| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Allin1 Converter / Suchmaschine V9 statt Google / Updateports blockiertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
29.05.2014, 14:41
| #1 |
 |  Windows 7: Allin1 Converter / Suchmaschine V9 statt Google / Updateports blockiert Hallo zusammen. Mittlerweile bin ich seit über 15 Jahren im I-net unterwegs, aber was ich mir aktuell eingefangen habe, übertrifft leider alles :-( Normalerweise löse ich alle meine Probleme selbst, aber im aktuellen Fall weiß ich leider nicht mehr weiter und bitte um eure Hilfe. Am Wochenende wollte ich ein altes Dos-Spiel kostenlos herunterladen, anstelle dessen, hatte ich auf einmal etliche Zusatzprogramme auf dem Rechner. Leider war ich da viel zu naiv und hab die Anleitung nicht genügend gelesen... Neben dem "Allin1 Converter" habe ich seitdem auch anstelle der Google Startseite eine "V9" Suchmaschine im Explorer. Als darauf im Inet nach Hilfe suchte, wollte ich ein "Allin1Converter Removal-Tool" testen, was aber genau das Gegenteil bewirkte. Seitdem kann ich in keinem Programm mehr Updates durchführen, obwohl eine Internet-Verbindung da ist. Anschließend hatte ich noch den Spyhunter ausprobieren wollen, während dem Scan hab ich jedoch im Netz gelesen, dass dieses angebliche "Anti-Tool" noch mehr Schaden anrichten kann. Natürlich hab ich es gleich wieder deinstalliert. Mein NIS2014 konnte ich kurze Zeit später gar nicht mehr starten und seitdem hab ich auch kein Virenprogramm mehr auf dem Rechner. Ich hoffe ihr könnt mir helfen und bedanke mich schonmal sehr für eure Bemühungen. :-) Anbei die kompletten Files, zuerst FRST: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02 Ran by Thomas (administrator) on THOMAS-PC on 29-05-2014 14:59:56 Running from E:\Temporary Internet Files\Temporäre Internetdateien\Content.IE5\KBGJEN3F Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Malwarebytes Corporation) E:\sy\ Malwarebytes Anti-Malware \mbamscheduler.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Palit Microsystems Ltd.) C:\Program Files (x86)\Thunder Master\THPanel.exe (Malwarebytes Corporation) E:\sy\ Malwarebytes Anti-Malware \mbamservice.exe (CyberLink Corporation.) C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Malwarebytes Corporation) E:\sy\ Malwarebytes Anti-Malware \mbam.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe (NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (Sony DADC Austria AG.) C:\Windows\SysWOW64\UAService7.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-01-10] (Realtek Semiconductor) HKLM\...\Run: [NVRaidService] => C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [291944 2010-04-09] (NVIDIA Corporation) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-30] (NVIDIA Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [62760 2007-10-11] () HKLM-x32\...\Run: [InstantBurn] => C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe [599600 2007-06-04] (CyberLink Corporation.) HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2013-05-20] (Bitleader) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () HKLM-x32\...\Runonce: [B Register C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax",DllRegisterServer [X] HKU\S-1-5-21-2443172153-1165150917-4237551373-1000\...\Run: [THPanel] => C:\Program Files (x86)\Thunder Master\THPanel.exe [2050416 2012-07-13] (Palit Microsystems Ltd.) HKU\S-1-5-21-2443172153-1165150917-4237551373-1000\...\Run: [Power2GoExpress] => [X] HKU\S-1-5-21-2443172153-1165150917-4237551373-1000\...\MountPoints2: {92074f2c-cac6-11e2-98cd-00044b194c38} - I:\Setup.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x60231198C81CCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&affID=119662&babsrc=SP_ss&mntrId=98EB00044B194C38 SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=20&locale=de_DE&gct=kwd&qsrc=2869 BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) BHO: Adblock IE - {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - C:\Program Files\MGTEK\Adblock IE\adblockie.dll (MGTEK) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) BHO-x32: Adblock IE - {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - C:\Program Files (x86)\MGTEK\Adblock IE\adblockie.dll (MGTEK) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Winsock: Catalog9 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [258664] (NVIDIA) Winsock: Catalog9 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [258664] (NVIDIA) Winsock: Catalog9 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [258664] (NVIDIA) Winsock: Catalog9 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [258664] (NVIDIA) Winsock: Catalog9 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [258664] (NVIDIA) Winsock: Catalog9 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [258664] (NVIDIA) Winsock: Catalog9 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [258664] (NVIDIA) Winsock: Catalog9 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [258664] (NVIDIA) Winsock: Catalog9-x64 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [304744] (NVIDIA) Winsock: Catalog9-x64 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [304744] (NVIDIA) Winsock: Catalog9-x64 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [304744] (NVIDIA) Winsock: Catalog9-x64 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [304744] (NVIDIA) Winsock: Catalog9-x64 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [304744] (NVIDIA) Winsock: Catalog9-x64 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [304744] (NVIDIA) Winsock: Catalog9-x64 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [304744] (NVIDIA) Winsock: Catalog9-x64 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [304744] (NVIDIA) Tcpip\..