ZEOK.exe als Malware durch AVAST erkannt. Download nicht möglich

cosinus · 27.11.2014, 09:36

Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

ranxero · 27.11.2014, 13:28

ok hier noch mal die FRST.txt vom aktuellen scan grad eben

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-11-2014 01
Ran by HP (administrator) on HP-HP on 27-11-2014 13:25:24
Running from C:\Users\HP\Desktop\MalwareWar
Loaded Profile: HP (Available profiles: HP)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AVAST Software) C:\projects\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
() C:\projects\ERL593~1.1\ERTS-5~1.1\bin\epmd.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\projects\AVAST Software\Avast\avastui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\projects\eclipse\eclipse.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\HP\Desktop\MalwareWar\FRST(2).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\projects\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-20] (AVAST Software)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\DeviceNP: C:\windows\system32\DeviceNP.dll (Hewlett-Packard Limited)
HKU\S-1-5-21-4093947724-3987431265-750155669-1002\...\Run: [DAEMON Tools Lite] => C:\projects\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-4093947724-3987431265-750155669-1002\...\Run: [Google Update] => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-13] (Google Inc.)
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\projects\AVAST Software\Avast\ashShell.dll (AVAST Software)
CHR HKU\S-1-5-21-4093947724-3987431265-750155669-1002\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4093947724-3987431265-750155669-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-4093947724-3987431265-750155669-1002\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-4093947724-3987431265-750155669-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-4093947724-3987431265-750155669-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4093947724-3987431265-750155669-1002 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4093947724-3987431265-750155669-1002 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll No File
BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\projects\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-4093947724-3987431265-750155669-1002 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\a4m46ss3.default-1411560254280
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\projects\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\projects\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\projects\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4093947724-3987431265-750155669-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\HP\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-4093947724-3987431265-750155669-1002: @talk.google.com/O1DPlugin -> C:\Users\HP\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-4093947724-3987431265-750155669-1002: @tools.google.com/Google Update;version=3 -> C:\Users\HP\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4093947724-3987431265-750155669-1002: @tools.google.com/Google Update;version=9 -> C:\Users\HP\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4093947724-3987431265-750155669-1002: @zoom.us/ZoomVideoPlugin -> C:\Users\HP\AppData\Roaming\Zoom\bin\npzoomplugin.dll (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\HP\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\HP\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-11-17]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-11-17]
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2010-09-20]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\projects\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\projects\AVAST Software\Avast\WebRep\FF [2013-03-29]
FF HKLM\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\projects\Wondershare\Video Converter Ultimate\SVRFirefoxExt
FF Extension: No Name - C:\projects\Wondershare\Video Converter Ultimate\SVRFirefoxExt [2014-04-04]

Chrome: 
=======
CHR HomePage: Default -> https://de.yahoo.com?fr=hp-avast&type=avastbcl
CHR StartupUrls: Default -> "https://de.yahoo.com?fr=hp-avast&type=avastbcl"
CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-12]
CHR Extension: (YouTube) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-11]
CHR Extension: (Firebug Lite for Google Chrome™) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench [2012-11-27]
CHR Extension: (Google-Suche) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-11]
CHR Extension: (Applet2Object) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\djgfnbkiakemcmleeihmdngpamaknnem [2012-11-27]
CHR Extension: (avast! Online Security) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-06]
CHR Extension: (Google Wallet) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-09-24]
CHR Extension: (Google Mail) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-11]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\projects\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-10]
CHR StartMenuInternet: Google Chrome - C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-04] (ActivIdentity)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2010-01-21] (LSI Corporation)
R2 avast! Antivirus; C:\projects\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-10] (AVAST Software)
S3 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [300808 2010-03-31] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\system32\flcdlock.exe [362040 2009-12-07] (Hewlett-Packard Ltd)
R2 HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [142904 2011-09-12] (Hewlett-Packard Company)
R2 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2010-03-17] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [103992 2010-04-05] (Hewlett-Packard)
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [90112 2010-06-14] (Hewlett-Packard Company) [File not signed]
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2010-02-02] (McAfee, Inc.)
