Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows 8: Tastatur spielt verrueckt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.09.2014, 16:57   #1
Fischy
 
Windows 8: Tastatur spielt verrueckt - Standard

Windows 8: Tastatur spielt verrueckt



Hallo! Vor ca. 3 Wochen begann ich Probleme mit meiner Tastatur zu haben. Dies war kurz nach dem letzten Windows update, ich habe dieses dann aber wieder entfernt, als ein paar Tage später in den News dazu geraten wurde. Ich habe nichts über meinen Laptop verschüttet und hatte auch sonst nie Probleme. Problem: Schon beim Login erscheinen trotz des Drücken der Tasten sehr oft keine Buchstaben. Ich versuche es dann immer wieder und dann erscheinen manchen Buchstaben, andere wiederum nicht oder ein Buchstabe scheint sich selbstständig 30 mal hintereinander zu tippen. Wenn ich mich dann eingeloggt habe, geht es mal für ein paar Minuten ohne größere Probleme und dann urplötzlich kann ich wieder kaum einen Satz schreiben. Ich habe vor ca. 2 Wochen einen Virus scan gemacht, kam aber nichts wirklich bei raus....jedoch lief der Laptop danach einwandfrei für ca. 2 Tage. Oftmals wenn ich z.b. einen Rechtsklick mache, unterlegt er die Auswahl in Endlosschleife. Manchmal versuche ich über Task Manager raus zukommen, wenn sich auch der Cursor/Maus nicht mehr bewegt. Dabei ging vor ein paar Tagen gar nichts mehr und das System hat mir einen Ermergency Shut off angeboten. Dann ließ der Laptop sich nicht mehr richtig starten, ich bekam immer einer Fehlermeldung, dass es nicht korrekt gestartet werden kann. Daraufhin hab ich einen angebotenen System refresh gemacht. Leider hat sich das Problem dadurch auch nicht beheben lassen. Nachdem ich z.b. jetzt alle Programme für die Logs hab laufen lassen, konnte ich erst wieder kaum die Überschrift tippen, aber diesen Text hier nun ohne Probleme.
Beim Scan von GMER bekam ich am Beginn folgende Nachricht:
C/WINDOWS/System32/config/system: process can't acess file, because it is being used by another process.

Kurz vor Ende des Scans kam diese Meldung: c:/Users/Angie/ntuser.dat: process can't acess file, because it is being used by another process.

Nach dem ich defogger liefen ließ, öffneten sich 2 Textfiles, eine davon eine Addition. Nun nachdem ich alle Programme hab laufen lassen, finde ich nur noch die Addition und eine die Defogger disable heißt.

Ich denke nicht, dass die Tastatur wirklich das Problem ist und würde mich freuen hier Eure Meinung zu hören! Vielen Dank!


defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:54 on 26/09/2014 (Angie)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-09-2014
Ran by Angie at 2014-09-26 16:09:11
Running from C:\Users\Angie\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.1.3119 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.4.5527 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{F244D07D-1876-4CDD-914D-214E15A8D327}) (Version: 4.2.5.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{0E4AF773-9908-4F3B-8D57-E402FE198107}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP Postscript Converter (Version: 3.1.3554 - Hewlett-Packard) Hidden
HP Quick Launch (HKLM-x32\...\{609B11CC-8CED-4116-AD8A-A72168894D39}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 7.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{B8019B54-F9BE-490A-9619-6D06F18F129F}) (Version: 7.0.32.44 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mozilla Firefox 32.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 de)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.2 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.5.0.28 - Symantec Corporation)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)





Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2014
Ran by Angie (administrator) on ANGELA on 26-09-2014 16:08:03
Running from C:\Users\Angie\Downloads
Loaded Profiles: Angie & Administrator (Available profiles: Angie & Administrator)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-08-01] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\RunOnce: [SymSilent] => C:\Program Files (x86)\SymSilent\SymSilent.exe [925080 2012-06-20] (Symantec Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3503789841-3567229158-1260976014-500\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\po2y6ikp.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\po2y6ikp.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-09-24]
FF Extension: Pin It Button - C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\po2y6ikp.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2014-09-24]
FF Extension: Deutsch (DE) Language Pack - C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\po2y6ikp.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2014-09-24]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2014-09-26]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [2014-09-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-11] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-21] (IDT, Inc.) [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [1586904 2014-09-12] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-24] (Symantec Corporation)
U3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-24] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20140925.002\IDSvia64.sys [633560 2014-09-23] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140925.009\ENG64.SYS [129752 2014-09-24] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140925.009\EX64.SYS [2137304 2014-09-24] (Symantec Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1405000.01C\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-09-24] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 16:08 - 2014-09-26 16:08 - 00015107 _____ () C:\Users\Angie\Downloads\FRST.txt
2014-09-26 16:07 - 2014-09-26 16:08 - 00000000 ____D () C:\FRST
2014-09-26 16:06 - 2014-09-26 16:07 - 02108928 _____ (Farbar) C:\Users\Angie\Downloads\FRST64.exe
2014-09-26 16:04 - 2014-09-26 16:04 - 00000472 _____ () C:\Users\Angie\Downloads\defogger_disable.log
2014-09-26 16:04 - 2014-09-26 16:04 - 00000000 _____ () C:\Users\Angie\defogger_reenable
2014-09-26 16:02 - 2014-09-26 16:02 - 00050477 _____ () C:\Users\Angie\Downloads\Defogger.exe
2014-09-26 08:29 - 2014-09-26 08:29 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-09-26 08:12 - 2014-09-26 08:12 - 00000117 _____ () C:\WINDOWS\system32\netcfg-59310406.txt
2014-09-26 08:12 - 2014-09-26 08:12 - 00000117 _____ () C:\WINDOWS\system32\netcfg-59310171.txt
2014-09-25 21:29 - 2014-09-25 21:29 - 00000117 _____ () C:\WINDOWS\system32\netcfg-20744593.txt
2014-09-25 21:29 - 2014-09-25 21:29 - 00000117 _____ () C:\WINDOWS\system32\netcfg-20744468.txt
2014-09-25 17:32 - 2014-09-25 17:36 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-25 17:31 - 2014-08-29 13:01 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-25 17:29 - 2014-06-11 00:44 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-09-25 17:29 - 2014-06-11 00:43 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-09-25 15:47 - 2014-09-25 15:47 - 00000117 _____ () C:\WINDOWS\system32\netcfg-227937.txt
2014-09-25 15:44 - 2014-09-25 15:44 - 00000117 _____ () C:\WINDOWS\system32\netcfg-63734.txt
2014-09-25 14:03 - 2014-09-25 14:03 - 00000117 _____ () C:\WINDOWS\system32\netcfg-87883234.txt
2014-09-25 14:03 - 2014-09-25 14:03 - 00000117 _____ () C:\WINDOWS\system32\netcfg-87882906.txt
2014-09-25 13:15 - 2014-09-25 13:15 - 00000117 _____ () C:\WINDOWS\system32\netcfg-84962343.txt
2014-09-25 13:15 - 2014-09-25 13:15 - 00000117 _____ () C:\WINDOWS\system32\netcfg-84961953.txt
2014-09-25 07:56 - 2014-09-25 07:56 - 00000117 _____ () C:\WINDOWS\system32\netcfg-65833140.txt
2014-09-25 07:56 - 2014-09-25 07:56 - 00000117 _____ () C:\WINDOWS\system32\netcfg-65830328.txt
2014-09-25 07:23 - 2014-09-25 07:23 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\hpqlog
2014-09-24 23:16 - 2014-09-24 23:16 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2014-09-24 23:16 - 2014-09-24 14:24 - 00000000 ____D () C:\Windows.old
2014-09-24 22:51 - 2014-09-24 22:51 - 00000000 ____D () C:\$WINDOWS.~BT
2014-09-24 22:49 - 2014-09-24 14:12 - 00000000 ___HD () C:\$SysReset
2014-09-24 21:09 - 2014-05-15 03:02 - 00059424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-09-24 21:09 - 2014-05-15 00:43 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-09-24 21:09 - 2014-05-15 00:43 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-09-24 21:09 - 2014-05-15 00:43 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-09-24 21:09 - 2014-05-15 00:42 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-09-24 21:08 - 2013-08-16 07:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-09-24 21:08 - 2012-11-06 06:20 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-09-24 21:08 - 2012-11-06 06:00 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wushareduxresources.dll
