![]() |
|
Log-Analyse und Auswertung: Windows 8.1 trojaner roll aroundWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Windows 8.1 trojaner roll around Guten Abend, ich habe mir den Trojaner Roll Around eingefangen. Habe einen Viren-Scan mit Norton 360 gemacht.(logfile im Anhang da es zu lang ist). Ich hoffe das es das richtige ist. Und unter "Programme deinstallieren" ist mir das Programm "Roll around" aufgefallen. Dieses habe ich dann deinstalliert. Und ihre Anleitung zum erstellen eines Beitrags befolgt, nachdem die Werbung immer noch auftaucht. DEFFOGGER Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 18:25 on 20/02/2015 (Lukas) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST (Anhang) ADDITIONS Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2015 01 Ran by Lukas at 2015-02-20 18:28:00 Running from C:\Users\Lukas\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton 360 Online (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton 360 Online (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton 360 Online (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon) Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 11.0 - CyberLink Corp.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP) Dell Product Registration (HKLM-x32\...\{17FFE63C-6734-4950-B488-134B5A2505F7}) (Version: 2.04.0280 - Aviata Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.13.51 - Synaptics Incorporated) Dell Update (HKLM-x32\...\{D9D0E75C-F791-402A-98E2-A2F43E7B0CE3}) (Version: 1.1.1054.0 - Dell Inc.) Dotfuscator Software Services - Community Edition - DEU (HKLM-x32\...\{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}) (Version: 5.0.2300.0 - PreEmptive Solutions) Dotfuscator Software Services - Community Edition (HKLM-x32\...\{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}) (Version: 5.0.2300.0 - PreEmptive Solutions) Dropbox (HKU\S-1-5-21-4028411290-823542562-2413620644-1002\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.) Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation) Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1414.3) (HKLM\...\{302600C1-6BDF-4FD1-1403-148929CC1385}) (Version: 17.0.1403.0442 - Intel Corporation) Intel(R) Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1056 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation) Intel(R) Smart Connect Technology (HKLM\...\{DE8D0889-37AF-4637-9417-BDFB2107F7EE}) (Version: 4.2.41.2549 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{57d6e5ea-c77c-4697-a9bb-e6048883e7ae}) (Version: 17.0.1 - Intel Corporation) Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft ASP.NET MVC 2 - DEU (HKLM-x32\...\{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}) (Version: 2.0.50331.0 - Microsoft Corporation) Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU (HKLM-x32\...\{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}) (Version: 2.0.50331.0 - Microsoft Corporation) Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation) Microsoft ASP.NET MVC 2 (HKLM-x32\...\{1803A630-3C38-4D2B-9B9A-0CB37243539C}) (Version: 2.0.50217.0 - Microsoft Corporation) Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40818.0 - Microsoft Corporation) Microsoft Silverlight 3 SDK - Deutsch (HKLM-x32\...\{91F54E1D-804A-46D8-A56C-53EA9C4B3177}) (Version: 3.0.40818.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Team Foundation Server 2010-Objektmodell - DEU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - DEU) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 (HKLM-x32\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual F# 2.0 Runtime Language Pack - DEU (HKLM-x32\...\{681F4E9F-34E0-36BD-BF2C-100554E403A5}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio 2010 Ultimate - DEU (HKLM-x32\...\Microsoft Visual Studio 2010 Ultimate - DEU) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio Macro Tools - DEU Language Pack (HKLM-x32\...\Microsoft Visual Studio Macro Tools - DEU Language Pack) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation) My Dell Client Framework (HKLM-x32\...\InstallShield_{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell) My Dell Client Framework (x32 Version: 1.0.0.3 - Dell) Hidden Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation) NVIDIA 3D Vision Treiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation) NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation) NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.15 - Dell Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.) Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.) SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden SolidWorks 2014 x64 Edition SP02 (HKLM-x32\...\SolidWorks Installation Manager 20140-40200-1100-100) (Version: 22.2.0.40 - SolidWorks Corporation) SolidWorks 2014 x64 Edition SP02 (Version: 22.120.40 - SolidWorks) Hidden SolidWorks 2014 x64 German Resources (Version: 22.120.40 - SolidWorks Corporation) Hidden SolidWorks Composer Player 2014 SP02 x64 Edition (Version: 22.20.40 - Dassault Systemes SolidWorks) Hidden SolidWorks eDrawings 2014 x64 Edition SP02 (Version: 14.2.116 - Dassault Systèmes SolidWorks Corp) Hidden Visual Studio 2010 Prerequisites - English (HKLM\...\{53952792-BF16-300E-ADF2-E7E4367E00CF}) (Version: 10.0.30319 - Microsoft Corporation) Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation) WebWeaver® Desktop 6 (HKLM-x32\...