\Interfaces\{02BF2190-F168-4AD9-B746-B245C3C0B0E4}: [NameServer]10.80.14.254 Tcpip\..\Interfaces\{83F675D9-69E6-4ECF-B1BF-829ECB07BF67}: [NameServer]192.168.178.100 FireFox: ======== FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\gm6o2v16.default FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: ubisoft.com/uplaypc - E:\Spiele\Trials\datapack\orbit\npuplaypc.dll No File FF user.js: detected! => C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\gm6o2v16.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer) FF SearchPlugin: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\gm6o2v16.default\searchplugins\trovi-search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Allin1Convert - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\gm6o2v16.default\Extensions\8hffxtbr@Allin1Convert_8h.com [2014-05-25] FF Extension: Quick Start - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\gm6o2v16.default\Extensions\quick_start@gmail.com [2014-05-25] FF Extension: Adblock Plus - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\gm6o2v16.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-01] FF HKLM-x32\...\Firefox\Extensions: [speedanalysis02@SpeedAnalysis.com] - C:\Users\Thomas\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com FF Extension: Speed Analysis 2 - C:\Users\Thomas\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013-04-27] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn\ [] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-13] FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF [2014-05-02] FF HKCU\...\Firefox\Extensions: [speedanalysis02@SpeedAnalysis.com] - C:\Users\Thomas\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com FF Extension: Speed Analysis 2 - C:\Users\Thomas\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013-04-27] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\Exts\Chrome.crx [2013-08-14] ==================== Services (Whitelisted) ================= R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] () R2 MBAMScheduler; E:\sy\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; E:\sy\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation) R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] () R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-10-19] () R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 UserAccess7; C:\Windows\SysWOW64\UAService7.exe [143360 2014-01-03] (Sony DADC Austria AG.) ==================== Drivers (Whitelisted) ==================== R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36096 2013-09-15] (Advanced Micro Devices, Inc.) R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation) R0 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24824 2007-06-04] (Cyberlink Co.,Ltd.) R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [369912 2007-06-04] (CyberLink Corporation.) S3 CSRBC; C:\Windows\System32\Drivers\csrbcxp.sys [36352 2013-09-15] (CSR, plc) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-01] (DT Soft Ltd) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-05-02] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20140515.001\IDSvia64.sys [525016 2014-04-30] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-29] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140515.021\ENG64.SYS [126040 2014-05-10] (Symantec Corporation) S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140515.021\EX64.SYS [2099288 2014-05-10] (Symantec Corporation) R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) S1 SRTSP; C:\Windows\System32\Drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-02] (Symantec Corporation) R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-10-30] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [137728 2011-02-25] (VIA Technologies, Inc.) R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [195584 2011-02-25] (VIA Technologies, Inc.) R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B}; C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl [32240 2007-11-05] (Cyberlink Corp.