Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   BKA trojaner (https://www.trojaner-board.de/167375-bka-trojaner.html)

sabrina0507 29.05.2015 14:46
BKA trojaner
 
Hallo zusammen,

ich habe mir heute wahrscheinlich einen BKA Trojaner eingefangen :heulen:
Und nun weiß ich nicht wie ich den wieder los werde ... Ich hab bis jetzt nichts weiter gemacht außer die Internetverbindung zutrennen.

Ich bin in sachen PC leider nicht sehr bewandert :killpc:, des wegen hoffe ich auf eure Hilfe.

Ich habe einen HP ENVY dv6 mit Windows 8.

Schon mal ein liebes :dankeschoen:

cosinus 29.05.2015 15:55
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

sabrina0507 29.05.2015 18:21
1. FRST :

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by Marcus21189 (administrator) on MARCUS on 29-05-2015 18:59:27
Running from C:\Users\Marcus21189\Desktop
Loaded Profiles: Marcus21189 & Sabrina & Lennox & Administrator (Available Profiles: Marcus21189 & Sabrina & Lennox & Administrator)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\System32\valWBFPolicyService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
() C:\Program Files (x86)\HP SimplePass\DownloadAD.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe
() C:\Program Files (x86)\Panda Security\Panda Cloud Cleaner\PCloudCleaner.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
() C:\Program Files (x86)\HP SimplePass\DownloadAD.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files (x86)\HP SimplePass\DownloadAD.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-14] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2874168 2012-09-15] (Synaptics Incorporated)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2012-09-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590656 2015-05-15] (Razer Inc.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-18] (Panda Security, S.L.)
HKLM-x32\...\Run: [Panda Security URL Filtering] => "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe"
HKLM-x32\...\RunOnce: [SymSilent] => C:\Program Files (x86)\SymSilent\SymSilent.exe [925080 2012-06-20] (Symantec Corporation)
HKLM-x32\...\RunOnce: [RazerDriverInit] => C:\Program Files (x86)\Razer\Razer_Common_Driver\Drivers\RazerDriverInit.exe [39680 2014-10-08] (Razer Inc.)
HKLM-x32\...\RunOnce: [CleanUp RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzInstallerDeletion.vbs [1446 2015-02-02] ()
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-997351180-1135922812-2251577497-1002\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
HKU\S-1-5-21-997351180-1135922812-2251577497-1002\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
HKU\S-1-5-21-997351180-1135922812-2251577497-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [898048 2012-07-26] (Microsoft Corporation)
HKU\S-1-5-21-997351180-1135922812-2251577497-500\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1707632 2012-09-10] (CyberLink Corp.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: ,C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4
HKU\S-1-5-21-997351180-1135922812-2251577497-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-997351180-1135922812-2251577497-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4
URLSearchHook: [S-1-5-21-997351180-1135922812-2251577497-1001] ATTENTION ==> Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-997351180-1135922812-2251577497-1003] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM -> {F4FB02E6-D448-4915-9B53-67D5766FFFFA} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {F4FB02E6-D448-4915-9B53-67D5766FFFFA} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-997351180-1135922812-2251577497-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-997351180-1135922812-2251577497-1002 -> {F4FB02E6-D448-4915-9B53-67D5766FFFFA} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2015-02-10] ()
BHO-x32: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2015-02-10] ()
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2015-02-10] ()
Toolbar: HKLM-x32 - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2015-02-10] ()
Toolbar: HKU\S-1-5-21-997351180-1135922812-2251577497-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll [2012-09-19] (Skype Technologies)