R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2010-01-19] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [264248 2010-03-01] (Hewlett-Packard Company)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2010-02-22] (Hewlett-Packard Company) [File not signed]
R2 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [113264 2011-03-16] (Portrait Displays, Inc.)
S2 RabbitMQ; C:\projects\erl5.9.3.1\erts-5.9.3.1\bin\erlsrv.exe [146944 2012-12-06] () [File not signed]
S3 SkypeUpdate; C:\projects\Skype\Updater\Updater.exe [315008 2014-04-03] (Skype Technologies)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [254034 2012-07-25] (IDT, Inc.)
R2 vcsFPService; C:\windows\system32\vcsFPService.exe [1664304 2010-02-18] (Validity Sensors, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [24184 2014-11-10] ()
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [70384 2014-11-10] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [81768 2014-11-10] (AVAST Software)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49944 2014-11-10] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [787800 2014-11-22] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [423784 2014-11-20] (AVAST Software)
S2 aswStm; C:\windows\system32\drivers\aswStm.sys [91496 2014-11-10] (AVAST Software)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [206248 2014-11-10] ()
S3 DAMDrv; C:\windows\System32\DRIVERS\DAMDrv.sys [32312 2009-10-21] (Hewlett-Packard Development Company L.P.)
R1 dtsoftbus01; C:\windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-11-02] (Disc Soft Ltd)
R0 KL1; C:\windows\System32\DRIVERS\kl1.sys [133208 2012-01-09] (Kaspersky Lab ZAO)
R1 kl2; C:\windows\System32\DRIVERS\kl2.sys [11352 2012-01-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\windows\System32\DRIVERS\klif.sys [468272 2012-01-09] (Kaspersky Lab)
S3 L6PODHDBEAN; C:\windows\System32\Drivers\L6PODHDBEAN.sys [583808 2013-09-23] (Line 6)
R2 risdpcie; C:\windows\System32\DRIVERS\risdpe86.sys [47616 2009-10-28] (REDC)
R2 rixdpcie; C:\windows\System32\DRIVERS\rixdpe86.sys [38912 2009-12-11] (REDC)
R1 RsvLock; C:\windows\system32\Drivers\RsvLock.sys [40088 2010-02-02] (McAfee, Inc.)
R0 SafeBoot; C:\windows\system32\Drivers\SafeBoot.sys [110520 2010-02-02] () [File not signed]
S3 Saffire; C:\windows\System32\Drivers\Saffire.sys [172880 2013-09-18] (Focusrite A.E.)
S3 SaffireAudio; C:\windows\System32\drivers\SaffireAudio.sys [38608 2013-09-18] (Focusrite A.E.)
S3 SaffireMidi; C:\windows\System32\drivers\SaffireMidi.sys [31056 2013-09-18] (Focusrite A.E.)
R0 SbAlg; C:\windows\system32\Drivers\SbAlg.sys [51800 2010-02-02] (McAfee, Inc.)
R0 SbFsLock; C:\windows\system32\Drivers\SbFsLock.sys [13256 2010-02-02] (McAfee, Inc.)