\{93B1F463-12CE-4F94-8AC8-939BC361FBB4}_is1) (Version: - DigiOnline GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-4028411290-823542562-2413620644-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lukas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4028411290-823542562-2413620644-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-4028411290-823542562-2413620644-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lukas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4028411290-823542562-2413620644-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lukas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4028411290-823542562-2413620644-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lukas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4028411290-823542562-2413620644-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lukas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4028411290-823542562-2413620644-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lukas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4028411290-823542562-2413620644-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lukas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4028411290-823542562-2413620644-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lukas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4028411290-823542562-2413620644-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lukas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 14-02-2015 16:37:09 Windows Update 16-02-2015 18:26:17 Installiert ParaWorld 19-02-2015 17:06:47 Removed VMLite Workstation 20-02-2015 17:09:53 Entfernt ParaWorld ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {19C986E0-ABF8-4618-A099-54E70D8B3ED7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation) Task: {3BAC3B7C-80FB-4649-8CE7-5CF151BD5DB9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-14] (Microsoft Corporation) Task: {4B699DF1-CB06-466A-8CBA-9C3A259CDBD1} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation) Task: {4B7E3E67-86B1-4D39-908F-1DDEE9BE6CB4} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc) Task: {4C795008-8B79-47EC-A446-DD392AC3B86D} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc) Task: {8B2C366B-3769-4CC7-8326-B2DA887FC040} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation) Task: {91D11ACA-41BD-431C-B53D-8D5DE9A7699A} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation) Task: {9DCD7945-84B5-4131-9549-840162064BF5} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-02-03] (PC-Doctor, Inc.) Task: {A4EDD163-3F20-421D-B3D5-134B4FD8491E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-24] (Google Inc.) Task: {AEE144CE-6BC0-4CF9-96F0-5ACF5C8CE50D} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink) Task: {BDBBF327-202B-4531-8A26-BD57B4BFCDBE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-01-23] (Microsoft Corporation) Task: {C1CE8AA9-1FD5-471F-8B8C-ABBC39E8AAD0} - System32\Tasks\Microsoft Office 15 Sync Maintenance for LUKASPC-Lukas LukasPC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-01-23] (Microsoft Corporation) Task: {CEFD255E-72C6-4BAF-8E57-AAAC79A7A87E} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.) Task: {CF1AE1F9-9E6F-4947-BB7D-A70D64EAC982} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {D3C131F1-ECE0-425C-935C-9A3DDC88115F} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {DD631E10-3FE6-42C5-AD5B-1C484D56BC23} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-01-23] (Microsoft Corporation) Task: {E6914618-0C6D-424C-A9DD-89B5F2A02C3A} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-02-03] (PC-Doctor, Inc.) Task: {EDE6A192-752C-4EEB-AB1D-393684214E14} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-24] (Google Inc.) Task: {F0C70E9A-BF3C-4BF0-8469-4CF9B41A3B4B} - System32\Tasks\Intel(R) Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2013-09-09] (Intel) Task: {F2ACA596-D19B-43D3-8173-C6E42C2E611C} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {F633816B-B8DB-4F58-8841-C2E3A80622EC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-01-23] (Microsoft Corporation) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-10-27 13:03 - 2015-02-05 22:01 - 00012104 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2014-10-27 13:03 - 2015-02-05 20:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-01-23 21:54 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-10-03 18:30 - 2013-10-03 18:30 - 00198120 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe 2013-10-03 18:30 - 2013-10-03 18:30 - 00054760 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll 2013-10-03 18:30 - 2013-10-03 18:30 - 00034792 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll 2014-01-10 14:53 - 2014-01-10 14:53 - 00016384 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Interfaces.dll 2014-01-10 14:53 - 2014-01-10 14:53 - 00081408 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Objects.dll 2014-01-10 14:53 - 2014-01-10 14:53 - 00815616 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Resources.dll 2014-01-10 15:24 - 2014-01-10 15:24 - 00052736 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Plugins.SelfUpdate.dll 2014-01-10 15:24 - 2014-01-10 15:24 - 00019968 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Common.dll 