| HeIIscream | 26.01.2015 16:24 |
Windwos 7: Norton meldet sich ca. jede Minute mit "system infected: trojan.ransomlock.g"
Hallo,
Seit ca. heute 15:00 meldet sich Norton jede Minute mit "Norton blocked an attack by: system infected: trojan.ransomlock.g" dabei verweist es auf RUNDLL32.EXE.
Ich hoffe mir kann geholfen werden.
Hier ist die FRST.txt
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Ichigo (administrator) on KOTUSBATZENUS on 26-01-2015 16:17:02
Running from C:\Users\Ichigo\Desktop
Loaded Profiles: Ichigo (Available profiles: Ichigo)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
() C:\Windows\System32\PnkBstrA.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
HKU\S-1-5-21-4292975843-3534779336-3389375436-1000\...\RunOnce: [Adobe Speed Launcher] => 1422268710
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-27] (Microsoft Corporation)
Startup: C:\Users\Ichigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3045374A6.lnk
ShortcutTarget: 3045374A6.lnk -> C:\ProgramData\6A4735403.cpp ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-4292975843-3534779336-3389375436-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gws_rd=ssl
HKU\S-1-5-21-4292975843-3534779336-3389375436-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-4292975843-3534779336-3389375436-1000 -> DefaultScope {17AB8AFC-F08B-47D9-8D4A-D13AB4543607} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4292975843-3534779336-3389375436-1000 -> {17AB8AFC-F08B-47D9-8D4A-D13AB4543607} URL = https://www.google.com/search?q={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Ichigo\AppData\Roaming\Mozilla\Firefox\Profiles\oz4wnkgw.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> D:\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4292975843-3534779336-3389375436-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: YouTube Unblocker - C:\Users\Ichigo\AppData\Roaming\Mozilla\Firefox\Profiles\oz4wnkgw.default\Extensions\youtubeunblocker@unblocker.yt [2014-11-28]
FF Extension: CanvasBlocker - C:\Users\Ichigo\AppData\Roaming\Mozilla\Firefox\Profiles\oz4wnkgw.default\Extensions\CanvasBlocker@kkapsner.de.xpi [2014-12-01]
FF Extension: NoScript - C:\Users\Ichigo\AppData\Roaming\Mozilla\Firefox\Profiles\oz4wnkgw.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-28]
FF Extension: {b176891a-c35b-4f93-b8b8-f37edf3550e7} - C:\Users\Ichigo\AppData\Roaming\Mozilla\Firefox\Profiles\oz4wnkgw.default\Extensions\{b176891a-c35b-4f93-b8b8-f37edf3550e7}.xpi [2014-11-29]
FF Extension: Adblock Edge - C:\Users\Ichigo\AppData\Roaming\Mozilla\Firefox\Profiles\oz4wnkgw.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-12-24]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2015-01-26]
Chrome:
=======
CHR Profile: C:\Users\Ichigo\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Ichigo\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Präsentationen) - C:\Users\Ichigo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-15]
CHR Extension: (Google Docs) - C:\Users\Ichigo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-15]
CHR Extension: (Google Drive) - C:\Users\Ichigo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ichigo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-15]
CHR Extension: (YouTube) - C:\Users\Ichigo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-15]
CHR Extension: (Google-Suche) - C:\Users\Ichigo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-15]
CHR Extension: (Google Tabellen) - C:\Users\Ichigo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-15]
CHR Extension: (AdBlock) - C:\Users\Ichigo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-15]
CHR Extension: (ScriptBlock) - C:\Users\Ichigo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba [2015-01-15]
CHR Extension: (FVD Downloader) - C:\Users\Ichigo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2015-01-15]
CHR Extension: (Norton Security Toolbar) - C:\Users\Ichigo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-01-15]
CHR Extension: (Google Wallet) - C:\Users\Ichigo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-15]
CHR Extension: (Google Mail) - C:\Users\Ichigo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-15]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-11-28]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-11-28]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [116224 2014-11-20] (Advanced Micro Devices) [File not signed]
