| |
| |||||||
Log-Analyse und Auswertung: Windows 7 - PC stürzt ab und startet unzuverlässig: Meldung "Non-System disk or disk error..."; Trojaner/Viren oder mechanisches Problem?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.11.2014, 00:04
| #1 |
 |  Windows 7 - PC stürzt ab und startet unzuverlässig: Meldung "Non-System disk or disk error..."; Trojaner/Viren oder mechanisches Problem? Hallo! In letzter Zeit arbeitet mein Notebook sehr unzuverlässig. Zunächst kam es immer wieder vor, dass es sich beim Zuklappen nach einiger Zeit selbst abgeschaltet hat (obwohl ich für diese Aktion nur den Energiesparmodus ausgewählt hatte). Vor 3 Tagen dann fuhr er plötzlich gar nicht mehr hoch und es kam die Meldung "Non-System disk or disk error; replace and strike any key when ready". Hinzu kam ein leises Klackern im Sekundentakt, das evtl. von der Festplatte kam (?). Mit ESC kam ich in den Boot-bzw. Einstellungsmodus, aber da ich kaum Ahnung habe, brachte mir das nicht viel. So musste ich den PC einfach per Knopfrduck ausschalten und nach mehrmaligen Versuchen blieb das Klackern aus und er ließ bzw. lässt er sich dann meistens (noch) hochfahren. Bei dem Versuch, meine Daten auf einer externen Festplatte zu sichern, ging bei 36 % dann gar nichts mehr. Selbst der Task-Manager gab keine Rückmeldung. Also musste ich das Notebook wieder per Knopfdruck einfach ausschalten. Nachdem ich vorher eher an ein mechanisches Problem der Festplatte oder des Mainboards gedacht habe (ein Bekannter gab mir den Hinweis), kam mir jetzt alles doch sehr komisch vor und ich entschloss mich, mir Malwarebites runterzuladen. Der Scan ergab einige Treffer, mit denen ich inhaltlich gar nichts anfangen kann (2 "rote" Treffer, 144 "orangene"). Ich habe alles in die Quarantäne geschoben und bin daraufhin auf diese Seite gestoßen und erhoffe mir jetzt von euch Hilfe, das alles zu interpretieren. Ich habe alles den Hinweisen entsprechend durchgeführt. "Defogger" hat irgendwie nicht geklappt, auf jeden Fall wurde kein Scan durchgeführt. Nach den Scans von FRST und GMR habe ich mit meinen Virenscanner (Norton) einen vollständigen Systemscan durchgeführt. Dabei wurde "Trojan.ZBot" gefunden und vollständig behoben. Leider passierte das automatisch. Ich habe hier gelesen, dass man lieber nichts selbst beheben, sondern auf Anweiseungen warten soll....Bei den regelmäßigen automatischen Scans durch Norton wurde übrigens nichts gefunden. Hier folgen nun die Logs. Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 06.11.2014 Suchlauf-Zeit: 19:29:35 Logdatei: Bedrohungssuchlauf_06_11_14.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.11.06.07 Rootkit Datenbank: v2014.11.01.02 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Raendel Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 418503 Verstrichene Zeit: 20 Min, 19 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 19 PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [276887b1cbb1270f57eeb2371be7a65a], PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [276887b1cbb1270f57eeb2371be7a65a], PUP.Optional.Babylon.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [99f661d7c5b7fe389148911e2ad810f0], PUP.Optional.Babylon.A, HKU\S-1-5-21-1657621607-3020073833-46604503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}, In Quarantäne, [99f661d7c5b7fe389148911e2ad810f0], PUP.Optional.Delta.A, HKU\S-1-5-21-1657621607-3020073833-46604503-1074-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{82E1477C-B154-48D3-9891-33D83C26BCD3}, In Quarantäne, [d9b68fa90c7088ae6fd69e4a9072f907], PUP.Optional.Delta.A, HKU\S-1-5-21-1657621607-3020073833-46604503-1074-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{82E1477C-B154-48D3-9891-33D83C26BCD3}, In Quarantäne, [d9b68fa90c7088ae6fd69e4a9072f907], PUP.Optional.Delta.A, HKU\S-1-5-21-1657621607-3020073833-46604503-1074-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}, In Quarantäne, [652abc7c9fdd76c04df75e8ab54db947], PUP.Optional.Delta.A, HKU\S-1-5-21-1657621607-3020073833-46604503-1074-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}, In Quarantäne, [652abc7c9fdd76c04df75e8ab54db947], PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Delta Chrome Toolbar, In Quarantäne, [a3ec32066319f93d80c68c0fc24214ec], PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, In Quarantäne, [6d2286b290ec06307425c981e51ee51b], PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\eooncjejnppfjjklapaamhcdmjbilmde, In Quarantäne, [4e411d1b59232d098441f34146bd5fa1], PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, In Quarantäne, [fd9251e768140c2a1ae80341bd46ec14], PUP.Optional.ConduitSearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, In Quarantäne, [137c3dfbacd0280e06723d3d7b89ee12], PUP.Optional.DataMngr.A, HKU\S-1-5-21-1657621607-3020073833-46604503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, In Quarantäne, [7d121f19d1ab7cba172f166752b28e72], PUP.Optional.DataMngr.A, HKU\S-1-5-21-1657621607-3020073833-46604503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, In Quarantäne, [c8c73ff9582448ee0540a6d79e6634cc], PUP.Optional.Babylon.A, HKU\S-1-5-21-1657621607-3020073833-46604503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, In Quarantäne, [701fbb7d37456fc7ee5b2d51af55fa06], PUP.Optional.BProtector.A, HKU\S-1-5-21-1657621607-3020073833-46604503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, In Quarantäne, [870836021567c373c4cbe997d52fde22], PUP.Optional.Softonic.A, HKU\S-1-5-21-1657621607-3020073833-46604503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [127d43f54b3165d1fb7459fd3bc87090], Registrierungswerte: 4 PUP.Optional.FreeMakeConverter.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|fmconverter@gmail.com, C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\, In Quarantäne, [eba408303f3d3ff7d4c689a2dd261ee2] PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, In Quarantäne, [fd9251e768140c2a1ae80341bd46ec14] PUP.BProtector, HKU\S-1-5-21-1657621607-3020073833-46604503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, hxxp://search.babylon.com/?babsrc=HP_ss_sps&mntrId=D2F80026C6083CCF&affID=121563&tsp=4932, In Quarantäne, [4f4053e57b013bfb26212954aa5ace32] PUP.BProtector, HKU\S-1-5-21-1657621607-3020073833-46604503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [ade2d563cdaf3cfa2028532aa65e25db] Registrierungsdaten: 1 PUP.Optional.Trovi.A, HKU\S-1-5-21-1657621607-3020073833-46604503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M12971E38-F356-47B5-BFF9-802F51A67A6E&SearchSource=55&CUI=&UM=5&UP=SP670D39C9-723C-4CDE-9459-636AFBDCB698&SSPV=, Gut: (www.google.com), Schlecht: (hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M12971E38-F356-47B5-BFF9-802F51A67A6E&SearchSource=55&CUI=&UM=5&UP=SP670D39C9-723C-4CDE-9459-636AFBDCB698&SSPV=),Ersetzt,[b8d761d795e743f3739c1d16b64f12ee] Ordner: 32 PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\rep, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\rep, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.Delta.A, C:\Users\Raendel\AppData\Roaming\BabSolution\Shared, In Quarantäne, [a3ec32066319f93d80c68c0fc24214ec], PUP.Optional.OpenCandy, C:\Users\Raendel\AppData\Roaming\OpenCandy, In Quarantäne, [226d0a2e473578be3aa5609c29d97a86], PUP.Optional.OpenCandy, C:\Users\Raendel\AppData\Roaming\OpenCandy\7010F58069DC4C2D8CDE8990CE153ACE, In