2014-10-27 13:15 - 2014-06-04 15:02 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll 2014-10-27 13:15 - 2014-06-04 15:02 - 00019744 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll 2014-10-27 13:15 - 2014-06-04 15:03 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll 2014-01-11 20:06 - 2014-01-11 20:06 - 00276008 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\sldBodyDiffu.dll 2014-10-27 13:15 - 2014-07-02 21:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe 2015-01-23 21:46 - 2015-01-23 21:46 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll 2014-10-27 13:03 - 2015-02-05 22:01 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2015-01-24 14:44 - 2013-03-05 04:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-03-05 11:41 - 2013-03-05 11:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2014-10-27 13:01 - 2013-09-04 01:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2014-10-27 13:15 - 2014-07-30 17:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll 2014-10-27 13:15 - 2012-11-25 23:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll 2014-10-27 13:14 - 2012-11-25 23:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll 2015-02-20 11:38 - 2015-02-17 23:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll 2015-02-20 11:38 - 2015-02-17 23:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll 2015-02-20 11:38 - 2015-02-17 23:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll 2015-02-20 11:38 - 2015-02-17 23:44 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Lukas\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4028411290-823542562-2413620644-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4028411290-823542562-2413620644-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_B6C7B4C7C18B76F63DA55B9EF3CCA3DA" ==================== Accounts: ============================= Administrator (S-1-5-21-4028411290-823542562-2413620644-500 - Administrator - Disabled) Gast (S-1-5-21-4028411290-823542562-2413620644-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4028411290-823542562-2413620644-1004 - Limited - Enabled) Lukas (S-1-5-21-4028411290-823542562-2413620644-1002 - Administrator - Enabled) => C:\Users\Lukas ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/20/2015 05:05:42 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: LUKASPC) Description: There was an error communicating to the Orion inference server Error: (02/20/2015 05:05:42 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT-AUTORITÄT) Description: There was an error communicating to the Orion inference server Error: (02/20/2015 04:46:26 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (02/20/2015 04:40:29 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (02/19/2015 06:30:51 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 40.0.2214.111, Zeitstempel: 0x54d1cb7f Name des fehlerhaften Moduls: chrome.dll, Version: 40.0.2214.111, Zeitstempel: 0x54d1c75d Ausnahmecode: 0xc0000005 Fehleroffset: 0x00d48c91 ID des fehlerhaften Prozesses: 0x1244 Startzeit der fehlerhaften Anwendung: 0xchrome.exe0 Pfad der fehlerhaften Anwendung: chrome.exe1 Pfad des fehlerhaften Moduls: chrome.exe2 Berichtskennung: chrome.exe3 Vollständiger Name des fehlerhaften Pakets: chrome.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: chrome.exe5 Error: (02/19/2015 06:15:43 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1b70 Startzeit: 01d04c66f96049f8 Endzeit: 4294967295 Anwendungspfad: C:\Windows\syswow64\wwahost.exe Berichts-ID: edd99152-b85a-11e4-8264-80193449a0ab Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App Error: (02/19/2015 06:15:42 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b08 Startzeit: 01d04c66f95ffbca Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: ed39637a-b85a-11e4-8264-80193449a0ab Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (02/19/2015 05:56:13 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (02/19/2015 05:50:27 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: PWClient.exe, Version: 1.0.0.1, Zeitstempel: 0x45b0c9b7 Name des fehlerhaften Moduls: PWClient.exe, Version: 1.0.0.1, Zeitstempel: 0x45b0c9b7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0012eae3 ID des fehlerhaften Prozesses: 0x27b8 Startzeit der fehlerhaften Anwendung: 0xPWClient.exe0 Pfad der fehlerhaften Anwendung: PWClient.exe1 Pfad des fehlerhaften Moduls: PWClient.exe2 Berichtskennung: PWClient.exe3 Vollständiger Name des fehlerhaften Pakets: PWClient.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PWClient.exe5 Error: (02/19/2015 01:33:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Dragon.exe, Version: 1.0.0.0, Zeitstempel: 0x545d1f74 Name des fehlerhaften Moduls: DragonNative.dll, Version: 0.0.0.0, Zeitstempel: 0x545d1f2d Ausnahmecode: 0xc0000005 Fehleroffset: 0x00420da2 ID des fehlerhaften Prozesses: 0x18bc Startzeit der fehlerhaften Anwendung: 0xDragon.exe0 Pfad der fehlerhaften Anwendung: Dragon.exe1 Pfad des fehlerhaften Moduls: Dragon.exe2 Berichtskennung: Dragon.exe3 Vollständiger Name des fehlerhaften Pakets: Dragon.