2014-09-24 16:38 - 2014-09-24 16:38 - 00000000 ____D () C:\Users\Angie\AppData\Local\Macromedia
2014-09-24 16:36 - 2014-09-26 13:56 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-24 16:36 - 2014-09-24 16:36 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-09-24 16:35 - 2014-09-24 16:36 - 00000000 ____D () C:\Users\Angie\AppData\Local\Adobe
2014-09-24 15:42 - 2014-09-24 15:42 - 00001110 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2014-09-24 15:42 - 2014-09-24 15:42 - 00000000 ____D () C:\Users\Angie\AppData\Local\Google
2014-09-24 15:42 - 2014-09-24 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-09-24 15:41 - 2014-09-24 15:42 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-24 15:41 - 2014-09-24 15:41 - 17385800 _____ (Google Inc.) C:\Users\Angie\Downloads\picasa39-setup(1).exe
2014-09-24 15:16 - 2014-09-24 15:16 - 00000117 _____ () C:\WINDOWS\system32\netcfg-5826140.txt
2014-09-24 15:16 - 2014-09-24 15:16 - 00000117 _____ () C:\WINDOWS\system32\netcfg-5823812.txt
2014-09-24 14:09 - 2014-09-26 14:07 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Hewlett-Packard
2014-09-24 13:53 - 2014-09-25 15:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 13:53 - 2014-09-24 13:53 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-24 13:53 - 2014-09-24 13:53 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-24 13:53 - 2014-09-24 13:53 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Mozilla
2014-09-24 13:53 - 2014-09-24 13:53 - 00000000 ____D () C:\Users\Angie\AppData\Local\Mozilla
2014-09-24 13:53 - 2014-09-24 13:53 - 00000000 ____D () C:\ProgramData\Mozilla
2014-09-24 13:52 - 2014-09-26 08:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 13:51 - 2014-09-24 21:06 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3503789841-3567229158-1260976014-1001
2014-09-24 13:51 - 2014-09-24 13:51 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Macromedia
2014-09-24 13:50 - 2014-09-24 13:50 - 00000117 _____ () C:\WINDOWS\system32\netcfg-712718.txt
2014-09-24 13:44 - 2014-09-25 07:23 - 00000000 ____D () C:\Users\Angie\AppData\Local\Hewlett-Packard
2014-09-24 13:44 - 2014-09-24 13:44 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2014-09-24 13:43 - 2014-09-26 14:24 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{264BCF3A-F349-415D-A1E0-019A05CB0A9D}
2014-09-24 13:43 - 2014-09-24 13:43 - 00001434 _____ () C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-24 13:43 - 2014-09-24 13:43 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Adobe
2014-09-24 13:42 - 2014-09-24 13:42 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Synaptics
2014-09-24 13:41 - 2014-09-24 13:43 - 00000000 ____D () C:\Users\Angie\AppData\Local\Packages
2014-09-24 13:41 - 2014-09-24 13:41 - 00000020 ___SH () C:\Users\Angie\ntuser.ini
2014-09-24 13:41 - 2014-09-24 13:41 - 00000000 ____D () C:\Users\Angie\AppData\Local\VirtualStore
2014-09-24 13:38 - 2014-09-26 14:26 - 01855938 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-24 13:38 - 2014-09-24 13:38 - 00000117 _____ () C:\WINDOWS\system32\netcfg-876968.txt
2014-09-24 13:38 - 2014-09-24 13:38 - 00000117 _____ () C:\WINDOWS\system32\netcfg-834343.txt
2014-09-24 13:38 - 2014-09-24 13:38 - 00000117 _____ () C:\WINDOWS\system32\netcfg-834265.txt
2014-09-24 13:37 - 2014-09-24 13:38 - 00000117 _____ () C:\WINDOWS\system32\netcfg-830562.txt
2014-09-24 13:37 - 2014-09-24 13:37 - 00000117 _____ () C:\WINDOWS\system32\netcfg-823171.txt
2014-09-24 13:25 - 2014-09-26 16:04 - 00000000 ____D () C:\Users\Angie
2014-09-24 13:25 - 2014-09-24 13:28 - 00017148 _____ () C:\WINDOWS\diagwrn.xml
2014-09-24 13:25 - 2014-09-24 13:28 - 00017148 _____ () C:\WINDOWS\diagerr.xml
2014-09-24 13:25 - 2014-09-24 13:28 - 00000000 ___HD () C:\Users\Angie\Documents\hp.system.package.metadata
2014-09-24 13:25 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-09-24 13:25 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-24 13:25 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-24 13:25 - 2012-07-26 10:13 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-24 13:18 - 2014-09-24 13:18 - 00002306 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3503789841-3567229158-1260976014-500
2014-09-24 13:18 - 2014-09-24 13:18 - 00001140 _____ () C:\WINDOWS\system32\netcfg-101859.txt
2014-09-24 13:18 - 2014-09-24 13:18 - 00000109 _____ () C:\WINDOWS\system32\netcfg-86843.txt
2014-09-21 19:59 - 2014-09-23 14:59 - 00000000 ____D () C:\Users\Angie\Desktop\best shots
2014-09-21 16:55 - 2014-09-21 17:01 - 00000000 ____D () C:\Users\Angie\Desktop\Photo Shoots