Quarantäne, [226d0a2e473578be3aa5609c29d97a86], PUP.Optional.OpenCandy, C:\Users\Raendel\AppData\Roaming\OpenCandy\7281080E35F44B2487D1C521460A92DC, In Quarantäne, [226d0a2e473578be3aa5609c29d97a86], PUP.Optional.OpenCandy, C:\Users\Raendel\AppData\Roaming\OpenCandy\CD636EA7D59E4906AB6A9863239A3B6A, In Quarantäne, [226d0a2e473578be3aa5609c29d97a86], PUP.Optional.OpenCandy, C:\Users\Raendel\AppData\Roaming\OpenCandy\DAA5F0D2F4CD4933ABB20C45E5D8E9DA, In Quarantäne, [226d0a2e473578be3aa5609c29d97a86], PUP.Optional.OpenCandy, C:\Users\Raendel\AppData\Roaming\OpenCandy\E416A901C2324FAF88B46450A1504789, In Quarantäne, [226d0a2e473578be3aa5609c29d97a86], PUP.Optional.SearchProtect.A, C:\Users\Raendel\AppData\Local\SearchProtect, In Quarantäne, [018e74c40b711620b8ae4dc5d72cb44c], PUP.Optional.SearchProtect.A, C:\Users\Raendel\AppData\Local\SearchProtect\SearchProtect, In Quarantäne, [018e74c40b711620b8ae4dc5d72cb44c], PUP.Optional.SearchProtect.A, C:\Users\Raendel\AppData\Local\SearchProtect\SearchProtect\rep, In Quarantäne, [018e74c40b711620b8ae4dc5d72cb44c], PUP.Optional.SearchProtect.A, C:\Users\Raendel\AppData\Local\SearchProtect\SearchProtect\STG, In Quarantäne, [018e74c40b711620b8ae4dc5d72cb44c], PUP.Optional.SearchProtect.A, C:\Users\Raendel\AppData\Local\SearchProtect\UI, In Quarantäne, [018e74c40b711620b8ae4dc5d72cb44c], PUP.Optional.SearchProtect.A, C:\Users\Raendel\AppData\Local\SearchProtect\UI\rep, In Quarantäne, [018e74c40b711620b8ae4dc5d72cb44c], PUP.Optional.BabSolution.A, C:\Users\Raendel\AppData\Roaming\BabSolution\CR, In Quarantäne, [1c73da5e2359de581a6538dce3209e62], Dateien: 101 PUP.Optional.BabSolution.A, C:\Users\Raendel\AppData\Roaming\BabSolution\Shared\BUSolution.dll, In Quarantäne, [078820185e1ec4726110d2524db4a858], PUP.Optional.Babylon.A, C:\Users\Raendel\AppData\Roaming\OpenCandy\7281080E35F44B2487D1C521460A92DC\DeltaTB.exe, In Quarantäne, [414e76c2e29a1f177f7e29f4c9384db3], Trojan.RotBrowse, C:\Users\Raendel\AppData\Local\Temp\FE8A.tmp, In Quarantäne, [3c5382b66319f73f9cdfa66c0ff658a8], PUP.Optional.Installcore, C:\Users\Raendel\AppData\Local\Temp\nse9965.tmp\InstallManager.exe, In Quarantäne, [afe062d6a5d787af5beb19cf81804ab6], PUP.Optional.Installcore, C:\Users\Raendel\AppData\Local\Temp\nseBBD3.tmp\nsvmd.dll, In Quarantäne, [36592f0964186acc7ccac02849b84ab6], PUP.Optional.Monetizer, C:\Users\Raendel\AppData\Local\Temp\is-QN54C.tmp\CBStub.exe, In Quarantäne, [fb94b088295347ef5415d1bb04fe5ea2], PUP.Optional.BabSolution.A, C:\Users\Raendel\AppData\Local\Temp\bus4B51\BUSolution.dll, In Quarantäne, [aee1da5eb5c776c0c9a83be951b01ae6], PUP.Optional.Babylon.A, C:\Users\Raendel\AppData\Local\Temp\226F07AE-BAB0-7891-9FAD-9467E85590FF\Latest\BExternal.dll, In Quarantäne, [4847e157e894fc3a0c15a2813dc3a25e], Trojan.RotBrowse, C:\Users\Raendel\AppData\Local\Temp\226F07AE-BAB0-7891-9FAD-9467E85590FF\Latest\ccp.exe, In Quarantäne, [088746f27b01c175ec8fe929e2234cb4], PUP.Optional.Babylon.A, C:\Users\Raendel\AppData\Local\Temp\226F07AE-BAB0-7891-9FAD-9467E85590FF\Latest\CrxInstaller.dll, In Quarantäne, [404f91a7562665d19c8b9e93cd346b95], PUP.Optional.Delta, C:\Users\Raendel\AppData\Local\Temp\226F07AE-BAB0-7891-9FAD-9467E85590FF\Latest\MyDeltaTB.exe, In Quarantäne, [d1beb484c3b9ca6c0b08de431ae7d828], PUP.Optional.Babylon.A, C:\Users\Raendel\AppData\Local\Temp\226F07AE-BAB0-7891-9FAD-9467E85590FF\Latest\Setup.exe, In Quarantäne, [0788aa8ebac2ab8b125fbc622fd1f709], PUP.Optional.Conduit.A, C:\Windows\Temp\nsi90F4.exe, In Quarantäne, [26692a0ec5b7f73f127af9a10ff27b85], PUP.Optional.Conduit.A, C:\Windows\Temp\nss43EA.exe, In Quarantäne, [c3cc7dbbb5c7fa3c177596045da438c8], PUP.Optional.Conduit.A, C:\Windows\Temp\nsx722D.exe, In Quarantäne, [eaa586b245371d19107c0793d32ea957], PUP.Optional.Conduit.A, C:\Windows\Temp\nsy6B0B.exe, In Quarantäne, [6d22a692017b979faae2b5e54fb22cd4], PUP.Optional.Somoto, C:\Users\Raendel\Downloads\VeenPikto_downloader_by_Fonts101.exe, In Quarantäne, [315ef8407ffd20164f7671f1679e4db3], PUP.Optional.Softonic.A, C:\Users\Raendel\Downloads\SoftonicDownloader_fuer_easy-mp3-cutter.exe, In Quarantäne, [cdc25ddb9ddf7bbb12100b2d649dc23e], PUP.Optional.Babylon.A, C:\Windows\System32\Tasks\EPUpdater, In Quarantäne, [fb9451e73646f93dcfcdda6ac53e926e], PUP.Optional.BitGuard.A, C:\Windows\System32\Tasks\BitGuard, In Quarantäne, [59369c9c7a021521aff5b78de51e9c64], PUP.Optional.Trovi.A, C:\Users\Raendel\AppData\Roaming\Mozilla\Firefox\Profiles\ffe3z1xb.default-1401574501442\searchplugins\trovi-search.xml, In Quarantäne, [0f80290fa8d475c13f215ef18281f50b], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\EULA.txt, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js, In Quarantäne, [1d72ed4bff7d8bab006c2661a46058a8], PUP.Optional.Delta.A, C:\Users\Raendel\AppData\Roaming\BabSolution\Shared\Delta.ico, In Quarantäne, [a3ec32066319f93d80c68c0fc24214ec], PUP.Optional.Delta.A, C:\Users\Raendel\AppData\Roaming\BabSolution\Shared\BabMaint.exe, In Quarantäne, [a3ec32066319f93d80c68c0fc24214ec], PUP.Optional.Delta.A, C:\Users\Raendel\AppData\Roaming\BabSolution\Shared\chu.js, In Quarantäne, [a3ec32066319f93d80c68c0fc24214ec], PUP.Optional.Delta.A, C:\Users\Raendel\AppData\Roaming\BabSolution\Shared\GUninstaller.exe, In Quarantäne, [a3ec32066319f93d80c68c0fc24214ec], PUP.Optional.Delta.A, C:\Users\Raendel\AppData\Roaming\BabSolution\Shared\SetupParams.ini, In Quarantäne, [a3ec32066319f93d80c68c0fc24214ec], PUP.Optional.Delta.A, C:\Users\Raendel\AppData\Roaming\BabSolution\Shared\sqlite3.dll, In Quarantäne, [a3ec32066319f93d80c68c0fc24214ec], PUP.Optional.OpenCandy, C:\Users\Raendel\AppData\Roaming\OpenCandy\7010F58069DC4C2D8CDE8990CE153ACE\TuneUpUtilities2014_de-DE.exe, In Quarantäne, [226d0a2e473578be3aa5609c29d97a86], PUP.Optional.OpenCandy, C:\Users\Raendel\AppData\Roaming\OpenCandy\DAA5F0D2F4CD4933ABB20C45E5D8E9DA\zafwSetupWeb_131_211_000.exe, In Quarantäne, [226d0a2e473578be3aa5609c29d97a86], PUP.Optional.OpenCandy, C:\Users\Raendel\AppData\Roaming\OpenCandy\E416A901C2324FAF88B46450A1504789\speedupmypcDE.exe, In Quarantäne, [226d0a2e473578be3aa5609c29d97a86], PUP.Optional.SearchProtect.A, C:\Users\Raendel\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, In Quarantäne, [018e74c40b711620b8ae4dc5d72cb44c], PUP.Optional.SearchProtect.A, C:\Users\Raendel\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, In Quarantäne, [018e74c40b711620b8ae4dc5d72cb44c], PUP.Optional.SearchProtect.A, C:\Users\Raendel\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, In Quarantäne, [018e74c40b711620b8ae4dc5d72cb44c], PUP.Optional.BabSolution.A, C:\Users\Raendel\AppData\Roaming\BabSolution\CR\Delta.crx, In Quarantäne, [1c73da5e2359de581a6538dce3209e62], PUP.Optional.Trovi.A, C:\Users\Raendel\AppData\Roaming\Mozilla\Firefox\Profiles\ffe3z1xb.default-1401574501442\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M12971E38-F356-47B5-BFF9-802F51A67A6E&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP670D39C9-723C-4CDE-9459-636AFBDCB698");), Ersetzt,[533c61d74438af87c873ee85699c6f91] Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014 Ran by Raendel (administrator) on KATHIS-NOTEBOOK on 06-11-2014 20:26:22 Running from C:\Users\Raendel\Saved Games\Desktop Loaded Profile: Raendel (Available profiles: Raendel & Kathi Neu & Kathi Neuneu) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe () C:\Program Files (x86)\HDD Health\HDDHealthService.