogger_enable.log
2014-11-06 20:17 - 2014-11-06 20:20 - 00000476 _____ () C:\Users\Raendel\Downloads\defogger_disable.log
2014-11-06 20:17 - 2014-11-06 20:18 - 00000000 _____ () C:\Users\Raendel\defogger_reenable
2014-11-06 20:15 - 2014-11-06 20:16 - 00050477 _____ () C:\Users\Raendel\Downloads\Defogger.exe
2014-11-06 19:26 - 2014-11-09 11:15 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-06 19:25 - 2014-11-06 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-11-06 19:25 - 2014-11-06 19:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-06 19:25 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-06 19:25 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-06 19:25 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-06 19:22 - 2014-11-06 19:22 - 01125200 _____ () C:\Users\Raendel\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-11-05 22:32 - 2014-11-05 22:32 - 00025180 _____ () C:\Users\Raendel\AppData\Local\recently-used.xbel
2014-11-05 21:52 - 2014-11-05 21:52 - 00000000 ____D () C:\ProgramData\newbackup
2014-11-05 21:49 - 2014-11-05 21:49 - 00000000 ____D () C:\ProgramData\launcher
2014-11-05 21:43 - 2014-11-05 21:43 - 00001732 _____ () C:\Users\Public\Desktop\Paragon Backup and Recovery™ 2014 Free.lnk
2014-11-05 21:43 - 2014-11-05 21:43 - 00001670 _____ () C:\Users\Public\Desktop\Paragon Recovery Media Builder™.lnk
2014-11-05 21:43 - 2014-11-05 21:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_blockmounter_01_09_00.Wdf
2014-11-05 21:43 - 2014-11-05 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup and Recovery™ 2014 Free
2014-11-05 21:37 - 2014-11-05 21:37 - 00000000 ____D () C:\ProgramData\explauncher
2014-11-05 20:58 - 2014-11-05 20:58 - 01125200 _____ () C:\Users\Raendel\Downloads\Paragon Backup Recovery 2014 Free - CHIP-Installer.exe
2014-11-04 14:03 - 2014-11-04 14:03 - 00000000 ____D () C:\Windows\pss
2014-11-04 13:59 - 2014-11-04 13:59 - 00000017 _____ () C:\Users\Raendel\AppData\Local\resmon.resmoncfg
2014-11-04 13:20 - 2014-11-04 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
2014-11-04 13:20 - 2014-11-04 13:20 - 00000000 ____D () C:\Program Files (x86)\HD Tune
2014-11-04 13:16 - 2014-11-04 13:19 - 00000000 ____D () C:\Users\Raendel\AppData\Roaming\HDDHealth
2014-11-04 13:15 - 2014-11-04 13:16 - 00000000 ____D () C:\Program Files (x86)\HDD Health
2014-11-04 13:15 - 2014-11-04 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Health
2014-11-04 13:14 - 2014-11-04 13:14 - 04211152 _____ ( ) C:\Users\Kathi Neuneu\Downloads\hddh.exe
2014-11-04 13:13 - 2014-11-04 13:13 - 00642632 _____ (EFD Software ) C:\Users\Kathi Neuneu\Downloads\hdtune_255.exe
2014-11-04 13:06 - 2014-11-04 13:06 - 00000000 ____D () C:\Users\Kathi Neuneu\AppData\Roaming\Mozilla
2014-11-04 13:06 - 2014-11-04 13:06 - 00000000 ____D () C:\Users\Kathi Neuneu\AppData\Local\Mozilla
2014-11-04 13:06 - 2014-11-04 13:06 - 00000000 ____D () C:\Users\Kathi Neuneu\AppData\Local\Macromedia
2014-11-04 13:05 - 2014-11-04 13:05 - 00000000 __SHD () C:\Users\Kathi Neuneu\AppData\Local\EmieUserList
2014-11-04 13:05 - 2014-11-04 13:05 - 00000000 __SHD () C:\Users\Kathi Neuneu\AppData\Local\EmieSiteList
2014-11-04 13:01 - 2014-11-04 13:01 - 00105736 _____ () C:\Users\Kathi Neuneu\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-29 20:50 - 2014-10-29 20:50 - 00000000 ____D () C:\ProgramData\Visan
2014-10-29 20:49 - 2014-10-29 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-10-29 20:49 - 2014-10-29 20:49 - 00003642 _____ () C:\Windows\System32\Tasks\HPCustParticipation HP Photosmart 6520 series
2014-10-29 20:49 - 2014-10-29 20:49 - 00002248 _____ () C:\Users\Public\Desktop\HP Photosmart 6520 series.lnk
2014-10-29 20:49 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMAF11.dll
2014-10-29 20:45 - 2014-10-29 20:45 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-10-29 19:59 - 2014-10-29 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-10-29 19:58 - 2014-10-29 19:59 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2
2014-10-29 19:58 - 2014-10-29 19:58 - 00000000 ____D () C:\Users\Raendel\Documents\PDF Architect 2
2014-10-29 19:57 - 2014-10-29 19:57 - 00001031 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-10-29 19:57 - 2014-10-29 19:57 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-10-29 19:57 - 2014-10-29 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-10-29 19:57 - 2014-10-29 19:57 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-10-29 19:57 - 2014-09-23 09:43 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2014-10-29 19:57 - 2014-09-23 09:43 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2014-10-29 19:57 - 2014-09-23 09:43 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2014-10-29 19:57 - 2014-09-23 09:43 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2014-10-29 19:57 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2014-10-29 19:57 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2014-10-29 19:57 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2014-10-29 19:35 - 2014-10-29 19:35 - 27855352 _____ (pdfforge ) C:\Users\Raendel\Downloads\PDFCreator-1_7_3_setup.exe