S3 ArcService; D:\Arc\ArcService.exe [88400 2014-12-17] (Perfect World Entertainment Inc)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [1903472 2014-12-18] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-12-12] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-12-12] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 Winmgmt; C:\PROGRA~3\3045374A6.zot [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Engineer\kerneld.x64 [34136 2014-10-06] ()
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [294600 2014-11-21] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-29] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R0 fsh; C:\Windows\System32\Drivers\fsh.sys [68800 2013-09-16] (Jetico, Inc.)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20150123.001\IDSvia64.sys [668888 2015-01-10] (Symantec Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20150125.032\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20150125.032\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
U0 qauhbtp; C:\Windows\System32\drivers\ivwpe.sys [79064 2015-01-26] (Malwarebytes Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-08-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-11-28] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-08-26] (Symantec Corporation)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MBfilt; system32\drivers\MBfilt64.sys [X]
U3 pwloqaoc; \??\C:\Users\Ichigo\AppData\Local\Temp\pwloqaoc.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-26 16:00 - 2015-01-26 16:00 - 00013673 _____ () C:\Users\Ichigo\Desktop\Gmer.txt
2015-01-26 15:57 - 2015-01-26 16:17 - 00018456 _____ () C:\Users\Ichigo\Desktop\FRST.txt
2015-01-26 15:57 - 2015-01-26 15:57 - 00000544 _____ () C:\Users\Ichigo\Desktop\defogger_disable.log
2015-01-26 15:57 - 2015-01-26 15:57 - 00000168 _____ () C:\Users\Ichigo\defogger_reenable
2015-01-26 15:56 - 2015-01-26 16:17 - 00000000 ____D () C:\FRST
2015-01-26 15:54 - 2015-01-26 15:54 - 02129920 _____ (Farbar) C:\Users\Ichigo\Desktop\FRST64.exe
2015-01-26 15:54 - 2015-01-26 15:54 - 00380416 _____ () C:\Users\Ichigo\Desktop\jshu6tx7.exe
2015-01-26 15:54 - 2015-01-26 15:54 - 00050477 _____ () C:\Users\Ichigo\Desktop\Defogger.exe
2015-01-26 15:52 - 2015-01-26 15:52 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\ivwpe.sys
2015-01-26 15:48 - 2015-01-26 15:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-26 15:48 - 2015-01-26 15:48 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-26 15:48 - 2015-01-26 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-26 15:48 - 2015-01-26 15:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-26 15:48 - 2015-01-26 15:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-26 15:48 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-26 15:48 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-26 15:48 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-26 15:07 - 2015-01-26 15:07 - 00212992 _____ () C:\ProgramData\6A4735403.cpp
2015-01-19 18:55 - 2015-01-19 18:55 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-01-17 15:35 - 2015-01-17 15:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-14 15:31 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 15:31 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 15:31 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 15:31 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 15:31 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 15:31 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 15:31 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 15:31 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 15:31 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 15:31 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 15:31 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 15:31 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 15:31 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-11 19:17 - 2015-01-11 19:34 - 00000000 ____D () C:\Program Files (x86)\Futuremark
2015-01-11 14:21 - 2015-01-11 14:21 - 00003070 _____ () C:\Windows\System32\Tasks\{F06A113D-9D40-460E-8D77-3220936A28C0}
2015-01-11 12:14 - 2015-01-11 12:14 - 00053564 _____ () C:\Windows\SysWOW64\CCCInstall_201501111214148757.log
2015-01-11 12:14 - 2015-01-11 12:14 - 00000000 ____D () C:\Users\Ichigo\AppData\Roaming\library_dir
2015-01-11 12:14 - 2015-01-11 12:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-01-11 12:14 - 2015-01-11 12:14 - 00000000 ____D () C:\ProgramData\ATI
2015-01-11 12:14 - 2015-01-11 12:14 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-01-11 12:14 - 2015-01-11 12:14 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-01-09 15:13 - 2015-01-09 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SourceTec