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\nst.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\nst.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe (PANTERASoft) C:\Program Files (x86)\HDD Health\hddhealth.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Program Files (x86)\EnterDigital\updateEnterDigital.exe () C:\Program Files (x86)\EnterDigital\EnterDigital.FirstRun.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-03] (Synaptics Incorporated) HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-10-01] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1657621607-3020073833-46604503-1000\...\Run: [HP Photosmart 6520 series (NET)] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-1657621607-3020073833-46604503-1000\...\Run: [hddhealth] => C:\Program Files (x86)\HDD Health\hddhealth.exe [3246944 2013-03-08] (PANTERASoft) HKU\S-1-5-21-1657621607-3020073833-46604503-1000\...\RunOnce: [WSE_Astromenda] => wscript /E:vbscript /B "C:\Users\Raendel\AppData\Roaming\WSE_Astromenda\UpdateProc\bkup.dat" HKU\S-1-5-21-1657621607-3020073833-46604503-1000\...\RunOnce: [DigitalSites] => wscript /E:vbscript /B "C:\Users\Raendel\AppData\Roaming\DigitalSites\UpdateProc\bkup.dat" HKU\S-1-5-21-1657621607-3020073833-46604503-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000 AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://astromenda.com/?f=1&a=ast_ggfc_14_45_ff&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtA0FzzyC0B0A0FtAyC0FtN0D0Tzu0StCtDyEtCtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyDyEyDzzzyyEzzyBtGyByDtB0AtGyByByByEtG0A0E0DtAtGtB0CyCzztAyDzz0EyByEtAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtAyByB0CtCzz0BtGtA0AzytDtGyEtD0F0FtGzz0CzzyBtG0F0CtAyE0FzzyEyEzzyCzy0F2Q&cr=326973643&ir= StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_45_ff&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtA0FzzyC0B0A0FtAyC0FtN0D0Tzu0StCtDyEtCtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyDyEyDzzzyyEzzyBtGyByDtB0AtGyByByByEtG0A0E0DtAtGtB0CyCzztAyDzz0EyByEtAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtAyByB0CtCzz0BtGtA0AzytDtGyEtD0F0FtGzz0CzzyBtG0F0CtAyE0FzzyEyEzzyCzy0F2Q&cr=326973643&ir= SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_45_ff&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtA0FzzyC0B0A0FtAyC0FtN0D0Tzu0StCtDyEtCtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyDyEyDzzzyyEzzyBtGyByDtB0AtGyByByByEtG0A0E0DtAtGtB0CyCzztAyDzz0EyByEtAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtAyByB0CtCzz0BtGtA0AzytDtGyEtD0F0FtGzz0CzzyBtG0F0CtAyE0FzzyEyEzzyCzy0F2Q&cr=326973643&ir= SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_45_ff&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtA0FzzyC0B0A0FtAyC0FtN0D0Tzu0StCtDyEtCtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyDyEyDzzzyyEzzyBtGyByDtB0AtGyByByByEtG0A0E0DtAtGtB0CyCzztAyDzz0EyByEtAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtAyByB0CtCzz0BtGtA0AzytDtGyEtD0F0FtGzz0CzzyBtG0F0CtAyE0FzzyEyEzzyCzy0F2Q&cr=326973643&ir= SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_45_ff&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtA0FzzyC0B0A0FtAyC0FtN0D0Tzu0StCtDyEtCtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyDyEyDzzzyyEzzyBtGyByDtB0AtGyByByByEtG0A0E0DtAtGtB0CyCzztAyDzz0EyByEtAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtAyByB0CtCzz0BtGtA0AzytDtGyEtD0F0FtGzz0CzzyBtG0F0CtAyE0FzzyEyEzzyCzy0F2Q&cr=326973643&ir= BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: EnterDigital -> {91b8f7a9-1558-40b3-b1e9-824ae5a2089f} -> C:\Program Files (x86)\EnterDigital\EnterDigitalbho.dll (EnterDigital) BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2 FireFox: ======== FF ProfilePath: C:\Users\Raendel\AppData\Roaming\Mozilla\Firefox\Profiles\ffe3z1xb.default-1401574501442 FF DefaultSearchEngine: Astromenda FF SelectedSearchEngine: Astromenda FF Homepage: hxxp://astromenda.com/?f=1&a=ast_ggfc_14_45_ff&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtA0FzzyC0B0A0FtAyC0FtN0D0Tzu0StCtDyEtCtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyDyEyDzzzyyEzzyBtGyByDtB0AtGyByByByEtG0A0E0DtAtGtB0CyCzztAyDzz0EyByEtAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtAyByB0CtCzz0BtGtA0AzytDtGyEtD0F0FtGzz0CzzyBtG0F0CtAyE0FzzyEyEzzyCzy0F2Q&cr=326973643&ir= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH) FF user.js: detected! => C:\Users\Raendel\AppData\Roaming\Mozilla\Firefox\Profiles\ffe3z1xb.default-1401574501442\user.js FF SearchPlugin: C:\Users\Raendel\AppData\Roaming\Mozilla\Firefox\Profiles\ffe3z1xb.default-1401574501442\searchplugins\Astromenda.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: EnterDigital - C:\Users\Raendel\AppData\Roaming\Mozilla\Firefox\Profiles\ffe3z1xb.default-1401574501442\Extensions\{9015bae7-cdbb-4473-a5d0-ecfa559b2ca5}.xpi [2014-11-06] FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn [2014-11-06] FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-05-29] FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-09-25] CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-06-14] CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-09-25] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 HDDHealth; C:\Program Files (x86)\HDD Health\HDDHealthService.exe [17760 2013-03-08] () [File not signed] R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [262968 2014-09-21] (Symantec Corporation) R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation) S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH) R2 Update EnterDigital; C:\Program Files (x86)\EnterDigital\updateEnterDigital.exe [526064 2014-11-06] () S2 ZAPrivacyService; "C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation) S3 BioNTDrv; E:\Programme\program\BioNTDrv.SYS [18696 2014-05-19] (Paragon Software Group) R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07080.017\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-10] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-10] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20141105.001\IDSvia64.sys [633560 2014-10-11] (Symantec Corporation) R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20141105.035\ENG64.SYS [129752 2014-11-04] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20141105.035\EX64.SYS [2137304 2014-11-04] (Symantec Corporation) R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-21] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) U0 tugcsjul; C:\Windows\System32\drivers\oatf.sys [79064 2014-11-06] (Malwarebytes Corporation) R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-05-19] () R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-05-19] () R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700296 2014-05-19] () ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-06 20:25 - 2014-11-06 20:25 - 00001057 _____ () C:\Users\Raendel\Downloads\Defogger - Verknüpfung.lnk 2014-11-06 20:23 - 2014-11-06 20:26 - 00000000 ____D () C:\FRST 2014-11-06 20:23 - 2014-11-06 20:23 - 02114560 _____ (Farbar) C:\Users\Raendel\Downloads\FRST64.exe 2014-11-06 20:18 - 2014-11-06 20:18 - 00000248 _____ () C:\Users\Raendel\Downloads\defogger_enable.log 2014-11-06 20:17 - 2014-11-06 20:20 - 00000476 _____ () C:\Users\Raendel\Downloads\defogger_disable.log 2014-11-06 20:17 - 2014-11-06 20:18 - 00000000 _____ () C:\Users\Raendel\defogger_reenable 2014-11-06 20:15 - 2014-11-06 20:16 - 00050477 _____ () C:\Users\Raendel\Downloads\Defogger.exe 2014-11-06 20:14 - 2014-11-06 20:14 - 00003258 _____ () C:\Windows\System32\Tasks\Digital Sites 2014-11-06 20:14 - 2014-11-06 20:14 - 00000300 _____ () C:\Windows\Tasks\Digital Sites.job 2014-11-06 20:13 - 2014-11-06 20:13 - 00003258 _____ () C:\Windows\System32\Tasks\WSE_Astromenda 2014-11-06 20:13 - 2014-11-06 20:13 - 00000300 _____ () C:\Windows\Tasks\WSE_Astromenda.job 2014-11-06 20:13 - 2014-11-06 20:13 - 00000000 ____D () C:\Users\Raendel\AppData\Roaming\DigitalSites 2014-11-06 20:13 - 2014-11-06 20:13 - 00000000 ____D () C:\Users\Raendel\AppData\Roaming\1H1Q1V1N1N1O1R 2014-11-06 20:13 - 2014-11-06 20:13 - 00000000 ____D () C:\Program Files (x86)\EnterDigital 2014-11-06 20:12 - 2014-11-06 20:13 - 00000000 ____D () C:\Users\Raendel\AppData\Roaming\WSE_Astromenda 2014-11-06 20:12 - 2014-11-06 20:12 - 00001146 _____ () C:\Users\Public\Desktop\FileOpener.lnk 2014-11-06 20:12 - 2014-11-06 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener 2014-11-06 20:12 - 2014-11-06 20:12 - 00000000 ____D () C:\Program Files (x86)\WSE_Astromenda 2014-11-06 20:12 - 2014-11-06 20:12 - 00000000 ____D () C:\Program Files (x86)\Tweaks 2014-11-06 20:09 - 2014-11-06 20:09 - 00811232 _____ ( ) C:\Users\Raendel\Downloads\FileOpenerSetup.exe 2014-11-06 19:56 - 2014-11-06 19:56 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\oatf.sys 2014-11-06 19:56 - 2014-11-06 19:56 - 00000000 ____D () C:\Users\Raendel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte 2014-11-06 19:26 - 2014-11-06 19:26 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-06 19:25 - 2014-11-06 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-11-06 19:25 - 2014-11-06 19:25 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-06 19:25 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-06 19:25 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-06 19:25 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-06 19:22 - 2014-11-06 19:22 - 01125200 _____ () C:\Users\Raendel\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe 2014-11-05 22:32 - 2014-11-05 22:32 - 00025180 _____ () C:\Users\Raendel\AppData\Local\recently-used.xbel 2014-11-05 21:52 - 2014-11-05 21:52 - 00000000 ____D () C:\ProgramData\newbackup 2014-11-05 21:49 - 2014-11-05 21:49 - 00000000 ____D () C:\ProgramData\launcher 2014-11-05 21:43 - 2014-11-05 21:43 - 00001732 _____ () C:\Users\Public\Desktop\Paragon Backup and Recovery™ 2014 Free.lnk 2014-11-05 21:43 - 2014-11-05 21:43 - 00001670 _____ () C:\Users\Public\Desktop\Paragon Recovery Media Builder™.lnk 2014-11-05 21:43 - 2014-11-05 21:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_blockmounter_01_09_00.Wdf 2014-11-05 21:43 - 2014-11-05 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup and Recovery™ 2014 Free 2014-11-05 21:37 - 2014-11-05 21:37 - 00000000 ____D () C:\ProgramData\explauncher 2014-11-05 20:58 - 2014-11-05 20:58 - 01125200 _____ () C:\Users\Raendel\Downloads\Paragon Backup Recovery 2014 Free - CHIP-Installer.exe 2014-11-04 14:03 - 2014-11-04 14:03 - 00000000 ____D () C:\Windows\pss 2014-11-04 13:59 - 2014-11-04 13:59 - 00000017 _____ () C:\Users\Raendel\AppData\Local\resmon.resmoncfg 2014-11-04 13:20 - 2014-11-04 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune 2014-11-04 13:20 - 2014-11-04 13:20 - 00000000 ____D () C:\Program Files (x86)\HD Tune 2014-11-04 13:16 - 2014-11-04 13:19 - 00000000 ____D () C:\Users\Raendel\AppData\Roaming\HDDHealth 2014-11-04 13:15 - 2014-11-04 13:16 - 00000000 ____D () C:\Program Files (x86)\HDD Health 2014-11-04 13:15 - 2014-11-04 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Health 2014-11-04 13:14 - 2014-11-04 13:14 - 04211152 _____ ( ) C:\Users\Kathi Neuneu\Downloads\hddh.exe 2014-11-04 13:13 - 2014-11-04 13:13 - 00642632 _____ (EFD Software ) C:\Users\Kathi Neuneu\Downloads\hdtune_255.exe 2014-11-04 13:06 - 2014-11-04 13:06 - 00000000 ____D () C:\Users\Kathi Neuneu\AppData\Roaming\Mozilla 2014-11-04 13:06 - 2014-11-04 13:06 - 00000000 ____D () C:\Users\Kathi Neuneu\AppData\Local\Mozilla 2014-11-04 13:06 - 2014-11-04 13:06 - 00000000 ____D () C:\Users\Kathi Neuneu\AppData\Local\Macromedia 2014-11-04 13:05 - 2014-11-04 13:05 - 00000000 __SHD () C:\Users\Kathi Neuneu\AppData\Local\EmieUserList 2014-11-04 13:05 - 2014-11-04 13:05 - 00000000 __SHD () C:\Users\Kathi Neuneu\AppData\Local\EmieSiteList 2014-11-04 13:01 - 2014-11-04 13:01 - 00105736 _____ () C:\Users\Kathi Neuneu\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-29 20:50 - 2014-10-29 20:50 - 00000000 ____D () C:\ProgramData\Visan 2014-10-29 20:49 - 2014-10-29 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2014-10-29 20:49 - 2014-10-29 20:49 - 00003642 _____ () C:\Windows\System32\Tasks\HPCustParticipation HP Photosmart 6520 series 2014-10-29 20:49 - 2014-10-29 20:49 - 00002248 _____ () C:\Users\Public\Desktop\HP Photosmart 6520 series.lnk 2014-10-29 20:49 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMAF11.dll 2014-10-29 20:45 - 2014-10-29 20:45 - 00000057 _____ () C:\ProgramData\Ament.ini 2014-10-29 19:59 - 2014-10-29 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2 2014-10-29 19:58 - 2014-10-29 19:59 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2 2014-10-29 19:58 - 2014-10-29 19:58 - 00000000 ____D () C:\Users\Raendel\Documents\PDF Architect 2 2014-10-29 19:57 - 2014-10-29 19:57 - 00001031 _____ () C:\Users\Public\Desktop\PDFCreator.lnk 2014-10-29 19:57 - 2014-10-29 19:57 - 00000000 ____D () C:\Users\Raendel\AppData\Roaming\pdfforge 2014-10-29 19:57 - 2014-10-29 19:57 - 00000000 ____D () C:\ProgramData\PDF Architect 2 2014-10-29 19:57 - 2014-10-29 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator 2014-10-29 19:57 - 2014-10-29 19:57 - 00000000 ____D () C:\Program Files (x86)\PDFCreator 2014-10-29 19:57 - 2014-09-23 09:43 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX 2014-10-29 19:57 - 2014-09-23 09:43 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX 2014-10-29 19:57 - 2014-09-23 09:43 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll 2014-10-29 19:57 - 2014-09-23 09:43 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL 2014-10-29 19:57 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL 2014-10-29 19:57 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL 2014-10-29 19:57 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL 2014-10-29 19:35 - 2014-10-29 19:35 - 27855352 _____ (pdfforge ) C:\Users\Raendel\Downloads\PDFCreator-1_7_3_setup.exe 2014-10-28 20:27 - 2014-10-28 20:27 - 00000000 ____D () C:\Program Files (x86)\Intel 2014-10-28 20:27 - 2014-10-28 20:27 - 00000000 ____D () C:\Intel 2014-10-27 22:40 - 2014-10-27 22:40 - 00000000 ____D () C:\Users\Raendel\Documents\Fax 2014-10-24 14:06 - 2014-10-24 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-10-24 14:06 - 2014-09-26 17:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-10-24 14:06 - 2014-09-26 17:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-10-24 14:06 - 