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2012-08-10] ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-07-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-17] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 panda_url_filtering; C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe [296760 2014-09-19] (Panda Security)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-18] (Panda Security, S.L.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
S4 BthAvrcpTg; No ImagePath
S4 BthHFEnum; No ImagePath
S4 bthhfhid; No ImagePath
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [49936 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.)
R3 panda_url_filteringd; C:\ProgramData\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2015-02-12] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-12] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-10] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-12] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-12] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-12] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-01-29] (Panda Security, S.L.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-09] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-15] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-15] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
R4 ccSet_NIS; \SystemRoot\system32\drivers\NISx64\1400000.088\ccSetx64.sys [X]
R4 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20120611.002\IDSVia64.sys [X]
R4 SRTSPX; \SystemRoot\system32\drivers\NISx64\1400000.088\SRTSPX64.SYS [X]
R4 SymDS; system32\drivers\NISx64\1400000.088\SYMDS64.SYS [X]
R4 SymEFA; system32\drivers\NISx64\1400000.088\SYMEFA64.SYS [X]
R4 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-29 18:59 - 2015-05-29 18:59 - 00020190 _____ () C:\Users\Marcus21189\Desktop\FRST.txt
2015-05-29 18:59 - 2015-05-29 18:59 - 00000000 ____D () C:\FRST
2015-05-29 18:50 - 2015-05-29 18:50 - 02108928 _____ (Farbar) C:\Users\Marcus21189\Desktop\FRST64.exe
2015-05-29 18:50 - 2015-05-29 18:50 - 01147392 _____ (Farbar) C:\Users\Marcus21189\Desktop\FRST.exe
2015-05-29 15:11 - 2015-05-29 15:11 - 00004599 _____ () C:\Users\Marcus21189\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ctfmon.lnk
2015-05-29 14:41 - 2015-05-29 14:41 - 00000000 ____D () C:\Users\Marcus21189\AppData\Roaming\hpqlog
2015-05-29 08:53 - 2015-05-29 08:53 - 00001282 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2015-05-29 08:53 - 2015-05-29 08:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2015-05-29 08:52 - 2015-05-29 08:53 - 175386360 _____ () C:\Users\Marcus21189\Desktop\kav15.0.0.463de-de.exe.3iegn66.partial
2015-05-29 08:51 - 2015-05-29 08:51 - 00000000 ____D () C:\Windows.old
2015-05-29 08:50 - 2015-05-29 08:50 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2015-05-29 08:35 - 2015-05-29 08:35 - 00000000 ____D () C:\Users\Marcus21189\AppData\Local\Razer_Inc
2015-05-29 08:32 - 2015-05-29 08:33 - 00000000 ____D () C:\WINDOWS\LastGood
2015-05-29 08:32 - 2015-05-29 08:32 - 00000000 ____D () C:\ProgramData\panda_url_filtering
2015-05-29 08:32 - 2015-05-29 08:32 - 00000000 ____D () C:\ProgramData\Panda Security URL Filtering
2015-05-29 08:32 - 2015-05-29 08:32 - 00000000 ____D () C:\Program Files (x86)\pandasecuritytb
2015-05-29 08:32 - 2015-01-29 19:21 - 00061712 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2015-05-29 08:31 - 2015-05-29 08:53 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-05-29 08:31 - 2015-05-29 08:33 - 00002196 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus.lnk
2015-05-29 08:31 - 2015-05-29 08:32 - 00000000 ____D () C:\ProgramData\Panda Security
2015-05-29 08:31 - 2015-05-29 08:31 - 00000000 ____D () C:\Users\Marcus21189\AppData\Roaming\Panda Security
2015-05-29 08:31 - 2015-05-29 08:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-05-29 08:30 - 2015-03-03 19:47 - 00129600 _____ (Razer, Inc.) C:\WINDOWS\system32\Drivers\rzpnk.sys