2015-01-02 16:35 - 2015-01-02 16:36 - 00000000 ____D () C:\Klausurvorbereitung
2015-01-01 13:56 - 2015-01-01 13:57 - 00000000 ____D () C:\Users\Ichigo\AppData\Roaming\Notepad++
2015-01-01 13:55 - 2015-01-01 13:55 - 00000000 ____D () C:\Users\Ichigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-01-01 13:55 - 2015-01-01 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-01-01 13:55 - 2015-01-01 13:55 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-12-31 14:39 - 2014-12-31 14:39 - 00000000 __SHD () C:\found.000
2014-12-29 15:25 - 2014-12-29 15:25 - 00000000 ____D () C:\Program Files (x86)\Quest 5
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-26 16:01 - 2014-11-27 20:28 - 01931460 _____ () C:\Windows\WindowsUpdate.log
2015-01-26 15:57 - 2014-11-27 20:28 - 00000000 ____D () C:\Users\Ichigo
2015-01-26 15:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Web
2015-01-26 15:41 - 2014-11-28 10:35 - 00000000 ____D () C:\Users\Ichigo\AppData\Local\CrashDumps
2015-01-26 15:23 - 2014-11-27 21:18 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-26 11:41 - 2009-07-14 05:45 - 00015904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-26 11:41 - 2009-07-14 05:45 - 00015904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-26 11:40 - 2009-07-14 18:58 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2015-01-26 11:40 - 2009-07-14 18:58 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2015-01-26 11:40 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-26 11:38 - 2014-11-27 21:18 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-26 11:34 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-26 11:34 - 2009-07-14 05:51 - 00037712 _____ () C:\Windows\setupact.log
2015-01-26 08:25 - 2014-11-27 20:35 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-01-25 23:45 - 2014-11-27 23:25 - 00000000 ____D () C:\Users\Ichigo\AppData\Roaming\Skype
2015-01-25 17:25 - 2014-12-03 15:13 - 00000000 ____D () C:\Users\Ichigo\AppData\Local\Battle.net
2015-01-25 12:46 - 2014-11-29 12:47 - 00000000 ____D () C:\Users\Ichigo\AppData\Roaming\vlc
2015-01-23 18:55 - 2014-12-13 16:49 - 00000000 ____D () C:\Users\Ichigo\AppData\Roaming\TS3Client
2015-01-21 15:39 - 2009-07-14 19:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-19 12:40 - 2014-12-12 11:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-16 12:45 - 2014-11-28 10:43 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-16 12:45 - 2014-11-28 10:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-15 00:57 - 2014-11-27 21:18 - 00000000 ____D () C:\Users\Ichigo\AppData\Local\Google
2015-01-14 19:28 - 2014-11-27 21:16 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 19:26 - 2014-11-27 21:16 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 17:20 - 2014-12-10 18:20 - 00000000 ____D () C:\Users\Ichigo\AppData\Local\Campbell Wild
2015-01-13 14:29 - 2014-11-27 21:43 - 01956958 _____ () C:\Windows\PFRO.log
2015-01-11 19:34 - 2014-11-27 20:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-11 12:16 - 2014-11-28 18:05 - 00000000 ____D () C:\Users\Ichigo\AppData\Roaming\RIFT
2015-01-11 12:14 - 2014-11-27 20:34 - 00000000 ____D () C:\ProgramData\AMD
2015-01-11 12:14 - 2014-11-27 20:34 - 00000000 ____D () C:\Program Files\AMD
2015-01-11 12:13 - 2014-11-27 20:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-11 12:11 - 2014-11-27 20:32 - 00000000 ____D () C:\AMD
2015-01-10 19:48 - 2014-11-30 01:48 - 00000000 ____D () C:\ProgramData\Origin
2015-01-08 21:48 - 2014-12-10 19:13 - 00000000 ____D () C:\Program Files\PeerBlock
2015-01-08 09:58 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-08 01:09 - 2014-11-27 20:35 - 00109904 _____ () C:\Users\Ichigo\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-08 01:09 - 2009-07-14 05:45 - 00430152 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-31 14:46 - 2014-11-27 23:15 - 00000000 ____D () C:\ProgramData\Norton
2014-12-31 14:13 - 2014-12-05 22:09 - 00000000 _____ () C:\Windows\System32\Tasks\AIDA64 AutoStart
2014-12-30 04:05 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-12-29 17:40 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-28 18:15 - 2014-11-28 13:23 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-12-27 18:08 - 2014-11-28 00:12 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-27 18:08 - 2014-11-27 23:08 - 00000000 ____D () C:\ProgramData\Skype
==================== Files in the root of some directories =======
2015-01-26 15:07 - 2015-01-26 15:07 - 0212992 _____ () C:\ProgramData\6A4735403.cpp