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-29 14:59 - 2014-05-29 14:59 - 00000000 ____D () C:\FRST 2014-05-29 14:58 - 2014-05-29 14:58 - 00000168 _____ () C:\Users\Thomas\defogger_reenable 2014-05-27 23:48 - 2014-05-29 14:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-27 23:47 - 2014-05-27 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-27 23:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-27 23:47 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-27 23:47 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-27 23:14 - 2014-03-31 18:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-05-27 23:14 - 2014-03-31 18:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-05-27 07:11 - 2014-05-27 07:11 - 00000068 _____ () C:\Windows\wininit.ini 2014-05-27 07:07 - 2014-05-27 07:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-05-27 07:07 - 2014-05-27 07:07 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-05-27 06:56 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-27 06:56 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-27 06:56 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-27 06:56 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-27 06:56 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-27 06:56 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-27 06:54 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-27 06:54 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-27 06:54 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-27 06:54 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-27 06:54 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-27 06:54 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-27 06:54 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-27 06:54 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-27 06:54 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-27 06:54 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-27 06:54 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-27 06:54 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-27 06:54 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-27 06:54 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-27 06:54 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-27 06:54 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-27 06:54 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-27 06:54 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-27 06:54 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-27 06:54 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-27 06:54 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-27 06:54 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-27 06:54 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-27 06:54 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-27 06:54 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-27 06:54 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-27 06:54 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-27 06:54 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-27 06:54 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-27 06:54 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-27 06:54 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-27 06:54 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-27 06:54 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-27 06:48 - 2014-05-27 06:48 - 00000461 _____ () C:\aaw7boot.log 2014-05-26 23:38 - 2014-05-27 23:31 - 00003604 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) 2014-05-26 23:21 - 2014-05-26 23:21 - 00000000 ____D () C:\Users\Thomas\AppData\Local\SearchProtect 2014-05-26 23:02 - 2014-05-27 23:48 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-05-26 23:02 - 2014-05-27 23:48 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2014-05-26 23:02 - 2014-05-26 23:02 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Sunbelt Software 2014-05-26 22:50 - 2014-05-26 22:50 - 00000000 _____ () C:\autoexec.bat 2014-05-26 22:49 - 2014-05-26 22:49 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-05-26 22:46 - 2014-05-26 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alin 1 Convert Removal Tool 2014-05-26 22:46 - 2014-05-26 23:20 - 00000000 ____D () C:\Program Files (x86)\Alin 1 Convert Removal Tool 2014-05-25 22:30 - 2014-05-25 22:30 - 00000000 ____D () C:\Program Files (x86)\MSR 2014-05-25 22:29 - 2014-05-26 21:38 - 00000000 ____D () C:\ProgramData\WPM 2014-05-25 22:29 - 2014-05-25 22:29 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\v9 2014-05-25 22:22 - 2014-05-25 22:24 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\CorsixTH 2014-05-25 01:27 - 2014-05-25 01:27 - 00000000 ____D () C:\Users\Thomas\AppData\Local\DOSBox 2014-05-25 01:14 - 2014-05-26 22:53 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-05-25 01:14 - 2014-05-25 01:14 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Opera Software 2014-05-25 01:14 - 2014-05-25 01:14 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Opera Software 2014-05-25 01:13 - 2014-05-26 23:26 - 00000000 ____D () C:\Program Files (x86)\SearchProtect 2014-05-25 01:09 - 2014-05-25 01:09 - 00000000 ____D () C:\Program Files (x86)\Allin1Convert_8h 2014-05-04 15:15 - 2014-05-04 15:15 - 00000000 ____D () C:\Users\Thomas\Documents\Norton Identity Safe-Backups 2014-05-02 23:01 - 2014-05-26 23:26 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2014-05-02 23:01 - 2014-05-26 23:26 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security 2014-05-01 22:48 - 2014-05-02 21:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-04-30 23:07 - 2014-05-27 06:56 - 00000000 ___SD () C:\Windows\system32\CompatTel ==================== One Month Modified Files and Folders ======= 2014-05-29 15:00 - 2013-06-08 19:53 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-29 14:59 - 2014-05-29 14:59 - 00000000 ____D () C:\FRST 2014-05-29 14:58 - 2014-05-29 14:58 - 00000168 _____ () C:\Users\Thomas\defogger_reenable 2014-05-29 14:58 - 2013-03-07 19:44 - 01359711 _____ () C:\Windows\WindowsUpdate.log 2014-05-29 14:58 - 2013-03-07 19:44 - 00000000 ____D () C:\Users\Thomas 2014-05-29 14:54 - 2014-05-27 23:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-29 14:54 - 2014-01-03 16:08 - 00034790 _____ () C:\Windows\setupact.log 2014-05-29 14:54 - 2014-01-03 15:59 - 00022826 _____ () C:\Windows\PFRO.log 2014-05-29 14:54 - 2013-06-08 19:53 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-29 14:54 - 2013-05-20 20:26 - 00000367 _____ () C:\Windows\lgfwup.ini 2014-05-29 14:54 - 2013-05-20 20:26 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate 2014-05-29 14:54 - 2013-05-20 20:24 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Hi-Def Suite 2014-05-29 14:54 - 2013-03-07 19:55 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-05-29 14:54 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-28 00:41 - 2013-05-20 22:00 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\vlc 2014-05-28 00:01 - 2011-04-12 09:43 - 00702916 _____ () C:\Windows\system32\perfh007.dat 2014-05-28 00:01 - 2011-04-12 09:43 - 00150574 _____ () C:\Windows\system32\perfc007.dat 2014-05-28 00:01 - 2009-07-14 07:13 - 01629210 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-28 00:01 - 2009-07-14 06:45 - 00022560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-28 00:01 - 2009-07-14 06:45 - 00022560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-27 23:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports 2014-05-27 23:48 - 2014-05-26 23:02 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-05-27 23:48 - 2014-05-26 23:02 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2014-05-27 23:47 - 2014-05-27 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-27 23:47 - 2014-01-18 00:10 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-27 23:31 - 2014-05-26 23:38 - 00003604 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) 2014-05-27 23:15 - 2013-06-16 20:33 - 00000000 ____D () C:\Users\Thomas\AppData\Local\CrashDumps 2014-05-27 07:11 - 2014-05-27 07:11 - 00000068 _____ () C:\Windows\wininit.ini 2014-05-27 07:11 - 2014-05-27 07:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-05-27 07:07 - 2014-05-27 07:07 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-05-27 06:57 - 2014-03-21 20:14 - 00000000 ___RD () C:\Users\Thomas\Eigene Bilder 2014-05-27 06:57 - 2013-04-28 10:12 - 00000754 __RSH () C:\Users\Thomas\ntuser.pol 2014-05-27 06:57 - 2013-03-07 19:44 - 00000000 ___RD () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-27 06:57 - 2013-03-07 19:44 - 00000000 ___RD () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-27 06:56 - 2014-04-30 23:07 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-27 06:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-05-27 06:55 - 2013-07-11 20:59 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-27 06:55 - 2013-03-08 15:33 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-27 06:48 - 2014-05-27 06:48 - 00000461 _____ () C:\aaw7boot.log 2014-05-26 23:26 - 2014-05-25 01:13 - 00000000 ____D () C:\Program Files (x86)\SearchProtect 2014-05-26 23:26 - 2014-05-02 23:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2014-05-26 23:26 - 2014-05-02 23:01 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security 2014-05-26 23:26 - 2013-06-01 16:35 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite 2014-05-26 23:26 - 2013-04-27 21:29 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64 2014-05-26 23:26 - 2013-04-27 21:12 - 00000000 ____D () C:\ProgramData\Norton 2014-05-26 23:26 - 2013-03-07 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-05-26 23:26 - 2013-03-07 19:55 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-05-26 23:26 - 2013-03-07 19:54 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-05-26 23:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\security 2014-05-26 23:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-05-26 23:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-05-26 23:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat 2014-05-26 23:25 - 2013-12-26 17:40 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-05-26 23:25 - 2013-06-01 16:06 - 00000000 ____D () C:\ProgramData\Real 2014-05-26 23:25 - 2013-03-15 20:45 - 00000000 ____D () C:\Users\Thomas\AppData\Local\NVIDIA