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Dragon.exe5 System errors: ============= Error: (02/20/2015 06:05:34 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "LUKAS-PC", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{A71962BF-44AE-403C-8311-9BF426603924}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (02/20/2015 05:17:36 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "LUKAS-PC", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{A71962BF-44AE-403C-8311-9BF426603924}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (02/20/2015 05:05:39 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "LUKAS-PC", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{A71962BF-44AE-403C-8311-9BF426603924}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (02/20/2015 05:04:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: %%1062 Error: (02/20/2015 05:01:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Server" wurde mit folgendem Fehler beendet: %%1115 Error: (02/20/2015 05:01:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Bluetooth-Unterstützungsdienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (02/20/2015 05:01:27 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "bthserv" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (02/20/2015 05:01:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SSDP-Suche" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (02/20/2015 05:01:27 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "SSDPSRV" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (02/20/2015 03:41:34 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "LUKAS-PC", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{A71962BF-44AE-403C-8311-9BF426603924}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Microsoft Office Sessions: ========================= Error: (02/20/2015 05:05:42 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: LUKASPC) Description: -2143485936 Error: (02/20/2015 05:05:42 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT-AUTORITÄT) Description: -2143485936 Error: (02/20/2015 04:46:26 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\Remote Debugger\ia64\msvsmon.exe Error: (02/20/2015 04:40:29 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\Remote Debugger\ia64\msvsmon.exe Error: (02/19/2015 06:30:51 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: chrome.exe40.0.2214.11154d1cb7fchrome.dll40.0.2214.11154d1c75dc000000500d48c91124401d04c6526055a0fC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome.dll0c7119f4-b85d-11e4-8264-80193449a0ab Error: (02/19/2015 06:15:43 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: wwahost.exe6.3.9600.170311b7001d04c66f96049f84294967295C:\Windows\syswow64\wwahost.exeedd99152-b85a-11e4-8264-80193449a0abMicrosoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp Error: (02/19/2015 06:15:42 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: LiveComm.exe17.5.9600.20689b0801d04c66f95ffbca4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exeed39637a-b85a-11e4-8264-80193449a0abmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (02/19/2015 05:56:13 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (02/19/2015 05:50:27 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: PWClient.exe1.0.0.145b0c9b7PWClient.exe1.0.0.145b0c9b7c00000050012eae327b801d04c61cf88c56bC:\Program Files (x86)\Sunflowers\ParaWorld\bin\PWClient.exeC:\Program Files (x86)\Sunflowers\ParaWorld\bin\PWClient.exe6739e65f-b857-11e4-8263-80193449a0ab Error: (02/19/2015 01:33:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Dragon.exe1.0.0.0545d1f74DragonNative.dll0.0.0.0545d1f2dc000000500420da218bc01d04bb6cb39086fC:\Program Files\WindowsApps\ArelloMobile.DragonRevenge_1.1.0.0_x86__c6nyd5cf8dkgm\Dragon.exeC:\Program Files\WindowsApps\ArelloMobile.DragonRevenge_1.1.0.0_x86__c6nyd5cf8dkgm\DragonNative.dll7646ee37-b833-11e4-8263-80193449a0abArelloMobile.DragonRevenge_1.1.0.0_x86__c6nyd5cf8dkgmApp CodeIntegrity Errors: =================================== Date: 2015-01-23 20:27:42.130 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz Percentage of memory in use: 23% Total physical RAM: 16282.57 MB Available physical RAM: 12508.34 MB Total Pagefile: 32666.57 MB Available Pagefile: 28610.11 MB Total Virtual: 131072 MB Available Virtual: 131071.8 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:913.71 GB) (Free:763.41 GB) NTFS Drive e: (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32 Drive x: (PBR Image) (Fixed) (Total:8.42 GB) (Free:0.73 GB) NTFS Drive y: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.3 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 24A90C73) Partition: GPT Partition Type. ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-02-20 18:39:46 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002f ST1000LM014-1EJ164 rev.DEMA 931,51GB Running: Gmer-19357.exe; Driver: C:\Users\Lukas\AppData\Local\Temp\fxldapow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffabbee28c0 7 bytes JMP 00007ffbbb330260 .text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffabbee43d8 7 bytes JMP 00007ffbbb330298 .text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffabbf91f20 7 bytes JMP 00007ffbbb330308 .text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffabbf940b4 7 bytes JMP 00007ffbbb330340 .text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffabbf94510 7 bytes JMP 00007ffbbb3302d0 .text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffabbfbcea0 7 bytes JMP 00007ffbbb3301f0 .text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffabbfbcf10 7 