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1763968 2010-01-18] ()
S3 SWDUMon; C:\windows\System32\DRIVERS\SWDUMon.sys [13464 2014-04-21] ()
S3 teamviewervpn; C:\windows\System32\DRIVERS\teamviewervpn.sys [25088 2012-11-28] (TeamViewer GmbH)
R3 vpcbus; C:\windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
U5 UnlockerDriver5; C:\projects\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-27 05:46 - 2014-11-27 05:46 - 01109504 _____ (Farbar) C:\Users\HP\Downloads\FRST(2).exe
2014-11-27 05:43 - 2014-11-27 05:43 - 00203075 _____ () C:\Users\HP\Downloads\FRST.exe
2014-11-27 05:38 - 2014-11-27 05:38 - 00001413 _____ () C:\Users\HP\Desktop\JRT.txt
2014-11-27 05:33 - 2014-11-27 05:33 - 00000000 ____D () C:\windows\ERUNT
2014-11-27 05:32 - 2014-11-27 05:32 - 01707532 _____ (Thisisu) C:\Users\HP\Downloads\JRT.exe
2014-11-27 05:21 - 2014-11-27 05:21 - 02148864 _____ () C:\Users\HP\Downloads\AdwCleaner_4.102.exe
2014-11-26 22:28 - 2014-11-26 22:30 - 00042450 _____ () C:\Users\HP\Downloads\Addition.txt
2014-11-26 22:27 - 2014-11-27 05:49 - 00040016 _____ () C:\Users\HP\Downloads\FRST.txt
2014-11-26 22:26 - 2014-11-27 13:25 - 00000000 ____D () C:\FRST
2014-11-26 22:26 - 2014-11-26 22:26 - 01109504 _____ (Farbar) C:\Users\HP\Downloads\FRST(1).exe
2014-11-26 14:51 - 2014-11-26 14:51 - 02886322 _____ () C:\Users\HP\Downloads\zoek(1).zip
2014-11-26 14:41 - 2014-11-26 14:41 - 00602112 _____ (OldTimer Tools) C:\Users\HP\Downloads\OTL(1).exe
2014-11-26 14:20 - 2014-11-26 14:20 - 05249448 _____ (ParetoLogic Inc.) C:\Users\HP\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-11-26 14:17 - 2014-11-26 14:18 - 00602112 _____ (OldTimer Tools) C:\Users\HP\Downloads\otl.exe
2014-11-26 13:39 - 2014-11-26 13:39 - 04123426 _____ () C:\Users\HP\Downloads\zoek.zip
2014-11-26 11:42 - 2014-11-26 11:44 - 70158763 _____ () C:\Users\HP\Downloads\currentDemos-140121.zip
2014-11-26 10:33 - 2014-11-26 10:33 - 00000000 ____D () C:\Users\HP\Downloads\BiometricSDK1_1
2014-11-26 10:32 - 2014-11-26 10:32 - 00860112 _____ () C:\Users\HP\Downloads\BiometricSDK1_1.zip
2014-11-25 09:32 - 2014-11-25 09:33 - 00000000 ____D () C:\Users\HP\Downloads\Aufgabe 2
2014-11-25 09:32 - 2014-11-25 09:32 - 00923215 _____ () C:\Users\HP\Downloads\Aufgabe 2.zip
2014-11-20 21:36 - 2014-11-20 21:51 - 00000954 _____ () C:\Users\HP\Desktop\my-desc.txt
2014-11-20 14:51 - 2014-11-20 14:51 - 02173824 _____ () C:\Users\HP\Downloads\Jars.zip
2014-11-20 14:51 - 2014-11-20 14:51 - 00000000 ____D () C:\Users\HP\Downloads\Jars
2014-11-20 10:32 - 2014-11-26 12:40 - 00000000 ____D () C:\Users\HP\Desktop\FOM-TobiasAlthoff
2014-11-20 09:53 - 2014-11-20 09:53 - 00000050 _____ () C:\Users\HP\Desktop\edita-GEZ.txt
2014-11-19 09:36 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-19 09:36 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-18 17:01 - 2014-11-26 13:25 - 00000356 _____ () C:\Users\HP\Desktop\venues-to-book.txt
2014-11-17 16:10 - 2014-11-17 16:10 - 00001147 _____ () C:\Users\HP\Desktop\drummer-gesucht-141117.txt
2014-11-17 14:07 - 2014-11-17 14:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-16 11:11 - 2014-11-16 11:12 - 21809696 _____ () C:\Users\HP\Downloads\Dufte Musikbar.zip
2014-11-13 23:12 - 2014-11-13 23:12 - 00000000 __SHD () C:\Users\HP\AppData\Local\EmieBrowserModeList
2014-11-13 13:28 - 2014-11-13 13:29 - 00000000 ____D () C:\Users\HP\Downloads\bilder
2014-11-13 13:28 - 2014-11-13 13:28 - 00310856 _____ () C:\Users\HP\Downloads\bilder.zip