2014-09-26 17:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-10-24 14:06 - 2014-09-26 17:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-10-24 14:05 - 2014-10-24 14:06 - 00004387 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log 2014-10-24 09:31 - 2014-10-24 09:31 - 00000000 ____D () C:\Users\Kathi Neuneu\Documents\Bluetooth-Exchange-Ordner 2014-10-24 09:31 - 2014-10-24 09:31 - 00000000 ____D () C:\Users\Kathi Neuneu\AppData\Local\Broadcom 2014-10-16 09:24 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-16 09:24 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-10-16 09:24 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-10-16 09:24 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-16 09:24 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-16 09:24 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-16 09:24 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-16 09:24 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-16 09:24 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-16 09:23 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-10-16 09:23 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-10-16 09:23 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-10-16 09:23 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-16 09:23 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-16 09:23 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-16 09:23 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-16 09:23 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-16 09:23 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-16 09:23 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-16 09:23 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-16 09:23 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-16 09:23 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-16 09:23 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-16 09:23 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-16 09:23 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-16 09:23 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-16 09:23 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-16 09:23 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-16 09:23 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-16 09:23 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-16 09:23 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-16 09:23 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-16 09:23 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-16 09:23 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-16 09:23 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-16 09:23 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-16 09:23 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-16 09:23 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-16 09:23 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-16 09:23 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-16 09:23 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-16 09:23 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-16 09:23 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-16 09:23 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-16 09:23 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-16 09:23 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-16 09:23 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-16 09:23 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-16 09:23 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-16 09:23 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-16 09:23 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-16 09:23 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-16 09:23 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-16 09:23 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-16 09:23 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-16 09:23 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-16 09:23 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-16 09:23 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-16 09:23 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-16 09:23 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-16 09:23 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-16 09:23 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-16 09:23 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-16 09:23 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-16 09:23 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-16 09:23 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-16 09:23 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-16 09:23 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-16 09:23 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-16 09:23 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-16 09:23 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-16 09:23 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-16 09:23 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-16 09:23 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-16 09:23 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-16 09:23 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-16 09:23 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-16 09:23 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-16 09:23 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-16 09:23 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-16 09:23 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-16 09:23 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-16 09:23 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-16 09:23 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-16 09:23 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-10-16 09:23 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2014-10-16 09:23 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-16 09:23 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-16 09:23 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-16 09:23 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-15 16:25 - 2014-10-15 16:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-08 17:13 - 2014-11-05 21:18 - 00000000 ____D () C:\Users\Raendel\AppData\Roaming\HpUpdate 2014-10-08 17:13 - 2014-10-29 20:50 - 00000000 ____D () C:\ProgramData\HP Photo Creations 2014-10-08 17:13 - 2014-10-29 20:50 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations 2014-10-08 17:12 - 2014-10-29 20:49 - 00000000 ____D () C:\Program Files (x86)\HP 2014-10-08 17:12 - 2014-10-08 17:12 - 00000000 ____D () C:\Program Files\HP 2014-10-08 17:07 - 2014-10-29 20:51 - 00000000 ____D () C:\Users\Raendel\AppData\Local\HP ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-06 20:18 - 2012-11-28 23:15 - 00000000 ____D () C:\Users\Raendel 2014-11-06 20:13 - 2014-02-04 23:58 - 00000000 ____D () C:\Users\Raendel\AppData\Local\CrashDumps 2014-11-06 20:03 - 2012-11-28 00:07 - 02034737 _____ () C:\Windows\WindowsUpdate.log 2014-11-06 19:58 - 2011-04-12 08:43 - 00699682 _____ () C:\Windows\system32\perfh007.dat 2014-11-06 19:58 - 2011-04-12 08:43 - 00149790 _____ () C:\Windows\system32\perfc007.dat 2014-11-06 19:58 