2014-10-28 20:27 - 2014-10-28 20:27 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-10-28 20:27 - 2014-10-28 20:27 - 00000000 ____D () C:\Intel
2014-10-27 22:40 - 2014-10-27 22:40 - 00000000 ____D () C:\Users\Raendel\Documents\Fax
2014-10-24 14:05 - 2014-10-24 14:06 - 00004387 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-10-24 09:31 - 2014-10-24 09:31 - 00000000 ____D () C:\Users\Kathi Neuneu\Documents\Bluetooth-Exchange-Ordner
2014-10-24 09:31 - 2014-10-24 09:31 - 00000000 ____D () C:\Users\Kathi Neuneu\AppData\Local\Broadcom
2014-10-16 09:24 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 09:24 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-16 09:24 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-16 09:24 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 09:24 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 09:24 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 09:24 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 09:24 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 09:24 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 09:23 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 09:23 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 09:23 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 09:23 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 09:23 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 09:23 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 09:23 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 09:23 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 09:23 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 09:23 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 09:23 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 09:23 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 09:23 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 09:23 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 09:23 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 09:23 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 09:23 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 09:23 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 09:23 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 09:23 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 09:23 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 09:23 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 09:23 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 09:23 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 09:23 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 09:23 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 09:23 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 09:23 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 09:23 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 09:23 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 09:23 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 09:23 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 09:23 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 09:23 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 09:23 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 09:23 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 09:23 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 09:23 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 09:23 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 09:23 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 09:23 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 09:23 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 09:23 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 09:23 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 09:23 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 09:23 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 09:23 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 09:23 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 09:23 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 09:23 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 09:23 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 09:23 