2015-05-29 08:30 - 2015-02-05 01:24 - 00037184 _____ (Razer, Inc.) C:\WINDOWS\system32\Drivers\rzpmgrk.sys
2015-05-29 08:29 - 2015-05-29 08:29 - 00004032 _____ () C:\WINDOWS\System32\Tasks\HPGenoobeReminder
2015-05-29 08:28 - 2015-05-29 08:28 - 59430176 _____ () C:\Users\Marcus21189\Downloads\FREEAV1510.exe
2015-05-29 08:28 - 2015-05-29 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-05-29 08:26 - 2015-05-29 08:31 - 00000000 ____D () C:\ProgramData\Razer
2015-05-29 08:26 - 2015-05-29 08:30 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-05-29 08:24 - 2015-05-29 08:24 - 00000000 ____D () C:\Users\Marcus21189\AppData\Roaming\Macromedia
2015-05-29 08:20 - 2015-05-29 08:20 - 00000000 ____D () C:\$WINDOWS.~BT
2015-05-29 08:18 - 2015-05-29 18:57 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-997351180-1135922812-2251577497-1002
2015-05-29 08:13 - 2015-05-29 14:40 - 00000000 ____D () C:\Users\Marcus21189\AppData\Local\Hewlett-Packard
2015-05-29 08:13 - 2015-05-29 08:13 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2015-05-29 08:13 - 2015-05-29 08:13 - 00000000 ____D () C:\Users\Marcus21189\AppData\Roaming\Synaptics
2015-05-29 08:13 - 2015-05-29 08:13 - 00000000 ____D () C:\Users\Marcus21189\AppData\Local\bluesoleil
2015-05-29 08:12 - 2015-05-29 08:12 - 00001438 _____ () C:\Users\Marcus21189\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-29 08:12 - 2015-05-29 08:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2015-05-29 08:12 - 2015-05-29 08:12 - 00000000 ____D () C:\Users\Marcus21189\AppData\Roaming\Adobe
2015-05-29 08:10 - 2015-05-29 08:10 - 00000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2015-05-29 08:10 - 2015-05-29 08:10 - 00000000 ____D () C:\Users\Marcus21189\AppData\Roaming\Hewlett-Packard
2015-05-29 08:10 - 2015-05-29 08:10 - 00000000 ____D () C:\Users\Marcus21189\AppData\Local\Power2Go8
2015-05-29 08:10 - 2015-05-29 08:10 - 00000000 ____D () C:\Users\Marcus21189\AppData\Local\AuthenTec
2015-05-29 08:09 - 2015-05-29 08:24 - 00000000 ____D () C:\Users\Marcus21189\AppData\Local\Packages
2015-05-29 08:09 - 2015-05-29 08:09 - 00000000 ____D () C:\Users\Marcus21189\AppData\Local\VirtualStore
2015-05-29 08:09 - 2015-05-29 08:09 - 00000000 ____D () C:\ProgramData\TrueSuite
2015-05-29 08:08 - 2015-05-29 18:59 - 00443636 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-29 08:08 - 2015-05-29 08:08 - 00000020 ___SH () C:\Users\Marcus21189\ntuser.ini
2015-05-29 08:04 - 2015-05-29 08:04 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2015-05-29 08:04 - 2015-05-29 08:04 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-05-29 08:04 - 2015-05-29 08:04 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-05-29 08:04 - 2015-05-29 08:04 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2015-05-29 08:04 - 2015-05-29 08:04 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2015-05-29 08:04 - 2015-05-29 08:04 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-05-29 08:04 - 2015-05-29 08:04 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-05-29 08:04 - 2015-05-29 08:04 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-05-29 08:04 - 2015-05-29 08:04 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-05-29 08:04 - 2015-05-29 08:04 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-05-29 08:04 - 2015-05-29 08:04 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2015-05-29 08:04 - 2015-05-29 08:04 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2015-05-29 08:04 - 2015-05-29 08:04 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2015-05-29 08:04 - 2015-05-29 08:04 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-05-29 08:04 - 2015-05-29 08:04 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-05-29 08:04 - 2015-05-29 08:04 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-05-29 08:04 - 2015-05-29 08:04 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2015-05-29 08:04 - 2015-05-29 08:04 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2015-05-29 08:00 - 2015-05-29 08:13 - 00000000 ____D () C:\Users\Marcus21189