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-06 19:56 - 2013-07-03 19:41 - 00000000 ___HD () C:\Users\Raendel\AppData\Roaming\BabSolution 2014-11-06 19:55 - 2013-01-22 17:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-06 19:29 - 2009-07-14 05:45 - 00031872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-06 19:29 - 2009-07-14 05:45 - 00031872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-06 19:20 - 2014-08-16 11:21 - 00006738 _____ () C:\Windows\setupact.log 2014-11-06 19:20 - 2014-06-20 17:16 - 00000330 _____ () C:\Windows\Tasks\GlaryInitialize.job 2014-11-06 19:20 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-06 00:52 - 2013-02-22 23:45 - 00000000 ____D () C:\Users\Raendel\.gimp-2.8 2014-11-05 21:39 - 2014-07-16 10:36 - 00000000 ____D () C:\Users\Raendel\AppData\Local\Downloaded Installations 2014-11-04 15:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-11-04 13:56 - 2013-06-11 06:33 - 00000000 ____D () C:\Windows\Minidump 2014-11-04 13:25 - 2012-11-28 23:16 - 00000000 ___HD () C:\Users\Raendel\AppData\Local\VirtualStore 2014-11-04 13:13 - 2013-04-01 16:48 - 00000000 ____D () C:\Program Files (x86)\Google 2014-10-30 18:06 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-30 18:05 - 2010-11-21 04:47 - 00343074 _____ () C:\Windows\PFRO.log 2014-10-29 20:50 - 2012-11-28 23:36 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard 2014-10-29 20:48 - 2013-02-25 19:30 - 00000000 ____D () C:\ProgramData\HP 2014-10-24 14:06 - 2013-06-24 18:59 - 00000000 ____D () C:\Program Files (x86)\Java 2014-10-24 14:05 - 2013-01-22 17:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-10-24 14:05 - 2012-12-16 14:19 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-10-24 14:05 - 2012-12-16 14:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-10-24 14:03 - 2012-12-15 20:05 - 00000000 ____D () C:\Users\Raendel\AppData\Local\Adobe 2014-10-24 09:31 - 2013-08-29 23:05 - 00001421 _____ () C:\Users\Kathi Neuneu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-10-17 13:42 - 2014-05-31 12:34 - 00000000 ____D () C:\Users\Raendel\AppData\Roaming\vlc 2014-10-17 10:47 - 2009-07-14 05:45 - 00380816 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-17 10:46 - 2014-05-07 06:30 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-16 10:59 - 2013-01-22 15:37 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-16 10:53 - 2013-08-29 21:39 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-16 10:44 - 2012-11-28 23:38 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-16 09:29 - 2013-08-30 00:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-10-14 19:07 - 2014-06-20 17:16 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 2014-10-14 19:07 - 2014-01-08 18:34 - 00000000 ____D () C:\Users\Raendel\AppData\Roaming\Spotify 2014-10-14 19:07 - 2013-11-21 19:16 - 00000000 ____D () C:\ProgramData\Norton 2014-10-14 19:07 - 2013-08-29 23:05 - 00000000 ____D () C:\Users\Kathi Neuneu 2014-10-14 19:07 - 2013-08-29 21:14 - 00000000 ____D () C:\Users\Kathi Neu 2014-10-14 19:07 - 2011-04-12 08:54 - 00000000 __RHD () C:\Users\Public\Recorded TV 2014-10-14 19:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2014-10-14 19:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-10-14 19:04 - 2014-07-16 10:44 - 00000000 ____D () C:\Users\Raendel\AppData\Roaming\Samsung 2014-10-14 19:04 - 2014-07-16 10:39 - 00000000 ____D () C:\Program Files (x86)\Samsung 2014-10-09 16:24 - 2014-07-16 11:56 - 00000000 ____D () C:\Users\Raendel\Documents\SelfMV Some content of TEMP: ==================== C:\Users\Raendel\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\Raendel\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Raendel\AppData\Local\Temp\ose00000.exe C:\Users\Raendel\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-05 00:49 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by Raendel at 2014-11-06 20:27:12
Running from C:\Users\Raendel\Saved Games\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton AntiVirus (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton AntiVirus (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AAVUpdateManager (HKLM-x32\...\{B82157D3-6D31-4650-93B4-FC39BB08D6CE}) (Version: 15.00.0000 - Akademische Arbeitsgemeinschaft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BitGuard (HKLM-x32\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version: - MediaTechSoft Inc.) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 2070 Bluetooth 2.1 + EDR (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
Canon iP4800 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series) (Version: - )
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.0.3661 - CDBurnerXP)
Easy MP3 Cutter 3.0 (HKLM-x32\...\Easy MP3 Cutter_is1) (Version: - ManiacTools.com)
EnterDigital (HKLM\...\EnterDigital) (Version: 2014.11.06.180621 - EnterDigital)
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Extended Update (HKCU\...\Digital Sites) (Version: - Extended Update) <==== ATTENTION
FastStone Image Viewer 4.8 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.8 - FastStone Soft)
File Opener Packages (HKCU\...\File Opener Packages) (Version: - ) <==== ATTENTION
FileOpener (HKLM-x32\...\Tweaks FileOpener) (Version: 1.1.1 - Tweaks)
FileZilla Client 3.7.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.7.0.2 - FileZilla Project)
Free Video Flip and Rotate version 2.1.8.628 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 2.1.8.628 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.35.514 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.35.514 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Glary Utilities 2.56.0.1822 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.56.0.1822 - Glarysoft Ltd)
GMX MediaCenter 1.3.1235.0 (HKCU\...\GMX Application {sync-000021}) (Version: 1.3.1235.0 - 1&1 Mail & Media GmbH)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
HDD Health v4.2 (HKLM-x32\...\HDD Health_is1) (Version: - )
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 6520 series - Grundlegende Software für das Gerät (HKLM\...\{97771E91-1EF5-4EAA-B19E-94901CF363AA}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 6520 series Hilfe (HKLM-x32\...\{CF29A236-2802-415A-AF44-4383892BD804}) (Version: 28.0.0 - Hewlett Packard)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
InfoBibliothek 2 (HKLM-x32\...\{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}) (Version: 1.08.03.00 - Akademische Arbeitsgemeinschaft Verlag Wolters Kluwer GmbH)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.710 - Oracle)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Mp3tag v2.54 (HKLM-x32\...\Mp3tag) (Version: v2.54 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
myphotobook.de (HKLM-x32\...\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.6.0.1047 - myphotobook GmbH)
myphotobook.de (x32 Version: 1.6.0 - myphotobook GmbH) Hidden
Nero 12 (HKLM-x32\...\{95E152CF-0EB5-4BFA-B6EE-8FC7F9601BA5}) (Version: 12.0.02900 - Nero AG)
Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.6.0.32 - Symantec Corporation)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.8.23 - Symantec Corporation)
OLYMPUS Digital Camera Updater (HKLM-x32\...\{A68C62E8-B243-4777-89BB-12173DFA1D45}) (Version: 1.0.1 - OLYMPUS IMAGING CORP.)