GMER Logfile:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-26 16:23:50
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000036 ST500LT012-9WS142 rev.0001YAM1 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Angie\AppData\Local\Temp\pwlorpow.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[2556] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 306  000007fb39d6177a 4 bytes [D6, 39, FB, 07]
.text   C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[2556] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 314  000007fb39d61782 4 bytes [D6, 39, FB, 07]
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2640] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                    000007fb32211532 4 bytes [21, 32, FB, 07]
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2640] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                    000007fb3221153a 4 bytes [21, 32, FB, 07]
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2640] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                  000007fb3221165a 4 bytes [21, 32, FB, 07]
.text   C:\Windows\System32\igfxpers.exe[680] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                               000007fb39d6177a 4 bytes [D6, 39, FB, 07]
.text   C:\Windows\System32\igfxpers.exe[680] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                               000007fb39d61782 4 bytes [D6, 39, FB, 07]
.text   C:\WINDOWS\explorer.exe[5056] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                       000007fb39d6177a 4 bytes [D6, 39, FB, 07]
.text   C:\WINDOWS\explorer.exe[5056] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                       000007fb39d61782 4 bytes [D6, 39, FB, 07]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [544:568]                                                                                                          fffff9600092c5e8
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4160:2304]                                                                                   000007fb2b2a50e8
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4160:5468]                                                                                   000007fb2b2a50e8
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4160:5880]                                                                                   000007fb2b2a50e8
Thread  C:\WINDOWS\SYSTEM32\ntdll.dll [2924:6576]                                                                                                        0000000000081c24
Thread  C:\WINDOWS\SYSTEM32\ntdll.dll [2924:6448]                                                                                                        00000000710ce54e
Thread  C:\WINDOWS\SYSTEM32\ntdll.dll [2924:1628]                                                                                                        000000006f96319b
Thread  C:\WINDOWS\SYSTEM32\ntdll.dll [2924:3860]                                                                                                        000000006c770939
Thread  C:\WINDOWS\SYSTEM32\ntdll.dll [2924:4152]                                                                                                        000000006add25f1
Thread  C:\WINDOWS\SYSTEM32\ntdll.dll [2924:4148]                                                                                                        000000006add25f1
Thread  C:\WINDOWS\SYSTEM32\ntdll.dll [2924:4456]                                                                                                        000000006add25f1
Thread  C:\WINDOWS\SYSTEM32\ntdll.dll [2924:3400]                                                                                                        0000000071a316dc
Thread  C:\WINDOWS\SYSTEM32\ntdll.dll [2924:6204]                                                                                                        00000000710d69b6
Thread  C:\WINDOWS\SYSTEM32\ntdll.dll [3076:3528]                                                                                                        0000000000081c24
Thread  C:\WINDOWS\SYSTEM32\ntdll.dll [3076:5776]                                                                                                        00000000710ce54e