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 09:23 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 09:23 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 09:23 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 09:23 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 09:23 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 09:23 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 09:23 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 09:23 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 09:23 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 09:23 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 09:23 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 09:23 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 09:23 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 09:23 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 09:23 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 09:23 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 09:23 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 09:23 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 09:23 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 09:23 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 09:23 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 09:23 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 09:23 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 09:23 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 09:23 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 09:23 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 09:23 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 09:23 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 09:23 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-09 13:55 - 2013-01-22 17:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-09 12:35 - 2012-11-28 00:07 - 01090186 _____ () C:\Windows\WindowsUpdate.log
2014-11-09 11:28 - 2011-04-12 08:43 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-11-09 11:28 - 2011-04-12 08:43 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-11-09 11:28 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-09 11:16 - 2009-07-14 05:45 - 00031872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-09 11:16 - 2009-07-14 05:45 - 00031872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-09 11:09 - 2014-08-16 11:21 - 00007874 _____ () C:\Windows\setupact.log
2014-11-09 11:09 - 2014-06-20 17:16 - 00000330 _____ () C:\Windows\Tasks\GlaryInitialize.job
2014-11-09 11:09 - 2010-11-21 04:47 - 00381154 _____ () C:\Windows\PFRO.log
2014-11-09 11:09 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-09 10:25 - 2013-03-09 15:19 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-11-07 17:17 - 2013-08-30 00:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-07 13:19 - 2009-07-14 03:34 - 00000505 _____ () C:\Windows\win.ini
2014-11-06 20:39 - 2013-06-11 06:33 - 00000000 ____D () C:\Windows\Minidump
2014-11-06 20:18 - 2012-11-28 23:15 - 00000000 ____D () C:\Users\Raendel
2014-11-06 20:13 - 2014-02-04 23:58 - 00000000 ____D () C:\Users\Raendel\AppData\Local\CrashDumps
2014-11-06 00:52 - 2013-02-22 23:45 - 00000000 ____D () C:\Users\Raendel\.gimp-2.8
2014-11-05 21:39 - 2014-07-16 10:36 - 00000000 ____D () C:\Users\Raendel\AppData\Local\Downloaded Installations
2014-11-05 21:18 - 2014-10-08 17:13 - 00000000 ____D () C:\Users\Raendel\AppData\Roaming\HpUpdate
2014-11-04 15:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-04 13:25 - 2012-11-28 23:16 - 00000000 ___HD () C:\Users\Raendel\AppData\Local\VirtualStore
2014-11-04 13:13 - 2013-04-01 16:48 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-30 18:06 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-29 20:51 - 2014-10-08 17:07 - 00000000 ____D () C:\Users\Raendel\AppData\Local\HP
2014-10-29 20:50 - 2014-10-08 17:13 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-10-29 20:50 - 2014-10-08 17:13 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-10-29 20:50 - 2012-11-28 23:36 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-10-29 20:49 - 2014-10-08 17:12 - 00000000 ____D () C:\Program Files (x86)\HP
2014-10-29 20:48 - 2013-02-25 19:30 - 00000000 ____D () C:\ProgramData\HP
2014-10-24 14:06 - 2013-06-24 18:59 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-24 14:05 - 2013-01-22 17:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-24 14:05 - 2012-12-16 14:19 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-24 14:05 - 2012-12-16 14:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-24 14:03 - 2012-12-15 20:05 - 00000000 ____D () C:\Users\Raendel\AppData\Local\Adobe