2014-11-12 12:50 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-12 12:50 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-12 12:50 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-12 12:50 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-12 12:50 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-12 12:50 - 2014-10-10 01:45 - 02379264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-12 12:50 - 2014-10-03 02:44 - 00475136 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-12 12:50 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-12 12:50 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-12 12:50 - 2014-10-03 02:44 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-12 12:50 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-12 12:50 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-12 12:50 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-12 12:50 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-12 12:50 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-12 12:50 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-12 12:50 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-12 12:50 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-12 12:50 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-12 12:50 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-12 12:49 - 2014-10-14 02:56 - 00136632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-12 12:49 - 2014-10-14 02:50 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-12 12:49 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-12 12:48 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-12 12:48 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-12 12:48 - 2014-11-06 04:28 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-11-12 12:48 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-12 12:48 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-12 12:48 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-11-12 12:48 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-12 12:48 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-11-12 12:48 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-12 12:48 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-12 12:48 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-12 12:48 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-12 12:48 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-12 12:48 - 2014-11-06 03:59 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-11-12 12:48 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-11-12 12:48 - 2014-11-06 03:51 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-11-12 12:48 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-12 12:48 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 12:48 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-12 12:48 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-12 12:48 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-12 12:48 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-12 12:48 - 2014-11-06 03:22 - 00683008 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-12 12:48 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-12 12:48 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-12 12:48 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-11-12 12:48 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-12 12:48 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-12 12:48 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-12 12:48 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-11-10 17:21 - 2014-11-10 17:21 - 00291352 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-11-10 17:21 - 2014-11-10 17:21 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-11-07 00:57 - 2014-11-07 00:57 - 01215010 _____ () C:\Users\HP\Downloads\D.zip
2014-11-07 00:57 - 2014-11-07 00:57 - 00000000 ____D () C:\Users\HP\Downloads\D
2014-11-05 15:33 - 2014-11-12 13:56 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Line 6
2014-11-05 15:30 - 2014-11-05 15:31 - 00004428 _____ () C:\windows\DPINST.LOG
2014-11-05 15:30 - 2014-11-05 15:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Line 6
2014-11-05 15:30 - 2014-11-05 15:30 - 00000000 ____D () C:\Users\HP\Documents\Line 6
2014-11-05 15:30 - 2014-11-05 15:30 - 00000000 ____D () C:\ProgramData\Line 6