2015-05-29 08:00 - 2015-05-29 08:04 - 00030483 _____ () C:\WINDOWS\diagwrn.xml
2015-05-29 08:00 - 2015-05-29 08:04 - 00030483 _____ () C:\WINDOWS\diagerr.xml
2015-05-29 08:00 - 2015-05-29 08:03 - 00000000 ___HD () C:\Users\Sabrina & Lennox\Documents\hp.system.package.metadata
2015-05-29 08:00 - 2015-05-29 08:03 - 00000000 ___HD () C:\Users\Marcus21189\Documents\hp.system.package.metadata
2015-05-29 08:00 - 2015-05-29 08:03 - 00000000 ____D () C:\Users\Sabrina & Lennox
2015-05-29 08:00 - 2015-05-29 08:00 - 00000000 _SHDL () C:\Users\Sabrina & Lennox\Vorlagen
2015-05-29 08:00 - 2015-05-29 08:00 - 00000000 _SHDL () C:\Users\Sabrina & Lennox\Startmenü
2015-05-29 08:00 - 2015-05-29 08:00 - 00000000 _SHDL () C:\Users\Sabrina & Lennox\Netzwerkumgebung
2015-05-29 08:00 - 2015-05-29 08:00 - 00000000 _SHDL () C:\Users\Sabrina & Lennox\Lokale Einstellungen
2015-05-29 08:00 - 2015-05-29 08:00 - 00000000 _SHDL () C:\Users\Sabrina & Lennox\Eigene Dateien
2015-05-29 08:00 - 2015-05-29 08:00 - 00000000 _SHDL () C:\Users\Sabrina & Lennox\Druckumgebung
2015-05-29 08:00 - 2015-05-29 08:00 - 00000000 _SHDL () C:\Users\Sabrina & Lennox\Documents\Eigene Musik
2015-05-29 08:00 - 2015-05-29 08:00 - 00000000 _SHDL () C:\Users\Sabrina & Lennox\Documents\Eigene Bilder
2015-05-29 08:00 - 2015-05-29 08:00 - 00000000 _SHDL () C:\Users\Sabrina & Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-05-29 08:00 - 2015-05-29 08:00 - 00000000 _SHDL () C:\Users\Sabrina & Lennox\AppData\Local\Verlauf
2015-05-29 08:00 - 2015-05-29 08:00 - 00000000 _SHDL () C:\Users\Sabrina & Lennox\AppData\Local\Anwendungsdaten
2015-05-29 08:00 - 2015-05-29 08:00 - 00000000 _SHDL () C:\Users\Sabrina & Lennox\Anwendungsdaten
2015-05-29 08:00 - 2015-05-29 08:00 - 00000000 _SHDL () C:\Users\Marcus21189\Vorlagen
2015-05-29 08:00 - 2015-05-29 08:00 - 00000000 _SHDL () C:\Users\Marcus21189\Startmenü
2015-05-29 08:00 - 2015-05-29 08:00 - 00000000 _SHDL () C:\Users\Marcus21189\Netzwerkumgebung
2015-05-29 08:00 - 2015-05-29 08:00 - 00000000 _SHDL () C:\Users\Marcus21189\Lokale Einstellungen
2015-05-29 08:00 - 2015-05-29 08:00 - 00000000 _SHDL () C:\Users\Marcus21189\Eigene Dateien
2015-05-29 08:00 - 2015-05-29 08:00 - 00000000 _SHDL () C:\Users\Marcus21189\Druckumgebung
2015-05-29 08:00 - 2015-05-29 08:00 - 00000000 _SHDL () C:\Users\Marcus21189\Documents\Eigene Musik
2015-05-29 08:00 - 2015-05-29 08:00 - 00000000 _SHDL () C:\Users\Marcus21189\Documents\Eigene Bilder
2015-05-29 08:00 - 2015-05-29 08:00 - 00000000 _SHDL () C:\Users\Marcus21189\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-05-29 08:00 - 2015-05-29 08:00 - 00000000 _SHDL () C:\Users\Marcus21189\AppData\Local\Verlauf
2015-05-29 08:00 - 2015-05-29 08:00 - 00000000 _SHDL () C:\Users\Marcus21189\AppData\Local\Anwendungsdaten
2015-05-29 08:00 - 2015-05-29 08:00 - 00000000 _SHDL () C:\Users\Marcus21189\Anwendungsdaten
2015-05-29 08:00 - 2012-10-25 12:08 - 00002116 _____ () C:\Users\Sabrina & Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2015-05-29 08:00 - 2012-10-25 12:08 - 00002116 _____ () C:\Users\Marcus21189\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2015-05-29 08:00 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Sabrina & Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-29 08:00 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Sabrina & Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-29 08:00 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Sabrina & Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-29 08:00 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Marcus21189\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-29 08:00 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Marcus21189\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-29 08:00 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Marcus21189\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-29 08:00 - 2012-07-26 10:13 - 00000000 ____D () C:\Users\Sabrina & Lennox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-29 08:00 - 2012-07-26 10:13 - 00000000 ____D () C:\Users\Marcus21189\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-29 07:16 - 2015-05-29 08:19 - 00000000 ___HD () C:\$SysReset