2014-11-28 00:15 - 2014-11-28 00:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\Ichigo\AppData\Local\Temp\DrvInst64.exe
C:\Users\Ichigo\AppData\Local\Temp\ose00000.exe
C:\Users\Ichigo\AppData\Local\Temp\proxy_vole6221384621437326939.dll
C:\Users\Ichigo\AppData\Local\Temp\raptrpatch.exe
C:\Users\Ichigo\AppData\Local\Temp\raptr_stub.exe
C:\Users\Ichigo\AppData\Local\Temp\setup.exe
C:\Users\Ichigo\AppData\Local\Temp\sonarinst.exe
C:\Users\Ichigo\AppData\Local\Temp\tmp2136.exe
C:\Users\Ichigo\AppData\Local\Temp\Uninstall.exe
C:\Users\Ichigo\AppData\Local\Temp\vsdel.exe
C:\Users\Ichigo\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-24 11:35
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---
--- --- ---
--- --- ---
Hier die Addition.txt Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Ichigo at 2015-01-26 16:17:13
Running from C:\Users\Ichigo\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
.sol Editor 1.1.0.1 (HKLM-x32\...\.sol Editor) (Version: 1.1.0.1 - alexisisaac.net)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ACP Application (Version: 2.15.10.0003 - Advanced Micro Devices, Inc.) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
AIDA64 Engineer v4.70 (HKLM-x32\...\AIDA64 Engineer_is1) (Version: 4.70 - FinalWire Ltd.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
ATITool Overclocking Utility (HKLM-x32\...\ATITool) (Version: 0.26 - )
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.5.1 - Broadcom Corporation)
CH2E1.1 (HKLM\...\UDK-8f685c20-6106-4292-9a09-682397e40f87) (Version: - Epic Games, Inc.)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Diablo II (HKLM-x32\...\Diablo II) (Version: - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Geeks3D FurMark 1.15.0.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D)
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Half-Life (HKLM-x32\...\Steam App 70) (Version: - Valve)
HTML TADS Player Kit (HKLM-x32\...\htmltads.exe) (Version: - )
HxD Hex Editor Version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.2 - Notepad++ Team)
Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.3.0.38466 - Grinding Gear Games)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python 2.7.8 (HKLM-x32\...\{61121B12-88BD-4261-A6EE-AB32610A56DD}) (Version: 2.7.8150 - Python Software Foundation)
Quest 5.5.1 (HKLM-x32\...\Quest_is1) (Version: 5.5.1 - Alex Warren)
Rags Player (HKLM-x32\...\{91A1BF2F-8789-488F-A329-DE2AC701DED9}) (Version: 3.00.0057 - Rags Game LLC)
Rags Suite (HKLM-x32\...\{4BC51DFE-96B7-45DC-ADDE-BD062DFF0265}) (Version: 2.3.0 - RagsGame)
Rags Suite (HKLM-x32\...\{7C60776C-C6EA-4C59-926B-BA76703D2608}) (Version: 2.4.16 - RagsGame)
Rags Suite (HKLM-x32\...\{E50D4D29-C7B5-4136-AADE-D85794926840}) (Version: 2.4.0 - RagsGame)
RAGS Suite 0.9.9.2 (HKLM-x32\...\RAGS Suite) (Version: 0.9.9.2 - RagsSoftware)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
RGSS-RTP Standard (HKLM-x32\...\RGSS-RTP Standard_is1) (Version: 1.03 - Enterbrain)
RIFT (HKLM-x32\...\Glyph RIFT) (Version: - Trion Worlds, Inc.)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
RPGツクール2000 ランタイムパッケージ (HKLM-x32\...\{33F7A957-A66D-45A1-BADF-6576083B14E2}) (Version: - )
RPGツクール2003 ランタイムパッケージ (HKLM-x32\...\{0044AEC7-8924-4FB1-B4F7-FD14A5FEA9E4}) (Version: - )
RPGツクールVX RTP (HKLM-x32\...\RPGツクールVX RTP_is1) (Version: 1.02 - Enterbrain)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sothink SWF Decompiler (HKLM-x32\...\{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1) (Version: 7.4 - SourceTec Software Co., LTD)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version: - Ubisoft Montreal)
Twine 1.4.1 (remove only) (HKLM-x32\...\Twine) (Version: - )
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
14-01-2015 19:26:07 Windows Update
22-01-2015 17:38:41 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1C100C70-AC50-4428-9055-FEAE6DF652B9} - System32\Tasks\{F06A113D-9D40-460E-8D77-3220936A28C0} => pcalua.exe -a "E:\CH2 Episode 1\Uninstall.exe"
Task: {5BE88077-214D-4DCC-8376-88797389E307} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {69736605-B430-4956-BC84-5D6158F7E140} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {6EAC9136-E943-4EB2-A0CE-3999F530958D} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {757E6DFE-A840-4ADE-882B-9C6A248AE982} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {8D5CFB72-5704-44F0-BB02-195F792324AF} - System32\Tasks\AIDA64 AutoStart
Task: {96E607E9-155C-4000-96F8-903E5A565E10} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-27] (Google Inc.)