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                            unknown MBR code

---- EOF - GMER 2.1 ----
         
--- --- ---

Geändert von Fischy (26.09.2014 um 17:08 Uhr)

Alt 26.09.2014, 17:26   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8: Tastatur spielt verrueckt - Standard

Windows 8: Tastatur spielt verrueckt



Hi,

Zitat:
Ich denke nicht, dass die Tastatur wirklich das Problem ist und würde mich freuen hier Eure Meinung zu hören! Vielen Dank!
die Wette halte ich. Bevor wir Tage zum scannen verschwenden, andere Maus und anderes Keyboard testen.
__________________

__________________

Alt 26.09.2014, 17:48   #3
Fischy
 
Windows 8: Tastatur spielt verrueckt - Standard

Windows 8: Tastatur spielt verrueckt



Dies ist aber ein Laptop und leider hab ich keine externe Maus oder Tastatur die ich anschließen könnte.
__________________

Alt 26.09.2014, 20:50   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8: Tastatur spielt verrueckt - Standard

Windows 8: Tastatur spielt verrueckt



kannste keine USB Maus und Keyboard irgendwo leihen? Deine Logs sind sauber, das ist kein Malwareproblem.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.09.2014, 09:53   #5
Fischy
 
Windows 8: Tastatur spielt verrueckt - Standard

Windows 8: Tastatur spielt verrueckt



Ich werds versuchen. Danke!


Alt 27.09.2014, 20:24   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8: Tastatur spielt verrueckt - Standard

Windows 8: Tastatur spielt verrueckt



ok
__________________
--> Windows 8: Tastatur spielt verrueckt

Antwort

Themen zu Windows 8: Tastatur spielt verrueckt
adware, converter, cpu, defender, desktop, device driver, entfernen, error, fehlermeldung, firefox, flash player, google, installation, internet, launch, refresh, rundll, scan, security, server, software, starten, symantec, system, tastatur, temp, virus, windows



Ähnliche Themen: Windows 8: Tastatur spielt verrueckt


  1. Windows spielt Musik im Hintergrund; CPU Auslastung bei 100%
    Log-Analyse und Auswertung - 25.01.2015 (3)
  2. Windows 7: Virus compatibilitycheck.exe spielt Werbung im Hintergrund ab
    Log-Analyse und Auswertung - 19.01.2015 (11)
  3. Windows 7: Internetexplorer (unsichtbar) spielt Werbung ein.
    Log-Analyse und Auswertung - 12.01.2015 (9)
  4. Windows 7: Tastatur spielt verrückt und geisterhafte Schließung von Tabs im Webbrowser
    Log-Analyse und Auswertung - 19.11.2014 (3)
  5. Tastatur unter Windows 7 fällt aus
    Log-Analyse und Auswertung - 19.06.2014 (5)
  6. Windows 8: Tastatur spielt verrückt und andere Probleme
    Log-Analyse und Auswertung - 09.06.2014 (9)
  7. Windows 7 spielt total verrückt
    Plagegeister aller Art und deren Bekämpfung - 20.05.2014 (15)
  8. Windows 7 spielt total verrückt
    Alles rund um Windows - 16.05.2014 (1)
  9. Windows 7: Browser spielt verrückt
    Log-Analyse und Auswertung - 28.04.2014 (11)
  10. Windows Vista: Trojaner spielt Hintergrundmusik während man im Internet surft
    Log-Analyse und Auswertung - 21.04.2014 (1)
  11. Windows will Tastatur nicht..
    Netzwerk und Hardware - 20.11.2011 (47)
  12. Tastatur spielt verrückt !
    Netzwerk und Hardware - 28.10.2011 (5)
  13. Google redirect virus, ich werde verrueckt!
    Log-Analyse und Auswertung - 15.05.2011 (12)
  14. Stuxnet Cleaner.exe ! Windows 7 spielt verrückt !
    Plagegeister aller Art und deren Bekämpfung - 20.10.2010 (45)
  15. Windows XP spielt verrückt
    Log-Analyse und Auswertung - 07.04.2010 (2)
  16. windows media player spielt keine videodateien ab
    Alles rund um Windows - 13.10.2004 (3)
  17. Tastatur spielt verrückt??!?!ß
    Netzwerk und Hardware - 04.10.2003 (9)

Zum Thema Windows 8: Tastatur spielt verrueckt - Hallo! Vor ca. 3 Wochen begann ich Probleme mit meiner Tastatur zu haben. Dies war kurz nach dem letzten Windows update, ich habe dieses dann aber wieder entfernt, als ein - Windows 8: Tastatur spielt verrueckt...
Archiv
Du betrachtest: Windows 8: Tastatur spielt verrueckt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.