2015-05-24 16:39 - 2015-05-24 16:40 - 00000000 ____D () C:\Users\Marcus21189\Documents\NFS SHIFT
2015-05-10 09:34 - 2015-05-29 14:39 - 00000000 ____D () C:\WarThunder
2015-05-10 09:34 - 2015-05-10 09:34 - 00001462 _____ () C:\Users\Public\Desktop\WarThunder.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-29 19:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-29 18:51 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\restore
2015-05-29 18:50 - 2013-09-03 14:38 - 00000024 _____ () C:\SROF.ini
2015-05-29 18:49 - 2013-04-17 16:26 - 00003620 _____ () C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
2015-05-29 18:49 - 2013-04-17 16:26 - 00000043 _____ () C:\WINDOWS\SysWOW64\LOCALDEVICE.INI
2015-05-29 18:49 - 2012-09-26 09:53 - 00000950 _____ () C:\WINDOWS\SysWOW64\bscs.ini
2015-05-29 10:17 - 2013-04-17 16:26 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-05-29 10:17 - 2013-04-17 16:26 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-05-29 10:17 - 2013-04-17 16:15 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-29 08:51 - 2012-07-26 10:13 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-05-29 08:31 - 2013-04-17 16:46 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2015-05-29 08:31 - 2012-07-26 10:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-05-29 08:31 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-29 08:30 - 2013-04-17 16:17 - 00086788 _____ () C:\WINDOWS\DPINST.LOG
2015-05-29 08:24 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2015-05-29 08:12 - 2013-04-17 16:35 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-05-29 08:12 - 2013-04-17 16:29 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-05-29 08:12 - 2012-10-25 12:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-05-29 08:12 - 2012-10-25 12:11 - 00000000 ___RD () C:\Program Files\Online Services
2015-05-29 08:12 - 2012-10-25 12:11 - 00000000 ___RD () C:\Program Files (x86)\Online Services
2015-05-29 08:12 - 2012-10-25 12:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-05-29 08:12 - 2012-08-04 02:02 - 00000000 ___HD () C:\SYSTEM.SAV
2015-05-29 08:08 - 2013-04-17 16:46 - 00000000 ____D () C:\ProgramData\Norton
2015-05-29 08:08 - 2012-08-04 01:21 - 00000000 ___DC () C:\WINDOWS\Panther
2015-05-29 08:06 - 2012-10-25 21:21 - 00831158 _____ () C:\WINDOWS\system32\perfh007.dat
2015-05-29 08:06 - 2012-10-25 21:21 - 00188760 _____ () C:\WINDOWS\system32\perfc007.dat
2015-05-29 08:06 - 2012-07-26 09:28 - 01952854 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-29 08:04 - 2012-07-26 10:12 - 00000000 __RHD () C:\Users\Public\Libraries
2015-05-29 08:04 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\WinBioDatabase
2015-05-29 08:04 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2015-05-29 08:04 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows NT
2015-05-29 08:04 - 2012-07-26 09:21 - 00041652 _____ () C:\WINDOWS\setupact.log
2015-05-29 08:04 - 2012-07-26 07:37 - 00000000 __RHD () C:\Users\Default
2015-05-29 08:03 - 2012-08-04 00:28 - 00000000 ____D () C:\Users\Administrator
2015-05-29 08:02 - 2012-10-25 12:11 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-05-29 07:59 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-29 07:58 - 2013-04-17 16:04 - 00295920 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-29 07:57 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-29 07:54 - 2012-08-04 00:40 - 00010171 _____ () C:\WINDOWS\iis.log
2015-05-29 07:54 - 2012-07-26 10:13 - 00004552 _____ () C:\WINDOWS\DtcInstall.log
2015-05-29 07:51 - 2012-08-04 00:23 - 00005102 _____ () C:\WINDOWS\PFRO.log