Task: {C538B5C9-F821-47AA-ABC9-00FC0EBFDDF2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-27] (Google Inc.)
Task: {C9B21415-A33A-4136-81B5-20527D7F9E52} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {F45968C7-E76B-4679-8E82-448ABC1BD4FB} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {F551D606-A534-4904-8437-6AAA69B9534D} - System32\Tasks\{962AA8BA-1657-469E-8789-53CB7DA458D6} => pcalua.exe -a C:\Windows\BCUnInstall.exe -c C:\Program Files (x86)\Jetico\BCWipe\UnInstall.log
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-12-12 17:22 - 2014-12-12 17:22 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-09-18 08:23 - 2014-09-18 08:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-11-27 21:05 - 2012-07-18 06:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-01-17 15:35 - 2015-01-17 15:35 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-12-12 15:59 - 2014-12-12 15:59 - 16843952 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll
2015-01-26 15:04 - 2015-01-26 15:04 - 00212992 _____ () C:\Users\Ichigo\AppData\Local\Temp\Low\3GGR.dll
2015-01-26 15:04 - 2015-01-26 15:04 - 00212992 _____ () C:\Users\Ichigo\AppData\Local\Temp\Low\jaQ1.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: BCWipeTM Startup => "C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe" startup
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-4292975843-3534779336-3389375436-500 - Administrator - Disabled)
Gast (S-1-5-21-4292975843-3534779336-3389375436-501 - Limited - Disabled)
Ichigo (S-1-5-21-4292975843-3534779336-3389375436-1000 - Administrator - Enabled) => C:\Users\Ichigo
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/26/2015 03:41:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NIS.exe, Version: 12.11.4.4, Zeitstempel: 0x53f531a0
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x818
Startzeit der fehlerhaften Anwendung: 0xNIS.exe0
Pfad der fehlerhaften Anwendung: NIS.exe1
Pfad des fehlerhaften Moduls: NIS.exe2
Berichtskennung: NIS.exe3
Error: (01/25/2015 01:31:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17496, Zeitstempel: 0x546fddcc
Name des fehlerhaften Moduls: atidxx32.dll, Version: 8.17.10.581, Zeitstempel: 0x546e9f8e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x004c675a
ID des fehlerhaften Prozesses: 0xc08
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (01/25/2015 01:24:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17496, Zeitstempel: 0x546fddcc
Name des fehlerhaften Moduls: atidxx32.dll, Version: 8.17.10.581, Zeitstempel: 0x546e9f8e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x004c675a
ID des fehlerhaften Prozesses: 0x1360
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (01/23/2015 11:35:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 35.0.0.5486 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1f84
Startzeit: 01d0375c9445df98
Endzeit: 102
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: 21015895-a350-11e4-bee7-bc5ff48a5672
Error: (01/23/2015 11:35:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.0.5486, Zeitstempel: 0x54af7153
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.0.5486, Zeitstempel: 0x54af69d4
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1dd8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (01/23/2015 11:33:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 35.0.0.5486 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: dfc
Startzeit: 01d0370a43069e1a
Endzeit: 158
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: cf193c53-a34f-11e4-bee7-bc5ff48a5672
Error: (01/23/2015 11:33:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.0.5486, Zeitstempel: 0x54af7153
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.0.5486, Zeitstempel: 0x54af69d4
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1580
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (01/23/2015 08:39:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17496, Zeitstempel: 0x546fddcc
Name des fehlerhaften Moduls: atidxx32.dll, Version: 8.17.10.581, Zeitstempel: 0x546e9f8e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x004c675a