2014-10-24 09:31 - 2013-08-29 23:05 - 00001421 _____ () C:\Users\Kathi Neuneu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-17 13:42 - 2014-05-31 12:34 - 00000000 ____D () C:\Users\Raendel\AppData\Roaming\vlc
2014-10-17 10:47 - 2009-07-14 05:45 - 00380816 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 10:46 - 2014-05-07 06:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 10:59 - 2013-01-22 15:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 10:53 - 2013-08-29 21:39 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 10:44 - 2012-11-28 23:38 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 19:07 - 2014-06-20 17:16 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities
2014-10-14 19:07 - 2014-01-08 18:34 - 00000000 ____D () C:\Users\Raendel\AppData\Roaming\Spotify
2014-10-14 19:07 - 2013-11-21 19:16 - 00000000 ____D () C:\ProgramData\Norton
2014-10-14 19:07 - 2013-08-29 23:05 - 00000000 ____D () C:\Users\Kathi Neuneu
2014-10-14 19:07 - 2013-08-29 21:14 - 00000000 ____D () C:\Users\Kathi Neu
2014-10-14 19:07 - 2011-04-12 08:54 - 00000000 __RHD () C:\Users\Public\Recorded TV
2014-10-14 19:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-10-14 19:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-14 19:04 - 2014-07-16 10:44 - 00000000 ____D () C:\Users\Raendel\AppData\Roaming\Samsung
2014-10-14 19:04 - 2014-07-16 10:39 - 00000000 ____D () C:\Program Files (x86)\Samsung
Some content of TEMP:
====================
C:\Users\Raendel\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Raendel\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Raendel\AppData\Local\Temp\ose00000.exe
C:\Users\Raendel\AppData\Local\Temp\Quarantine.exe
C:\Users\Raendel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Raendel\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-05 00:49
==================== End Of Log ============================
--- --- --- Bin gespannt, was die Scans jetzt "sagen". Interpretieren kann ich das nämlich leider nicht.... LG |
|
10.11.2014, 00:01
| #14 | |
| Ruhe in Frieden † 2019 | Windows 7 - PC stürzt ab und startet unzuverlässig: Meldung "Non-System disk or disk error..."; Trojaner/Viren oder mechanisches Problem? Hallo, Zitat:
 Was ist norddruck.exe? Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\All Users\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js
C:\Users\Kathi Neu\Downloads\ImageEditorSetup.exe
emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
|
|
10.11.2014, 01:21
| #15 |
| | Windows 7 - PC stürzt ab und startet unzuverlässig: Meldung "Non-System disk or disk error..."; Trojaner/Viren oder mechanisches Problem? Hi! Ich habe mich inzwischen getraut, das Ding aufzuschrauben  Habe die Festplatte mehrfach rein und rausgesteckt, aber hat scheinbar nix gebracht. Wobei ich gerade erstaunt war, dass bei dem letzten Neustart alles reibungslos lief... Norddruck ist eine Schriftart. Aber das *.exe wundert mich etwas. Wird ja normalerweise nur als *.tff abgespeichert, oder? Hier der Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-11-2014 01
Ran by Raendel at 2014-11-10 01:11:09 Run:2
Running from C:\Users\Raendel\Saved Games\Desktop
Loaded Profile: Raendel (Available profiles: Raendel & Kathi Neu & Kathi Neuneu)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\All Users\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js
C:\Users\Kathi Neu\Downloads\ImageEditorSetup.exe
emptytemp:
*****************
C:\Users\All Users\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js => Moved successfully.
C:\Users\Kathi Neu\Downloads\ImageEditorSetup.exe => Moved successfully.
EmptyTemp: => Removed 4.2 GB temporary data.
The system needed a reboot.
==== End of Fixlog ====
 fürs Kümmern!Gute N8! Katwell |
|
| Themen zu Windows 7 - PC stürzt ab und startet unzuverlässig: Meldung "Non-System disk or disk error..."; Trojaner/Viren oder mechanisches Problem? |
| bitguard entfernen, bluescreen 0x00000109, device driver, dvdvideosoft ltd., extended update entfernen, fehlercode 0x80000003, fehlercode 0x80070057, fehlercode 28, fehlercode 6c9ac2a4, fehlercode windows, file opener packages entfernen, fährt nicht richtig hoch, install.exe, installmanager.exe, launch, non-system disk or disk error, pup.bprotector, pup.optional.babylon.a, pup.optional.bprotector.a, pup.optional.conduitsearchprotect, pup.optional.datamangr.a, pup.optional.datamngr.a, pup.optional.delta.a, pup.optional.freemakeconverter.a, pup.optional.searchprotect.a, pup.optional.softonic.a, pup.optional.trovi.a, spotify web helper, this device cannot start. (code10), trojan.zbot, wscript, wse_astromenda entfernen |
Linear-Darstellung