==================== Files in the root of some directories =======

2015-05-29 08:10 - 2015-05-29 08:10 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some files in TEMP:
====================
C:\Users\Marcus21189\AppData\Local\Temp\SEVINST64x86.EXE
C:\Users\Marcus21189\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_15345.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2012-08-04 00:23

==================== End of log ============================
2. Addition :

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by Marcus21189 at 2015-05-29 19:01:07
Running from C:\Users\Marcus21189\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-997351180-1135922812-2251577497-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-997351180-1135922812-2251577497-501 - Limited - Disabled)
Marcus21189 (S-1-5-21-997351180-1135922812-2251577497-1002 - Administrator - Enabled) => C:\Users\Marcus21189
Sabrina & Lennox (S-1-5-21-997351180-1135922812-2251577497-1003 - Limited - Enabled) => C:\Users\Sabrina & Lennox
UpdatusUser (S-1-5-21-997351180-1135922812-2251577497-1005 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {5FD6C936-849B-5CE2-14BA-709E1D6FD1DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {E4B728D2-A2A1-536C-2E0A-4BEC66E89B67}
FW: Panda Firewall (Disabled) {67ED4813-CEF4-5DBA-3FE5-D9ABE3BC96A1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.86 - AuthenTec, Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5712 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2110 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4528 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.5.5811 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{2DEDBE5B-D538-43F3-83A7-B037D6B51A89}) (Version: 4.2.8.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{8704FEEF-A6A8-4E7E-B124-BD6122C66E2C}) (Version: 2.10.42 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{53D3E126-699A-4D92-AA66-6560D573553E}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.244 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6423.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2857 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.9.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-997351180-1135922812-2251577497-500\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
NVIDIA Grafiktreiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.107 - Panda Security)
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.01.00.0000 - Panda Security)
Panda Free Antivirus (Version: 7.81.00.0000 - Panda Security) Hidden
Panda Security Toolbar (HKLM-x32\...\pandasecuritytb) (Version: 4.2.3.1 - Panda Security)
Panda Security URL Filtering (HKLM-x32\...\Panda Security URL Filtering) (Version: 2.0.2.0 - Panda Security)
Ralink Bluetooth Stack64 (HKLM\...\{95DF815D-BE2D-9118-F549-39794C5869CF}) (Version: 9.0.725.0 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.5.0 - Ralink)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.26027 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29034 - Realtek Semiconductor Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.15.0 - Synaptics Incorporated)
Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-997351180-1135922812-2251577497-500_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-997351180-1135922812-2251577497-500_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-997351180-1135922812-2251577497-500_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-997351180-1135922812-2251577497-500_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1E9E0FCC-61EC-4D55-B595-7D800FDE7DA9} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe [2012-09-17] ()
Task: {404D7B43-9B99-48F9-9C4E-909266088A56} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {9AB32A1A-3D89-4805-8379-E1580DCB7D7B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-12] (CyberLink)
Task: {C2FB4DE9-C16F-4D7B-B248-B10EA7C53519} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {C90BE0BD-4C56-49EA-ABFD-FEB3B20434BF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2012-09-27] (Hewlett-Packard Company)
Task: {D0B39202-49DB-41BA-90F4-7F4E1E79FFA6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {F05A359A-94F3-487A-9D2F-E2396354886A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {F1A53367-BD9F-4AFE-B28D-DD5943C875ED} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2012-07-26] (Microsoft Corporation)