ID des fehlerhaften Prozesses: 0x2714
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (01/20/2015 08:03:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17496, Zeitstempel: 0x546fddcc
Name des fehlerhaften Moduls: atidxx32.dll, Version: 8.17.10.581, Zeitstempel: 0x546e9f8e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x004c675a
ID des fehlerhaften Prozesses: 0x174c
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (01/20/2015 08:03:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17496, Zeitstempel: 0x546fddcc
Name des fehlerhaften Moduls: atidxx32.dll, Version: 8.17.10.581, Zeitstempel: 0x546e9f8e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x004c675a
ID des fehlerhaften Prozesses: 0x1860
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
System errors:
=============
Error: (01/26/2015 03:08:06 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (01/26/2015 03:08:06 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (01/25/2015 01:57:18 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (01/25/2015 01:57:18 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (01/25/2015 01:57:18 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (01/25/2015 01:29:30 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (01/25/2015 01:29:30 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (01/25/2015 01:29:20 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (01/25/2015 01:29:20 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (01/25/2015 01:29:20 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Microsoft Office Sessions:
=========================
Error: (01/26/2015 03:41:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NIS.exe12.11.4.453f531a0unknown0.0.0.000000000c00000050000000081801d03954398647beC:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exeunknown7218d57d-a569-11e4-a628-bc5ff48a5672
Error: (01/25/2015 01:31:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccatidxx32.dll8.17.10.581546e9f8ec0000005004c675ac0801d03899af3e8553C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\atidxx32.dll09ad8038-a48e-11e4-be66-bc5ff48a5672
Error: (01/25/2015 01:24:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccatidxx32.dll8.17.10.581546e9f8ec0000005004c675a136001d0389945fda312C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\atidxx32.dll25ff0ef0-a48d-11e4-be66-bc5ff48a5672
Error: (01/23/2015 11:35:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe35.0.0.54861f8401d0375c9445df98102C:\Program Files (x86)\Mozilla Firefox\firefox.exe21015895-a350-11e4-bee7-bc5ff48a5672
Error: (01/23/2015 11:35:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.0.548654af7153mozalloc.dll35.0.0.548654af69d480000003000014251dd801d0375cc920e672C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll21f16167-a350-11e4-bee7-bc5ff48a5672
Error: (01/23/2015 11:33:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe35.0.0.5486dfc01d0370a43069e1a158C:\Program Files (x86)\Mozilla Firefox\firefox.execf193c53-a34f-11e4-bee7-bc5ff48a5672
Error: (01/23/2015 11:33:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.0.548654af7153mozalloc.dll35.0.0.548654af69d48000000300001425158001d0370b2a0fcf06C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlld0b00ee2-a34f-11e4-bee7-bc5ff48a5672
Error: (01/23/2015 08:39:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccatidxx32.dll8.17.10.581546e9f8ec0000005004c675a271401d0374404fb06e5C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\atidxx32.dll8dfa3276-a337-11e4-bee7-bc5ff48a5672
Error: (01/20/2015 08:03:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccatidxx32.dll8.17.10.581546e9f8ec0000005004c675a174c01d034dc68e8b037C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\atidxx32.dll0071f90e-a0d7-11e4-b03d-bc5ff48a5672
Error: (01/20/2015 08:03:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccatidxx32.dll8.17.10.581546e9f8ec0000005004c675a186001d034dc6f81046fC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\atidxx32.dllf89a9079-a0d6-11e4-b03d-bc5ff48a5672
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 34%