Corporation 2014-05-26 23:25 - 2013-03-07 19:55 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-05-26 23:21 - 2014-05-26 23:21 - 00000000 ____D () C:\Users\Thomas\AppData\Local\SearchProtect 2014-05-26 23:20 - 2014-05-26 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alin 1 Convert Removal Tool 2014-05-26 23:20 - 2014-05-26 22:46 - 00000000 ____D () C:\Program Files (x86)\Alin 1 Convert Removal Tool 2014-05-26 23:20 - 2011-04-12 09:54 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-05-26 23:02 - 2014-05-26 23:02 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Sunbelt Software 2014-05-26 22:53 - 2014-05-25 01:14 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-05-26 22:50 - 2014-05-26 22:50 - 00000000 _____ () C:\autoexec.bat 2014-05-26 22:49 - 2014-05-26 22:49 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-05-26 21:38 - 2014-05-25 22:29 - 00000000 ____D () C:\ProgramData\WPM 2014-05-25 22:35 - 2013-05-31 22:24 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\UseNeXT 2014-05-25 22:30 - 2014-05-25 22:30 - 00000000 ____D () C:\Program Files (x86)\MSR 2014-05-25 22:29 - 2014-05-25 22:29 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\v9 2014-05-25 22:24 - 2014-05-25 22:22 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\CorsixTH 2014-05-25 01:27 - 2014-05-25 01:27 - 00000000 ____D () C:\Users\Thomas\AppData\Local\DOSBox 2014-05-25 01:14 - 2014-05-25 01:14 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Opera Software 2014-05-25 01:14 - 2014-05-25 01:14 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Opera Software 2014-05-25 01:09 - 2014-05-25 01:09 - 00000000 ____D () C:\Program Files (x86)\Allin1Convert_8h 2014-05-16 23:39 - 2013-03-09 15:58 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-16 23:39 - 2013-03-09 15:58 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-15 19:55 - 2013-03-09 15:56 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-12 07:26 - 2014-05-27 23:47 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-12 07:26 - 2014-05-27 23:47 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-05-27 23:47 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-10 16:55 - 2013-06-08 19:53 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-10 16:55 - 2013-06-08 19:53 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-09 08:14 - 2014-05-27 06:54 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-27 06:54 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-08 23:06 - 2013-06-01 16:36 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\DAEMON Tools Lite 2014-05-06 06:40 - 2014-05-27 06:56 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-27 06:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-27 06:56 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-27 06:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-27 06:56 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-27 06:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-05 21:52 - 2013-06-14 23:42 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2014-05-04 15:15 - 2014-05-04 15:15 - 00000000 ____D () C:\Users\Thomas\Documents\Norton Identity Safe-Backups 2014-05-04 15:09 - 2013-09-14 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX 2014-05-04 15:09 - 2013-05-20 21:40 - 00000000 ____D () C:\Program Files (x86)\DivX 2014-05-04 15:09 - 2013-05-20 21:38 - 00000000 ____D () C:\ProgramData\DivX 2014-05-03 16:12 - 2013-04-28 15:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-02 23:01 - 2013-04-27 21:29 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2014-05-02 23:01 - 2013-04-27 21:12 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton 2014-05-02 22:47 - 2013-04-27 21:29 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2014-05-02 22:47 - 2013-04-27 21:29 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2014-05-02 22:47 - 2013-04-27 21:29 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security 2014-05-02 22:17 - 2013-04-27 21:12 - 00000000 ____D () C:\Users\Public\Downloads\Norton 2014-05-02 21:21 - 2014-05-01 22:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-04-30 20:29 - 2014-01-12 02:12 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2014-04-30 20:29 - 2014-01-12 02:12 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-25 14:30 ==================== End Of Log ============================ --- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by Thomas at 2014-05-29 15:01:33
Running from E:\Temporary Internet Files\Temporäre Internetdateien\Content.IE5\KBGJEN3F
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adblock IE 2.3 (HKLM\...\{58161756-037B-42CD-B575-AF804A2F0F47}) (Version: 2.3.1756 - MGTEK)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Borderlands 2 (HKLM-x32\...\Borderlands 2_is1) (Version: - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG5300 series Benutzerregistrierung (HKLM-x32\...\Canon MG5300 series Benutzerregistrierung) (Version: - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - Canon Inc.)
Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version: - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Command & Conquer Die ersten 10 Jahre (HKLM-x32\...\{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}) (Version: 1.00.0000 - Electronic Arts)
CyberLink InstantBurn (HKLM-x32\...\{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}) (Version: - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
dBpowerAMP Music Converter (HKLM-x32\...\dBpowerAMP Music Converter) (Version: - )
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.22 - DivX, LLC)
dreamboxEDIT -- The one and only settings editor for your Dreambox (HKLM-x32\...\dreamboxEDIT) (Version: - )
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
GameRanger (HKCU\...\GameRanger) (Version: - GameRanger Technologies)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hi-Def Suite (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.1603 - CyberLink Corporation)
ID3-TagIT 3 (HKLM-x32\...\ID3-TagIT 3_is1) (Version: 3 - Michael Pluemper)
LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
LiveReg (Symantec Corporation) (HKLM-x32\...\LiveReg) (Version: 2.2.0.1621 - Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 1.80.19.0 - Symantec Corporation)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{4D243BA7-9AC4-46D1-90E5-EEB88974F501}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}) (Version: 3.0.19.0 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.2.0.38 - Symantec Corporation)
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA MediaShield (HKLM-x32\...\{CC452A50-5C87-4A1F-B295-445C3C69BF7D}) (Version: 11.1.0.43 - NVIDIA Corporation)
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA Performance (x32 Version: 6.5 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Platform (x32 Version: 1.38 - VIA Technologies, Inc.) Hidden
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu)
Power2Go 5.0 (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: - )
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.3.3516b.0 - CyberLink Corporation)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
ratDVD 0.78.1444 (HKLM-x32\...\ratDVD) (Version: 0.78.1444 - ratDVD)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Thunder Master v1.4 (HKLM-x32\...\{EE04522C-0814-4B63-AE57-0B63E5A355BB}_is1) (Version: 1.4.0.0 - Palit Microsystems Ltd.)
Unreal Tournament 2003 (HKLM-x32\...\UT2003) (Version: - )
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.38 - VIA Technologies, Inc.)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {010966FF-AC4D-4A45-B287-341F9FD4986D} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {3EE517E8-97BE-4446-9416-D2E678C5B3A7} - System32\Tasks\4801 => Wscript.exe C:\Users\Thomas\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {48C74235-7685-4C17-83E8-7066208E7C75} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {49245E44-C88A-4354-A9BB-AA3AE81DA7A2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2443172153-1165150917-4237551373-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {4EA68CE3-9D36-4B66-8943-1262343FEFBE} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {671B630A-3C84-42AF-8221-4416F83CB4D1} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {6E1DDB6A-0A0F-4CB6-8590-60F908D539FE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-08] (Google Inc.)
Task: {7992CF1F-57C7-464D-AD60-F9AD658DB258} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2443172153-1165150917-4237551373-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B340EA14-8C35-43BC-B0E1-9BB6A22B611A} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\WSCStub.exe [2014-03-12] (Symantec Corporation)
Task: {C47B0E36-3EDC-4486-B2BD-FFC34A1311A3} - System32\Tasks\{0B8197AB-6971-492C-A043-E3EED5F1B14D} => C:\Windows\system32\msiexec.exe [2010-11-21] (Microsoft Corporation)
Task: {D02C561A-CF82-45CF-9BDC-11B3BAA390B8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {D03FF41E-459B-41C2-98D7-7A90CC04FB76} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {D65D8DB6-2874-4E9C-81DD-2481E352B261} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D85750D4-27AB-467A-AE4C-28F262A5F065} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-08] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-03-07 19:55 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2013-10-19 17:49 - 2013-10-19 17:49 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-05-16 22:31 - 2010-01-21 01:53 - 00496232 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2013-05-16 22:31 - 2010-01-21 01:52 - 00076392 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2013-05-16 22:31 - 2010-01-21 01:53 - 00731752 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2013-05-16 22:31 - 2010-01-21 01:53 - 00209000 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2013-05-20 20:24 - 2007-04-10 16:27 - 08365616 _____ () C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\res.dll
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl => "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
==================== Faulty Device Manager Devices =============
Name: NVIDIA Enthusiasts Platform KDM
Description: NVIDIA Enthusiasts Platform KDM
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA Corporation
Service: nvoclk64
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (05/29/2014 02:54:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/27/2014 11:54:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/27/2014 11:28:35 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Failed to uninstall service
Error: (05/27/2014 11:15:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GFExperience.exe, Version: 12.4.67.0, Zeitstempel: 0x535faf22
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x18c
Startzeit der fehlerhaften Anwendung: 0xGFExperience.exe0
Pfad der fehlerhaften Anwendung: GFExperience.exe1
Pfad des fehlerhaften Moduls: GFExperience.exe2
Berichtskennung: GFExperience.exe3