==================== Loaded Modules (Whitelisted) ==============

2012-09-06 01:47 - 2012-09-06 01:47 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2012-09-19 18:37 - 2012-09-19 18:37 - 00017160 _____ () C:\Windows\system32\BsHelpCSps.dll
2012-10-12 17:22 - 2012-10-12 17:22 - 00120224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-10-12 17:22 - 2012-10-12 17:22 - 00048544 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-10-12 17:22 - 2012-10-12 17:22 - 00180224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2012-08-10 01:36 - 2012-08-10 01:36 - 04073320 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2012-09-19 18:37 - 2012-09-19 18:37 - 00029960 _____ () C:\Windows\system32\BsTrace.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00062216 _____ () C:\Windows\system32\BlueSoleilCSps.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00363784 _____ () C:\Windows\system32\BsExtendFunc.dll
2012-07-26 09:55 - 2012-07-26 09:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-04-17 16:13 - 2012-09-25 00:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-10 01:36 - 2012-08-10 01:36 - 00255336 _____ () C:\Program Files (x86)\HP SimplePass\DownloadAD.exe
2015-02-05 01:24 - 2015-02-05 01:25 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-05-29 08:53 - 2014-07-11 13:21 - 04623096 _____ () C:\Program Files (x86)\Panda Security\Panda Cloud Cleaner\PCloudCleaner.exe
2012-09-19 18:37 - 2012-09-19 18:37 - 00029960 _____ () C:\WINDOWS\SYSTEM32\BsTrace.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00017160 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00062216 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
2013-04-17 16:21 - 2013-04-17 16:21 - 00017920 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\c75683e43d43d5cdd7b4ffb20431f8fa\PSIClient.ni.dll
2013-04-17 16:12 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-04-17 16:36 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00079624 _____ () C:\WINDOWS\SYSTEM32\BsProfilefunc.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00363784 _____ () C:\WINDOWS\SYSTEM32\BsExtendFunc.dll
2013-04-12 19:23 - 2013-04-12 19:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2015-05-29 08:53 - 2014-02-11 12:36 - 00221480 _____ () C:\Program Files (x86)\Panda Security\Panda Cloud Cleaner\PRSBLib.dll
2015-05-29 08:53 - 2013-07-24 18:33 - 00930784 _____ () C:\Program Files (x86)\Panda Security\Panda Cloud Cleaner\libxml2.dll
2015-05-29 08:53 - 2010-03-30 22:29 - 00279955 _____ () C:\Program Files (x86)\Panda Security\Panda Cloud Cleaner\libidn-11.dll
2015-05-29 08:53 - 2013-06-22 19:23 - 00113166 _____ () C:\Program Files (x86)\Panda Security\Panda Cloud Cleaner\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Sabrina & Lennox\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Sabrina & Lennox\OneDrive.old:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-997351180-1135922812-2251577497-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
HKU\S-1-5-21-997351180-1135922812-2251577497-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5ECD3CA1-9527-4D9C-95F0-BFD0D12461B3}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{722DBFDF-AD8C-425A-8637-77DADC90F785}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3EB759C7-A2EE-4D25-8971-A255829AE010}] => (Allow) LPort=2869
FirewallRules: [{86DB6C8D-13C7-4FAF-8DCF-38B9DD53319B}] => (Allow) LPort=1900
FirewallRules: [{5AFBF5B2-0006-4E28-AF9D-19F7ACC0FCC8}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{48A1E103-FAC6-465C-A778-5E24BF6A47F9}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{F7E9B722-25B5-44D2-8D8B-8C25B5911DE7}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{B6B86FE1-41AC-4BF9-BFF6-9E5A6A78F08B}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{E3F35B69-51B7-4235-BBE5-3BCE04A3B5A3}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{5AA045ED-D520-4729-B203-BD4DE7C077E4}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{C7101201-4FB0-4302-824B-DCCB52E24595}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{689C3D47-851E-4406-853B-B5BAB97A60A7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{B37B0F18-F083-4704-BEE2-CA72A7281A1E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{57738C40-9AA6-49C9-A484-FB1CD368ED07}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0703EFAC-6179-4FF5-997F-EC0FBAA8A134}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F36C7159-4BDA-4CF6-91E1-8F8B61D7FF81}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{292D8B1F-C255-4F7A-A6D0-01EEFFF2296A}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{2A517D5C-C72A-4841-A122-341DC696AC1F}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{31EE32A5-8FD4-440A-857A-E2C8A0CCDC15}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{4492A451-734F-48AE-B82F-B2AAB4DEB41C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{9430FA14-5352-4065-BD6B-792482FB6F7E}] => (Allow) LPort=53000
FirewallRules: [{26CBEC16-0D11-46F0-9419-2AA3339BCD23}] => (Allow) LPort=52000
FirewallRules: [{EBA53758-FEC4-4BAA-9436-0BCB8839ABE1}] => (Allow) C:\Program Files (x86)\pandasecuritytb\dtUser.exe
FirewallRules: [{9A5D0C05-2EE8-474A-92CF-2C2B5754E033}] => (Allow) C:\Program Files (x86)\pandasecuritytb\dtUser.exe
FirewallRules: [{617995B1-8E40-4468-8581-819E4E66DEBB}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{E98274DB-9F5E-4B07-975B-A7D232293E74}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [TCP Query User{D341A8ED-F806-47ED-9C4B-6F47A5A9F612}C:\warthunder\launcher.exe] => (Allow) C:\warthunder\launcher.exe
FirewallRules: [UDP Query User{2757FECA-ECDE-4552-890B-BC29760A3CF8}C:\warthunder\launcher.exe] => (Allow) C:\warthunder\launcher.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/29/2015 06:52:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (05/29/2015 06:52:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (05/29/2015 06:47:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16453 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: d24