Total physical RAM: 8145.89 MB
Available physical RAM: 5348.63 MB
Total Pagefile: 16289.96 MB
Available Pagefile: 12218.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:119.14 GB) (Free:59.1 GB) NTFS
Drive d: (Lokaler Datenträger) (Fixed) (Total:512.7 GB) (Free:70.83 GB) NTFS
Drive e: (Lokaler Datenträger) (Fixed) (Total:931.51 GB) (Free:44.89 GB) NTFS
Drive f: (Lokaler Datenträger) (Fixed) (Total:418.81 GB) (Free:75.35 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: B27A87EE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7D4EDCB0)
Partition 1: (Not Active) - (Size=512.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=418.8 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2A6E6481)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Hier die Gmer.txt Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-26 16:00:41
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 Samsung_SSD_840_PRO_Series rev.DXM05B0Q 119,24GB
Running: jshu6tx7.exe; Driver: C:\Users\Ichigo\AppData\Local\Temp\pwloqaoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 448 fffff800031f0000 65 bytes [00, 00, 0C, 02, 45, 74, 77, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 514 fffff800031f0042 4 bytes [00, 00, 00, 00]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\PnkBstrA.exe[1900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000757c1465 2 bytes [7C, 75]
.text C:\Windows\system32\PnkBstrA.exe[1900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757c14bb 2 bytes [7C, 75]
.text ... * 2
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000757c1465 2 bytes [7C, 75]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757c14bb 2 bytes [7C, 75]
.text ... * 2
.text C:\Windows\SysWOW64\rundll32.exe[8704] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 322 00000000734e1a22 2 bytes [4E, 73]
.text C:\Windows\SysWOW64\rundll32.exe[8704] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 496 00000000734e1ad0 2 bytes [4E, 73]
.text C:\Windows\SysWOW64\rundll32.exe[8704] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 552 00000000734e1b08 2 bytes [4E, 73]
.text C:\Windows\SysWOW64\rundll32.exe[8704] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 730 00000000734e1bba 2 bytes [4E, 73]
.text C:\Windows\SysWOW64\rundll32.exe[8704] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 762 00000000734e1bda 2 bytes [4E, 73]
.text C:\Windows\SysWOW64\rundll32.exe[8704] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathW + 26 0000000070ba13c6 2 bytes [BA, 70]
.text C:\Windows\SysWOW64\rundll32.exe[8704] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathW + 74 0000000070ba13f6 2 bytes [BA, 70]
.text C:\Windows\SysWOW64\rundll32.exe[8704] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathW + 257 0000000070ba14ad 2 bytes [BA, 70]
.text C:\Windows\SysWOW64\rundll32.exe[8704] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathW + 303 0000000070ba14db 2 bytes [BA, 70]
.text ... * 2
.text C:\Windows\SysWOW64\rundll32.exe[8704] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathA + 79 0000000070ba1577 2 bytes [BA, 70]
.text C:\Windows\SysWOW64\rundll32.exe[8704] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathA + 175 0000000070ba15d7 2 bytes [BA, 70]
.text C:\Windows\SysWOW64\rundll32.exe[8704] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathA + 620 0000000070ba1794 2 bytes [BA, 70]
.text C:\Windows\SysWOW64\rundll32.exe[8704] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathA + 921 0000000070ba18c1 2 bytes [BA, 70]
.text C:\Windows\SysWOW64\rundll32.exe[9972] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 322 00000000734e1a22 2 bytes [4E, 73]
.text C:\Windows\SysWOW64\rundll32.exe[9972] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 496 00000000734e1ad0 2 bytes [4E, 73]
.text C:\Windows\SysWOW64\rundll32.exe[9972] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 552 00000000734e1b08 2 bytes [4E, 73]
.text C:\Windows\SysWOW64\rundll32.exe[9972] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 730 00000000734e1bba 2 bytes [4E, 73]