bytes JMP 00007ffbbb330228 .text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffabb34299c 7 bytes JMP 00007ffbbb3300d8 .text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffabb3454c8 5 bytes JMP 00007ffbbb330180 .text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffabb3455b0 5 bytes JMP 00007ffbbb330148 .text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffabb345e58 5 bytes JMP 00007ffbbb330110 .text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffabb3b6200 5 bytes JMP 00007ffbbb3301b8 .text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffabb837834 10 bytes JMP 00007ffbbb330420 .text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffabb83b4d0 5 bytes JMP 00007ffbbb3303b0 .text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffabb83c6d8 5 bytes JMP 00007ffbbb3303e8 .text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffabb83c8fc 5 bytes JMP 00007ffbbb330458 .text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffabb83e39c 9 bytes JMP 00007ffbbb330378 .text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffabb9b1500 1 byte JMP 00007ffbbb330490 .text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffabb9b1502 6 bytes {JMP 0xffffffffff97ef90} .text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffabb9b1750 8 bytes JMP 00007ffbbb3304c8 .text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 00007ffab8be7a88 5 bytes JMP 00007ffbb8ad0110 .text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 00007ffab8bf4990 5 bytes JMP 00007ffbb8ad00d8 .text C:\Windows\system32\nvvsvc.exe[388] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffabbd3169a 4 bytes [D3, BB, FA, 7F] .text C:\Windows\system32\nvvsvc.exe[388] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffabbd316a2 4 bytes [D3, BB, FA, 7F] .text C:\Windows\system32\nvvsvc.exe[388] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffabbd3181a 4 bytes [D3, BB, FA, 7F] .text C:\Windows\system32\nvvsvc.exe[388] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffabbd31832 4 bytes [D3, BB, FA, 7F] .text C:\Windows\system32\WLANExt.exe[1400] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffabbd3169a 4 bytes [D3, BB, FA, 7F] .text C:\Windows\system32\WLANExt.exe[1400] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffabbd316a2 4 bytes [D3, BB, FA, 7F] .text C:\Windows\system32\WLANExt.exe[1400] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffabbd3181a 4 bytes [D3, BB, FA, 7F] .text C:\Windows\system32\WLANExt.exe[1400] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffabbd31832 4 bytes [D3, BB, FA, 7F] .text C:\Windows\System32\spoolsv.exe[1504] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffabbd3169a 4 bytes [D3, BB, FA, 7F] .text C:\Windows\System32\spoolsv.exe[1504] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffabbd316a2 4 bytes [D3, BB, FA, 7F] .text C:\Windows\System32\spoolsv.exe[1504] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffabbd3181a 4 bytes [D3, BB, FA, 7F] .text C:\Windows\System32\spoolsv.exe[1504] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffabbd31832 4 bytes [D3, BB, FA, 7F] .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1688] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffabbd3169a 4 bytes [D3, BB, FA, 7F] .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1688] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffabbd316a2 4 bytes [D3, BB, FA, 7F] .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1688] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffabbd3181a 4 bytes [D3, BB, FA, 7F] .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1688] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffabbd31832 4 bytes [D3, BB, FA, 7F] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1728] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffabbd3169a 4 bytes [D3, BB, FA, 7F] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1728] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffabbd316a2 4 bytes [D3, BB, FA, 7F] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1728] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffabbd3181a 4 bytes [D3, BB, FA, 7F] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1728] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffabbd31832 4 bytes [D3, BB, FA, 7F] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1728] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffab07d1f6a 4 bytes [7D, B0, FA, 7F] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1728] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffab07d1f82 4 bytes [7D, B0, FA, 7F] .text c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2032] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffabbd3169a 4 bytes [D3, BB, FA, 7F] .text c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2032] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffabbd316a2 4 bytes [D3, BB, FA, 7F] .text c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2032] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffabbd3181a 4 bytes [D3, BB, FA, 7F] .text c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2032] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffabbd31832 4 bytes [D3, BB, FA, 7F] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2172] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffabbd3169a 4 bytes [D3, BB, FA, 