Startzeit: 01d09a2ef7b04b83

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID: 4dc5068f-0622-11e5-be73-b8763fa01b4a

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (05/29/2015 06:45:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10207875

Error: (05/29/2015 06:45:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10207875

Error: (05/29/2015 06:45:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/29/2015 06:44:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10147406

Error: (05/29/2015 06:44:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10147406

Error: (05/29/2015 06:44:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/29/2015 06:44:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10132031


System errors:
=============
Error: (05/29/2015 08:32:21 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (05/29/2015 08:25:42 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.

Error: (05/29/2015 08:04:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (05/29/2015 08:04:42 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%2

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (05/29/2015 07:57:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (05/29/2015 07:57:34 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%2

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (05/29/2015 07:56:02 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Netzwerklistendienst" wurde mit folgendem Fehler beendet:
%%21

Error: (05/29/2015 07:56:01 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (05/29/2015 07:54:01 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Netzwerklistendienst" wurde mit folgendem Fehler beendet:
%%21

Error: (05/29/2015 07:53:57 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "IP-Hilfsdienst" wurde mit folgendem Fehler beendet:
%%1058


Microsoft Office:
=========================
Error: (05/29/2015 06:52:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (05/29/2015 06:52:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (05/29/2015 06:47:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE10.0.9200.16453d2401d09a2ef7b04b830C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE4dc5068f-0622-11e5-be73-b8763fa01b4a

Error: (05/29/2015 06:45:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10207875

Error: (05/29/2015 06:45:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10207875

Error: (05/29/2015 06:45:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/29/2015 06:44:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10147406

Error: (05/29/2015 06:44:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10147406

Error: (05/29/2015 06:44:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/29/2015 06:44:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10132031


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 40%
Total physical RAM: 6033.27 MB
Available physical RAM: 3606.3 MB
Total Pagefile: 10129.27 MB
Available Pagefile: 7686.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:574.77 GB) (Free:383.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:20.19 GB) (Free:2.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Need for Speed(TM) SHIFT) (CDROM) (Total:5.43 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: A50E1C7D)

Partition: GPT Partition Type.

==================== End of log ============================

cosinus 31.05.2015 15:22
Was ist mit meiner Frage nach bisherigen Funden und wenn es welche gab, den Logs dazu?


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:48 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55