.text C:\Windows\SysWOW64\rundll32.exe[9972] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 762 00000000734e1bda 2 bytes [4E, 73]
.text C:\Windows\SysWOW64\rundll32.exe[9972] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathW + 26 0000000070ba13c6 2 bytes [BA, 70]
.text C:\Windows\SysWOW64\rundll32.exe[9972] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathW + 74 0000000070ba13f6 2 bytes [BA, 70]
.text C:\Windows\SysWOW64\rundll32.exe[9972] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathW + 257 0000000070ba14ad 2 bytes [BA, 70]
.text C:\Windows\SysWOW64\rundll32.exe[9972] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathW + 303 0000000070ba14db 2 bytes [BA, 70]
.text ... * 2
.text C:\Windows\SysWOW64\rundll32.exe[9972] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathA + 79 0000000070ba1577 2 bytes [BA, 70]
.text C:\Windows\SysWOW64\rundll32.exe[9972] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathA + 175 0000000070ba15d7 2 bytes [BA, 70]
.text C:\Windows\SysWOW64\rundll32.exe[9972] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathA + 620 0000000070ba1794 2 bytes [BA, 70]
.text C:\Windows\SysWOW64\rundll32.exe[9972] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathA + 921 0000000070ba18c1 2 bytes [BA, 70]
.text C:\Windows\SysWOW64\rundll32.exe[3324] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 322 00000000734e1a22 2 bytes [4E, 73]
.text C:\Windows\SysWOW64\rundll32.exe[3324] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 496 00000000734e1ad0 2 bytes [4E, 73]
.text C:\Windows\SysWOW64\rundll32.exe[3324] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 552 00000000734e1b08 2 bytes [4E, 73]
.text C:\Windows\SysWOW64\rundll32.exe[3324] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 730 00000000734e1bba 2 bytes [4E, 73]
.text C:\Windows\SysWOW64\rundll32.exe[3324] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 762 00000000734e1bda 2 bytes [4E, 73]
.text C:\Windows\SysWOW64\rundll32.exe[3324] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathW + 26 0000000070ba13c6 2 bytes [BA, 70]
.text C:\Windows\SysWOW64\rundll32.exe[3324] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathW + 74 0000000070ba13f6 2 bytes [BA, 70]
.text C:\Windows\SysWOW64\rundll32.exe[3324] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathW + 257 0000000070ba14ad 2 bytes [BA, 70]
.text C:\Windows\SysWOW64\rundll32.exe[3324] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathW + 303 0000000070ba14db 2 bytes [BA, 70]
.text ... * 2
.text C:\Windows\SysWOW64\rundll32.exe[3324] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathA + 79 0000000070ba1577 2 bytes [BA, 70]
.text C:\Windows\SysWOW64\rundll32.exe[3324] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathA + 175 0000000070ba15d7 2 bytes [BA, 70]
.text C:\Windows\SysWOW64\rundll32.exe[3324] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathA + 620 0000000070ba1794 2 bytes [BA, 70]
.text C:\Windows\SysWOW64\rundll32.exe[3324] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathA + 921 0000000070ba18c1 2 bytes [BA, 70]
---- Processes - GMER 2.1 ----
Library C:\Users\Ichigo\AppData\Local\Temp\Low\RmQC.dll (*** suspicious ***) @ C:\Windows\SysWOW64\rundll32.exe [8704] 0000000000220000
Library C:\Users\Ichigo\AppData\Local\Temp\Low\3GGR.dll (*** suspicious ***) @ C:\Windows\SysWOW64\rundll32.exe [9972](2015-01-26 14:04:38) 0000000000680000
Library C:\Users\Ichigo\AppData\Local\Temp\Low\jaQ1.dll (*** suspicious ***) @ C:\Windows\SysWOW64\rundll32.exe [3324](2015-01-26 14:04:40) 00000000001b0000
---- Registry - GMER 2.1 ----
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@E:\Downloads\Neuer Ordner\2000rtp\RTP\xff7e\xff6f\xff84\xff71\xff6f\xff8c\xff9f\RPG2000RTP.exe 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@E:\Downloads\Neuer Ordner\2003rtp\2003RTP\xff7e\xff6f\xff84\xff71\xff6f\xff8c\xff9f\RPG2003RTP.exe 1
---- EOF - GMER 2.1 ----
MfG HeIIscream
Edit:
Gerade sehe ich, dass der Windows-Sicherheitscenterdienst nicht gestartet werden konnte. |
Hinweis: 
AdwCleaner auf deinen Desktop.
Malwarebytes Anti-Malware 
SecurityCheck und:
Farbar Service Scanner 