Paragon Backup and Recovery™ 2014 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{D691E998-CF53-4F6C-AC20-E4284660E0E7}) (Version: 2.1.6.19758 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - )
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Schroedel Arbeitsblätter (HKLM-x32\...\Schroedel Arbeitsblätter) (Version: - )
Security Task Manager 1.8d (HKLM-x32\...\Security Task Manager) (Version: 1.8d - Neuber Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Steuer-Spar-Erklärung Lehrer 2010 (HKLM-x32\...\{ED96CB56-FD5E-4883-8D2C-7D685B8688E0}) (Version: 15.16 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung Lehrer 2011 (HKLM-x32\...\{7661B93C-C34D-43C2-B23A-AAFC267EFB09}) (Version: 16.17 - Akademische Arbeitsgemeinschaft Verlag)
Studie zur Verbesserung von HP Photosmart 6520 series Produkten (HKLM\...\{A04015F2-20F7-468F-B058-57D7DA8892FC}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Welcome App (Start-up experience) (x32 Version: 12.0.15000 - Nero AG) Hidden
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414) (HKLM\...\7E38E30BB92ED94B21CF062A7386554CBA991FEB) (Version: 12/16/2009 6.2.0.9414 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WSE_Astromenda (HKLM-x32\...\WSE_Astromenda) (Version: - WSE_Astromenda) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
04-11-2014 22:27:33 Geplanter Prüfpunkt
05-11-2014 20:42:05 Installiert Paragon Backup and Recovery™ 2014 Free.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {128303DA-F33E-4617-80BF-7C103DAE0F48} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {16EE56CC-1808-41E1-9AB5-F2FBE99F5320} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-05-27] (Glarysoft Ltd)
Task: {399BE116-2C2D-4448-89FB-9E7B76B3C968} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-24] (Adobe Systems Incorporated)
Task: {4E30C165-4854-447C-9C42-A5BFCC41D973} - \BitGuard No Task File <==== ATTENTION
Task: {73A9F07C-FAD0-47A6-ACA3-08C5C73472FF} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {7DC07FEA-F97A-43B0-9B6B-2C37155F604A} - System32\Tasks\HPCustParticipation HP Photosmart 6520 series => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {8A78E796-8DEA-46B3-AB6D-E1AC5A159527} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {8EF1166E-FB47-43BE-B1F7-B5F810BA8F57} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {964579DC-BC2C-4F4C-9BAB-33BFE9256ECE} - System32\Tasks\Digital Sites => C:\Users\Raendel\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2014-11-06] () <==== ATTENTION
Task: {A0BB5E83-CAFA-4E96-8A2C-3E3F66BC71B2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {AA8FED45-9EBC-47A9-B483-44BA253A6A7A} - System32\Tasks\WSE_Astromenda => C:\Users\Raendel\AppData\Roaming\WSE_Astromenda\UpdateProc\UpdateTask.exe [2014-11-06] ()
Task: {D3DE5C39-2AC5-4371-991B-B89FDD524623} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {FF151A1B-D315-4398-951F-676936F21D2C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Raendel\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\Windows\Tasks\WSE_Astromenda.job => C:\Users\Raendel\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2014-11-04 13:15 - 2013-03-08 09:54 - 00017760 _____ () C:\Program Files (x86)\HDD Health\HDDHealthService.exe
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () E:\Programme\FileZilla FTP Client\fzshellext_64.dll
2009-12-29 13:19 - 2009-12-29 13:19 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2014-11-06 19:08 - 2014-11-06 19:08 - 00526064 _____ () C:\Program Files (x86)\EnterDigital\updateEnterDigital.exe
2014-11-06 20:13 - 2014-11-06 19:08 - 01596656 _____ () C:\Program Files (x86)\EnterDigital\EnterDigital.FirstRun.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-26 16:53 - 2013-05-26 16:53 - 00093696 _____ () E:\Programme\FileZilla FTP Client\fzshellext.dll
2014-10-15 16:25 - 2014-10-15 16:25 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-10-24 14:05 - 2014-10-24 14:05 - 16832176 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HDDHealth.lnk => C:\Windows\pss\HDDHealth.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: GMX Application {sync-000021} => "C:\Users\Raendel\AppData\Local\GMX Application {sync-000021}\gmx_mediacenter.exe" /autostart
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Raendel\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Raendel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-1657621607-3020073833-46604503-500 - Administrator - Disabled)
Gast (S-1-5-21-1657621607-3020073833-46604503-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1657621607-3020073833-46604503-1129 - Limited - Enabled)
Kathi Neu (S-1-5-21-1657621607-3020073833-46604503-1074 - Limited - Enabled) => C:\Users\Kathi Neu
Kathi Neuneu (S-1-5-21-1657621607-3020073833-46604503-1075 - Limited - Enabled) => C:\Users\Kathi Neuneu
Raendel (S-1-5-21-1657621607-3020073833-46604503-1000 - Administrator - Enabled) => C:\Users\Raendel
==================== Faulty Device Manager Devices =============
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/06/2014 08:12:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.0.0.5397, Zeitstempel: 0x543924b1
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.0.0.5397, Zeitstempel: 0x5438ffbb
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x4d4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (11/06/2014 07:20:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/06/2014 05:37:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Check OnIdentifyError" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070057, Falscher Parameter.
.
Vorgang:
PrepareForBackup-Ereignis
Kontext:
Ausführungskontext: ASR Writer
Ausführungskontext: Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {39753715-0a3c-4706-968d-570164164d11}
Fehlerspezifische
Details:
ASR Writer: Falscher Parameter. (0x80070057)
Error: (11/06/2014 05:34:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "IVssAsrWriterBackup::GetDiskComponents" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070057, Falscher Parameter.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: ASR Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {39753715-0a3c-4706-968d-570164164d11}
Error: (11/06/2014 05:20:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "IVssAsrWriterBackup::GetDiskComponents" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070057, Falscher Parameter.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: ASR Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {d048902d-45e7-4495-a467-0fc971298ee5}
Error: (11/06/2014 05:20:12 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "IVssAsrWriterBackup::GetDiskComponents" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070057, Falscher Parameter.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: ASR Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {d048902d-45e7-4495-a467-0fc971298ee5}
Error: (11/06/2014 05:19:23 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "IVssAsrWriterBackup::GetDiskComponents" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070057, Falscher Parameter.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: ASR Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {d048902d-45e7-4495-a467-0fc971298ee5}
Error: (11/06/2014 05:18:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/06/2014 07:27:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/06/2014 07:24:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31341
System errors:
=============
Error: (11/06/2014 07:20:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search Protect Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/06/2014 07:20:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/06/2014 07:20:04 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{bc296843-38e6-11e2-929a-806e6f6e6963}" können nicht gelesen werden.
Error: (11/06/2014 07:19:58 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 06.11.2014 um 19:12:15 unerwartet heruntergefahren.