2014-11-05 15:26 - 2014-11-05 15:27 - 36242784 _____ () C:\Users\HP\Downloads\POD HD Edit v2.23 Installer.exe
2014-11-05 15:17 - 2014-11-07 10:28 - 00000000 ____D () C:\Users\HP\Desktop\Line6-PODHD
2014-11-04 23:21 - 2014-11-04 23:22 - 00000293 _____ () C:\Users\HP\Desktop\proberaum.txt
2014-11-04 13:33 - 2014-11-04 13:35 - 00000000 ____D () C:\Users\HP\Downloads\build-basic-responsive-site-css-demo
2014-11-04 13:33 - 2014-11-04 13:33 - 00088493 _____ () C:\Users\HP\Downloads\netmag-build-a-basic-responsive-site-with-css.zip
2014-11-04 13:33 - 2014-11-04 13:33 - 00088493 _____ () C:\Users\HP\Downloads\build-basic-responsive-site-css-demo.zip
2014-11-04 13:33 - 2014-11-04 13:33 - 00000000 ____D () C:\Users\HP\Downloads\netmag-build-a-basic-responsive-site-with-css
2014-11-04 01:00 - 2014-11-05 13:33 - 00000000 ____D () C:\Users\HP\Desktop\Codementor
2014-11-03 18:59 - 2014-11-03 18:59 - 00000000 ____D () C:\Users\HP\AppData\Roaming\MSPS
2014-11-03 14:06 - 2014-11-03 14:06 - 00000000 ____D () C:\Users\HP\Downloads\jexcelapi_2_6_12
2014-11-02 16:48 - 2014-11-02 16:48 - 00001118 _____ () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-02 15:21 - 2014-11-27 05:27 - 00001037 _____ () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-11-02 15:18 - 2014-11-02 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-11-02 15:17 - 2014-11-02 15:17 - 00243128 _____ (Disc Soft Ltd) C:\windows\system32\Drivers\dtsoftbus01.sys
2014-11-02 15:16 - 2014-11-02 15:19 - 00000000 ____D () C:\Users\HP\AppData\Roaming\DAEMON Tools Lite
2014-11-01 09:30 - 2014-11-01 09:30 - 00000000 ____D () C:\Users\HP\AppData\Roaming\JetBrains
2014-11-01 09:28 - 2014-11-01 09:28 - 00000000 ____D () C:\Users\HP\.AndroidStudioBeta
2014-10-30 11:23 - 2014-10-30 15:09 - 00000294 _____ () C:\Users\HP\.genymotion-eclipse.log
2014-10-30 11:17 - 2014-11-25 10:26 - 00000000 ____D () C:\Users\HP\AppData\Local\Genymobile
2014-10-30 11:17 - 2014-11-25 10:23 - 00000000 ____D () C:\Users\HP\.VirtualBox
2014-10-30 11:15 - 2014-10-30 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2014-10-30 11:15 - 2013-04-12 12:33 - 00188176 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxDrv.sys
2014-10-30 11:15 - 2013-04-12 12:33 - 00094480 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxUSBMon.sys
2014-10-30 11:13 - 2014-10-30 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genymotion
2014-10-28 15:27 - 2014-10-28 15:27 - 00000000 ____D () C:\Users\HP\Downloads\Angular-Design-Patterns-Best-Practices-master

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-27 13:25 - 2013-03-29 09:53 - 00000000 ____D () C:\Users\HP\Desktop\MalwareWar
2014-11-27 13:24 - 2009-07-14 05:34 - 00020720 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-27 13:24 - 2009-07-14 05:34 - 00020720 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-27 13:20 - 2011-11-24 23:41 - 02046272 _____ () C:\windows\WindowsUpdate.log
2014-11-27 13:18 - 2012-07-13 17:37 - 00000000 ____D () C:\Users\HP\AppData\Local\Eclipse
2014-11-27 13:16 - 2010-09-20 15:34 - 00000000 ____D () C:\ProgramData\HPQLOG
2014-11-27 13:15 - 2014-07-17 09:22 - 00016300 _____ () C:\windows\setupact.log
2014-11-27 13:15 - 2013-07-15 19:23 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-27 13:15 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-27 05:42 - 2012-10-05 08:13 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-27 05:28 - 2014-08-16 08:23 - 00008622 _____ () C:\windows\PFRO.log
2014-11-27 05:27 - 2013-09-07 14:08 - 00000000 ____D () C:\AdwCleaner
2014-11-27 05:27 - 2013-05-24 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-27 05:15 - 2012-07-13 16:46 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4093947724-3987431265-750155669-1002UA.job
2014-11-27 05:12 - 2013-07-15 19:23 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-26 15:15 - 2012-07-13 16:46 - 00001056 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4093947724-3987431265-750155669-1002Core.job