7F] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2172] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffabbd316a2 4 bytes [D3, BB, FA, 7F] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2172] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffabbd3181a 4 bytes [D3, BB, FA, 7F] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2172] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffabbd31832 4 bytes [D3, BB, FA, 7F] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2232] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffabbd3169a 4 bytes [D3, BB, FA, 7F] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2232] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffabbd316a2 4 bytes [D3, BB, FA, 7F] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2232] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffabbd3181a 4 bytes [D3, BB, FA, 7F] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2232] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffabbd31832 4 bytes [D3, BB, FA, 7F] .text C:\Windows\system32\wbem\wmiprvse.exe[2600] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffabbd3169a 4 bytes [D3, BB, FA, 7F] .text C:\Windows\system32\wbem\wmiprvse.exe[2600] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffabbd316a2 4 bytes [D3, BB, FA, 7F] .text C:\Windows\system32\wbem\wmiprvse.exe[2600] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffabbd3181a 4 bytes [D3, BB, FA, 7F] .text C:\Windows\system32\wbem\wmiprvse.exe[2600] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffabbd31832 4 bytes [D3, BB, FA, 7F] .text C:\Windows\Explorer.EXE[2064] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffabbd3169a 4 bytes [D3, BB, FA, 7F] .text C:\Windows\Explorer.EXE[2064] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffabbd316a2 4 bytes [D3, BB, FA, 7F] .text C:\Windows\Explorer.EXE[2064] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffabbd3181a 4 bytes [D3, BB, FA, 7F] .text C:\Windows\Explorer.EXE[2064] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffabbd31832 4 bytes [D3, BB, FA, 7F] .text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffab07d1f6a 4 bytes [7D, B0, FA, 7F] .text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffab07d1f82 4 bytes [7D, B0, FA, 7F] .text C:\Program Files\Dell\QuickSet\quickset.exe[5152] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffabbd3169a 4 bytes [D3, BB, FA, 7F] .text C:\Program Files\Dell\QuickSet\quickset.exe[5152] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffabbd316a2 4 bytes [D3, BB, FA, 7F] .text C:\Program Files\Dell\QuickSet\quickset.exe[5152] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffabbd3181a 4 bytes [D3, BB, FA, 7F] .text C:\Program Files\Dell\QuickSet\quickset.exe[5152] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffabbd31832 4 bytes [D3, BB, FA, 7F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5208] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffabbd3169a 4 bytes [D3, BB, FA, 7F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5208] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffabbd316a2 4 bytes [D3, BB, FA, 7F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5208] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffabbd3181a 4 bytes [D3, BB, FA, 7F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5208] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffabbd31832 4 bytes [D3, BB, FA, 7F] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5352] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffabbd3169a 4 bytes [D3, BB, FA, 7F] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5352] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffabbd316a2 4 bytes [D3, BB, FA, 7F] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5352] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffabbd3181a 4 bytes [D3, BB, FA, 7F] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5352] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffabbd31832 4 bytes [D3, BB, FA, 7F] .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[5480] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffabbd3169a 4 bytes [D3, BB, FA, 7F] .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[5480] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffabbd316a2 4 bytes [D3, BB, FA, 7F] .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[5480] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffabbd3181a 4 bytes [D3, BB, FA, 7F] .text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[5480] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffabbd31832 4 bytes [D3, BB, FA, 7F] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [572:588] fffff960008bfb90 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- C:\User\Lukas\ntuser.dat: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. C:\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. Zum Schluss wurde aber angezeigt, das der Scan erfolgreich war. Ich hoffe Sie können mir weiterhelfen. Gruss Luggi991 |
Themen zu Windows 8.1 trojaner roll around |
.dll, adware, computer, cpu, defender, desktop, error, fehler, geforce, helper, installation, livecomm.exe, logfile, object, office 365, onedrive, programme, roll around, security, server, software, suche, symantec, treiber, trojaner, updates, wallpaper, werbung, windows, windowsapps |