Error: (11/06/2014 07:13:37 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (11/06/2014 07:13:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Modules Installer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (11/06/2014 07:13:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Modules Installer erreicht.
Error: (11/06/2014 07:13:35 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED}
Error: (11/06/2014 05:17:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search Protect Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/06/2014 05:17:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (11/06/2014 08:12:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.0.0.5397543924b1mozalloc.dll33.0.0.53975438ffbb80000003000014254d401cff9f4a5770614C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlle396fbef-65e8-11e4-a4ed-70f395671c47
Error: (11/06/2014 07:20:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/06/2014 05:37:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Check OnIdentifyError0x80070057, Falscher Parameter.
Vorgang:
PrepareForBackup-Ereignis
Kontext:
Ausführungskontext: ASR Writer
Ausführungskontext: Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {39753715-0a3c-4706-968d-570164164d11}
Fehlerspezifische
Details:
ASR Writer: Falscher Parameter. (0x80070057)
Error: (11/06/2014 05:34:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: IVssAsrWriterBackup::GetDiskComponents0x80070057, Falscher Parameter.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: ASR Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {39753715-0a3c-4706-968d-570164164d11}
Error: (11/06/2014 05:20:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: IVssAsrWriterBackup::GetDiskComponents0x80070057, Falscher Parameter.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: ASR Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {d048902d-45e7-4495-a467-0fc971298ee5}
Error: (11/06/2014 05:20:12 PM) (Source: VSS) (EventID: 8193) (User: )
Description: IVssAsrWriterBackup::GetDiskComponents0x80070057, Falscher Parameter.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: ASR Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {d048902d-45e7-4495-a467-0fc971298ee5}
Error: (11/06/2014 05:19:23 PM) (Source: VSS) (EventID: 8193) (User: )
Description: IVssAsrWriterBackup::GetDiskComponents0x80070057, Falscher Parameter.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: ASR Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {d048902d-45e7-4495-a467-0fc971298ee5}
Error: (11/06/2014 05:18:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/06/2014 07:27:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/06/2014 07:24:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31341
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz
Percentage of memory in use: 48%
Total physical RAM: 3996.27 MB
Available physical RAM: 2057.79 MB
Total Pagefile: 7990.71 MB
Available Pagefile: 5969.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:78.03 GB) (Free:12.76 GB) NTFS
Drive e: (Daten_Linux_Win) (Fixed) (Total:811.37 GB) (Free:504.82 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0004CB02)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=78 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=853.4 GB) - (Type=OF Extended)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-06 21:02:49
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000LM024_HN-M101MBB rev.2AR10002 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Raendel\AppData\Local\Temp\awpcapog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\HDD Health\hddhealth.exe[2468] C:\Windows\SysWOW64\ntdll.dll!LdrAccessResource 0000000077631fc0 5 bytes JMP 0000000100518940
.text C:\Program Files (x86)\HDD Health\hddhealth.exe[2468] C:\Windows\SysWOW64\ntdll.dll!LdrFindResource_U 0000000077631fdd 5 bytes JMP 00000001005188b0
.text C:\Program Files (x86)\HDD Health\hddhealth.exe[2468] C:\Windows\syswow64\KERNELBASE.dll!LoadStringA 0000000075fc4b4e 5 bytes JMP 00000001005187c0
.text C:\Program Files (x86)\HDD Health\hddhealth.exe[2468] C:\Windows\syswow64\KERNELBASE.dll!LoadStringW 0000000075fc4bbb 5 bytes JMP 0000000100518850
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750c1465 2 bytes [0C, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750c14bb 2 bytes [0C, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [1832:1904] 000007fef8743438
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f395671c47
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f395671c47@fcc7345cbb5d 0xA2 0xD4 0x58 0x08 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f395671c47@000c8ab64fbf 0x5A 0x40 0x61 0x27 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f395671c47 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f395671c47@fcc7345cbb5d 0xA2 0xD4 0x58 0x08 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f395671c47@000c8ab64fbf 0x5A 0x40 0x61 0x27 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Raendel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paragon Backup and Recovery\x2122 2014 Free\Paragon Recovery Media Builder\x2122.lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup and Recovery\x2122 2014 Free\Paragon Recovery Media Builder\x2122.lnk 1
---- EOF - GMER 2.1 ----
Code:
ATTFilter Scan-Informationen:
Version der Virendefinitionen: 2014.11.05.035
Sequ.-ID der Virendefinitionen: 158682
Scanstatistiken:
Scanstart:
Lokal: 06.11.2014 21:03
UTC: 06.11.2014 20:03
Scanzeit: 8.026 Sekunden
Scanziele: Gesamter Computer
Zähler:
Gescannte Elemente insgesamt: 768.548
– Dateien und Laufwerke: 765.950
– Registrierungseinträge: 521
– Prozesse und Elemente beim Start: 1.478
– Netzwerk- und Browser-Elemente: 591
– Sonstiges: 4
– Vertrauenswürdige Dateien: 14.517
– Übersprungene Dateien: 20.066
Erkannte Sicherheitsrisiken insgesamt: 3
Behobene Elemente insgesamt: 1
Elemente insgesamt, die Aufmerksamkeit erfordern: 2
Behobene Bedrohungen:
Trojan.Zbot
Typ: Komprimiert
Risiko: Hoch (Hoch Verbergen, Hoch Entfernen, Hoch Leistung, Hoch Datenschutz)
Kategorien: Virus
Status: Vollst. behoben
-----------
1 Datei
- Gelöscht
Nicht behobene Bedrohungen:
Astromenda
Typ: Anomalie
Risiko: Gering (Gering Verbergen, Gering Entfernen, Gering Leistung, Gering Datenschutz)
Kategorien: Sicherheitsrisiko
Status: Kein Versuch
-----------
1 Datei
c:\program files (x86)\wse_astromenda\uninstall.exe - Keine Aktion unternommen
1 Browser-Cache
SAPE.Downloader.326
Typ: Anomalie
Risiko: Gering (Gering Verbergen, Gering Entfernen, Gering Leistung, Gering Datenschutz)
Kategorien: Adware
Status: Kein Versuch
-----------
1 Datei
c:\users\raendel\downloads\vlc media player 32 bit - chip-installer.exe - Keine Aktion unternommen
1 Browser-Cache
 Vielen Dank im Voraus für alle, die Zeit und Mühe für mein Problem opfern! Katwell |
| Themen zu Windows 7 - PC stürzt ab und startet unzuverlässig: Meldung "Non-System disk or disk error..."; Trojaner/Viren oder mechanisches Problem? |
| bitguard entfernen, bluescreen 0x00000109, device driver, dvdvideosoft ltd., extended update entfernen, fehlercode 0x80000003, fehlercode 0x80070057, fehlercode 28, fehlercode 6c9ac2a4, fehlercode windows, file opener packages entfernen, fährt nicht richtig hoch, install.exe, installmanager.exe, launch, non-system disk or disk error, pup.bprotector, pup.optional.babylon.a, pup.optional.bprotector.a, pup.optional.conduitsearchprotect, pup.optional.datamangr.a, pup.optional.datamngr.a, pup.optional.delta.a, pup.optional.freemakeconverter.a, pup.optional.searchprotect.a, pup.optional.softonic.a, pup.optional.trovi.a, spotify web helper, this device cannot start. (code10), trojan.zbot, wscript, wse_astromenda entfernen |
Baum-Darstellung