2014-11-26 14:21 - 2012-07-13 10:29 - 00000000 ____D () C:\projects
2014-11-26 11:57 - 2014-03-15 11:04 - 03538944 _____ () C:\Users\HP\Desktop\venuesAndBookings.accdb
2014-11-26 11:46 - 2013-09-05 12:13 - 17956864 _____ () C:\Users\HP\Desktop\mib.accdb
2014-11-25 23:42 - 2012-07-14 13:30 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-11-25 23:42 - 2012-07-14 13:30 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-25 22:23 - 2013-03-15 18:32 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Skype
2014-11-25 20:24 - 2012-07-13 16:33 - 00000000 ____D () C:\Users\HP\AppData\Roaming\FileZilla
2014-11-25 12:38 - 2010-09-20 15:18 - 01619284 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-24 13:18 - 2012-07-25 07:17 - 00000308 _____ () C:\windows\Tasks\HPCeeScheduleForHP.job
2014-11-23 20:16 - 2012-07-13 11:00 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Mozilla
2014-11-22 15:18 - 2013-10-26 00:00 - 00000000 ____D () C:\Users\HP\AppData\Roaming\vlc
2014-11-22 09:59 - 2014-09-21 17:40 - 00000511 _____ () C:\Users\HP\Desktop\Musicians.txt
2014-11-22 09:51 - 2013-03-29 13:04 - 00787800 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-11-20 20:52 - 2013-03-29 13:04 - 00423784 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-11-18 09:35 - 2012-07-13 16:22 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-12 23:49 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\rescache
2014-11-12 16:10 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-11-12 14:24 - 2009-07-14 05:33 - 00412096 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-12 14:02 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\de-DE
2014-11-12 12:56 - 2012-07-13 17:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-10 17:21 - 2014-04-18 18:08 - 00024184 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-11-10 17:21 - 2013-12-19 14:13 - 00091496 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2014-11-10 17:21 - 2013-03-29 13:04 - 00206248 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-11-10 17:21 - 2013-03-29 13:04 - 00081768 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-11-10 17:21 - 2013-03-29 13:04 - 00070384 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-11-10 17:21 - 2013-03-29 13:04 - 00049944 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-11-04 14:30 - 2012-07-13 16:45 - 00229000 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-11-03 10:15 - 2014-07-21 19:13 - 00000000 ____D () C:\Users\HP\Desktop\Android-All
2014-11-02 15:20 - 2012-07-13 16:55 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-11-01 10:02 - 2012-11-21 12:44 - 00000000 ____D () C:\Users\HP\.gradle
2014-11-01 09:51 - 2014-09-14 10:49 - 00000000 ____D () C:\Users\HP\.android
2014-11-01 09:28 - 2012-06-26 16:48 - 00000000 ____D () C:\Users\HP
2014-10-29 06:13 - 2014-08-26 09:42 - 00000000 ____D () C:\Users\HP\AppData\Local\Adobe

Some content of TEMP:
====================
C:\Users\HP\AppData\Local\Temp\bitool.dll
C:\Users\HP\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\HP\AppData\Local\Temp\L6GPInst.dll
C:\Users\HP\AppData\Local\Temp\Quarantine.exe
C:\Users\HP\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\HP\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-10 11:49

==================== End Of Log ============================

--- --- ---

und die Addition.txt

FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-11-2014 01
Ran by HP at 2014-11-27 13:26:32
Running from C:\Users\HP\Desktop\MalwareWar
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
ActivClient x86 (HKLM\...\{1BE8806A-84F8-4655-A381-0D5524430944}) (Version: 6.2 - ActivIdentity)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.8) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Android SDK Tools (HKLM\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