Error: (05/27/2014 11:15:00 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: GFExperience.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ArgumentOutOfRangeException
Stapel:
bei System.Reactive.Concurrency.AsyncLock.Wait(System.Action)
bei System.Reactive.Concurrency.DefaultScheduler+<>c__DisplayClass9`1[[System.Int64, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].<SchedulePeriodic>b__6()
bei System.Reactive.Concurrency.ConcurrencyAbstractionLayerImpl+PeriodicTimer.Tick(System.Object)
bei System.Threading.TimerQueueTimer.CallCallbackInContext(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.TimerQueueTimer.CallCallback()
bei System.Threading.TimerQueueTimer.Fire()
bei System.Threading.TimerQueue.FireNextTimers()
bei System.Threading.TimerQueue.AppDomainTimerCallback()
Error: (05/27/2014 10:53:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/27/2014 07:12:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/27/2014 06:59:51 AM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Failed to uninstall service
Error: (05/27/2014 06:57:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/27/2014 06:48:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (05/29/2014 02:54:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SRTSP
Error: (05/29/2014 02:54:27 PM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.
Error: (05/29/2014 02:54:27 PM) (Source: volsnap) (EventID: 29) (User: )
Description: Die Schattenkopien von Volume "C:" wurde während der Ermittlung abgebrochen.
Error: (05/27/2014 11:54:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SRTSP
Error: (05/27/2014 11:54:07 PM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.
Error: (05/27/2014 11:28:35 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Lavasoft Ad-Aware Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/27/2014 10:53:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SRTSP
Error: (05/27/2014 10:53:12 PM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.
Error: (05/27/2014 07:12:10 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SRTSP
Error: (05/27/2014 07:11:53 AM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.
Microsoft Office Sessions:
=========================
Error: (05/29/2014 02:54:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/27/2014 11:54:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/27/2014 11:28:35 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Failed to uninstall service
Error: (05/27/2014 11:15:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GFExperience.exe12.4.67.0535faf22KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d18c01cf79f0a87059e8C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exeC:\Windows\syswow64\KERNELBASE.dllf667b358-e5e3-11e3-8227-00044b194c38
Error: (05/27/2014 11:15:00 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: GFExperience.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ArgumentOutOfRangeException
Stapel:
bei System.Reactive.Concurrency.AsyncLock.Wait(System.Action)
bei System.Reactive.Concurrency.DefaultScheduler+<>c__DisplayClass9`1[[System.Int64, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].<SchedulePeriodic>b__6()
bei System.Reactive.Concurrency.ConcurrencyAbstractionLayerImpl+PeriodicTimer.Tick(System.Object)
bei System.Threading.TimerQueueTimer.CallCallbackInContext(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.TimerQueueTimer.CallCallback()
bei System.Threading.TimerQueueTimer.Fire()
bei System.Threading.TimerQueue.FireNextTimers()
bei System.Threading.TimerQueue.AppDomainTimerCallback()
Error: (05/27/2014 10:53:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/27/2014 07:12:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/27/2014 06:59:51 AM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Failed to uninstall service
Error: (05/27/2014 06:57:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/27/2014 06:48:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2013-06-08 20:13:22.822
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Symantec\Norton Ghost 2003\GhPciScan.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-08 20:13:22.776
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Symantec\Norton Ghost 2003\GhPciScan.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-08 20:12:57.550
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Symantec\Norton Ghost 2003\GhPciScan.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-08 20:12:57.519
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Symantec\Norton Ghost 2003\GhPciScan.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-08 20:10:41.614
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Symantec\Norton Ghost 2003\GhPciScan.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-08 20:10:41.567
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Symantec\Norton Ghost 2003\GhPciScan.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 26%
Total physical RAM: 8190.54 MB
Available physical RAM: 5996.3 MB
Total Pagefile: 16379.26 MB
Available Pagefile: 14009.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (System Win7) (Fixed) (Total:232.79 GB) (Free:181.03 GB) NTFS
Drive d: (GermanAbdoerPAL) (CDROM) (Total:3.31 GB) (Free:0 GB) UDF
Drive e: (Daten Win7) (Fixed) (Total:931.39 GB) (Free:496.74 GB) NTFS
Drive f: (Daten XP) (Fixed) (Total:205.54 GB) (Free:141.19 GB) NTFS
Drive g: (System XP) (Fixed) (Total:390.63 GB) (Free:298.71 GB) NTFS
Drive h: (Backup) (Fixed) (Total:465.76 GB) (Free:185.35 GB) NTFS
Drive i: (Borderlands 2) (CDROM) (Total:7.14 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: DF55BA9D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 596 GB) (Disk ID: 1D2B1D2B)
Partition 1: (Active) - (Size=391 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=206 GB) - (Type=05)
========================================================
Disk: 2 (Size: 932 GB) (Disk ID: ECADB5B8)
Partition: GPT Partition Type.
========================================================
Disk: 3 (Size: 466 GB) (Disk ID: 0CD20CD2)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-29 15:17:24
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000064 Samsung_ rev.DXT0 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\Thomas\AppData\Local\Temp\uwriipod.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000193f00 7 bytes [00, 98, F3, FF, 01, A6, F0]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000193f08 3 bytes [C0, 06, 02]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765e1465 2 bytes [5E, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765e14bb 2 bytes [5E, 76]
.text ... * 2
.text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765e1465 2 bytes [5E, 76]
.text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765e14bb 2 bytes [5E, 76]
.text ... * 2
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765e1465 2 bytes [5E, 76]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765e14bb 2 bytes [5E, 76]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [2352] entry point in ".rdata" section 00000000732f71e6
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765e1465 2 bytes [5E, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765e14bb 2 bytes [5E, 76]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[2720] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 000000006ed81a22 2 bytes [D8, 6E]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2720] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 000000006ed81ad0 2 bytes [D8, 6E]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2720] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 000000006ed81b08 2 bytes [D8, 6E]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2720] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 000000006ed81bba 2 bytes [D8, 6E]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2720] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 000000006ed81bda 2 bytes [D8, 6E]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765e1465 2 bytes [5E, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765e14bb 2 bytes [5E, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4216] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000076213e78 5 bytes JMP 0000000102a60048
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4216] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 62 0000000076839d49 7 bytes JMP 0000000102a6020c
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765e1465 2 bytes [5E, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765e14bb 2 bytes [5E, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765e1465 2 bytes [5E, 76]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765e14bb 2 bytes [5E, 76]
.text ... * 2
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 27.05.2014 Scan Time: 23:48:42 Logfile: MalwareScanLog1.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.03.04.09 Rootkit Database: v2014.02.20.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Thomas Scan Type: Threat Scan Result: Completed Objects Scanned: 232472 Time Elapsed: 4 min, 6 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 3 PUP.Optional.Conduit.A, C:\Users\Thomas\AppData\Local\Temp\CT3325809, Quarantined, [4108f708e496d75fac580285ac5601ff], PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, Quarantined, [9cad758aec8ebc7aa1c3bfca8181fe02], PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, Quarantined, [9cad758aec8ebc7aa1c3bfca8181fe02], Files: 3 PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, Quarantined, [07423ec178023cfa0ea35e10629e56aa], PUP.Optional.V9.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\v9.xml, Quarantined, [91b8c6390575cd696e36078947bb9d63], PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update\conf, Quarantined, [9cad758aec8ebc7aa1c3bfca8181fe02], Physical Sectors: 0 (No malicious items detected) (end) |
| Themen zu Windows 7: Allin1 Converter / Suchmaschine V9 statt Google / Updateports blockiert |
| ad-aware, association, blockiert, bluescreen, c:\windows\system32\roboot64.exe, canon, converter, flash player, msiexec.exe, performance, pup.optional.conduit.a, pup.optional.iepluginservice.a, pup.optional.pcperformer.a, pup.optional.v9.a, quick_start, required, scan, services.exe, software, spyhunter, spyhunter entfernen, suchmaschine, svchost.exe, symantec, system, thomas, win32/installmonetizer.aq, win32/softonicdownloader.a, win32/toolbar.conduit, win32/toolbar.conduit.b, wscript.exe |
Baum-Darstellung