AnyVideo Converter HD (HKLM\...\{2BA688E3-3381-4D29-8312-EE95CC41E26C}) (Version: 2.1.3 - vivica)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{C3FC277D-B89D-572A-AF44-F3870B2838B4}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
Blue Cat's Chorus VST 4.01 (HKLM\...\{16414746-4C9F-45F5-9D0B-1BB2F257710A}) (Version: 4.01 - Blue Cat Audio)
Blue Cat's Flanger VST 3.01 (HKLM\...\{AD5E66F6-AABE-4C99-B302-8C1545DD898F}) (Version: 3.01 - Blue Cat Audio)
Blue Cat's Freeware Pack VST 2.01 (HKLM\...\{0EB8339B-59A8-46e5-9D41-44458EBD7085}) (Version: 2.01 - Blue Cat Audio)
Blue Cat's FreqAnalyst VST 2.01 (HKLM\...\{44D94F3A-D38C-48DF-AEF7-4CD8B078F30F}) (Version: 2.01 - Blue Cat Audio)
Blue Cat's Gain Suite VST 3.01 (HKLM\...\{07C621A7-3284-4AD4-AFC8-7F41C475F056}) (Version: 3.01 - Blue Cat Audio)
Blue Cat's Phaser VST 3.01 (HKLM\...\{697CE55E-469F-4FB7-9FB6-8CC4E50852B2}) (Version: 3.01 - Blue Cat Audio)
Blue Cat's Triple EQ VST 4.01 (HKLM\...\{F2D66909-5A27-4F0F-8E53-18BAE15178EC}) (Version: 4.01 - Blue Cat Audio)
Broadcom 2070 Bluetooth 2.1 + EDR (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.35 - Broadcom Corporation)
ccc-core-static (Version: 2010.0408.1106.18043 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Composer - Php Dependency Manager (HKLM\...\{7315AF68-E777-496A-A6A2-4763A98ED35A}_is1) (Version:  - getcomposer.org)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.1.6 - Hewlett-Packard)
DIG 2.0 (HKLM\...\DIG 2.0_is1) (Version:  - )
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
Drive Encryption for HP ProtectTools (HKLM\...\Drive Encryption) (Version: 5.0.6.0 - Hewlett-Packard)
Drive Encryption for HP ProtectTools (Version: 5.0.6.0 - Hewlett-Packard) Hidden
Energy Star Digital Logo (HKLM\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ffdshow v1.2.4422 [2012-04-09] (HKLM\...\ffdshow_is1) (Version: 1.2.4422.0 - )
File Sanitizer For HP ProtectTools (HKLM\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 5.0.1.3 - Hewlett-Packard)
FileZilla Client 3.9.0.5 (HKLM\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
Genymotion version 2.3.0 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.3.0 - Genymobile)
Git version 1.9.4-preview20140611 (HKLM\...\Git_is1) (Version: 1.9.4-preview20140611 - The Git Development Community)
GlaceVerb 1.01 (HKLM\...\GlaceVerb_is1) (Version:  - Dasample)
Google Chrome (HKU\S-1-5-21-4093947724-3987431265-750155669-1002\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{24DA8058-C0E5-351B-8B55-F6DC5A2B22EF}) (Version: 5.38.7.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Web Toolkit Developer Plugin for IE (x86) (HKLM\...\{0402D28F-B9B7-4983-93FC-DBF673736D3F}) (Version: 1.2.9570 - Google)
Graphviz (HKLM\...\{884CF059-9A11-4DF7-A2A7-17EFE90B9278}) (Version: 2.38 - AT&T Research Labs.)
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP 3D DriveGuard (HKLM\...\{299625B9-6C69-462C-9CEA-8E06D878B1C5}) (Version: 4.0.5.1 - Hewlett-Packard Company)
HP Advisor (HKLM\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Documentation (HKLM\...\{4054365C-8CD6-4F08-A2F9-44CADFD7A9D0}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM\...\{D9989A13-B173-4048-B8A5-93C204DCB1B3}) (Version: 1.1.6.1 - Hewlett-Packard Company)
HP HotKey Support (HKLM\...\{4BBA5224-C5B1-4B8C-AAA4-68DA6654B9C1}) (Version: 3.5.15.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{09A06482-FAF9-4DC5-9EC7-D340B394E22A}) (Version: 2.0.6.0 - Hewlett-Packard Company)
HP Power Data (HKLM\...\{5CEE98FB-1963-4662-A780-410DA4533D53}) (Version: 1.0.35.187 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 5.07.711 - Hewlett-Packard)
HP QuickLook (HKLM\...\{E6BEE2A9-04CF-42FF-B95B-BB70FAD2DC3E}) (Version: 3.3.1.4 - Hewlett-Packard Company)
HP QuickWeb (HKLM\...\{7861911B-4270-498A-8F7A-FCF0570F48E3}) (Version: 1.0.1.74 - DeviceVM, Inc.)
HP Setup (HKLM\...\{96AC1B0B-02D1-4FAA-9C1E-C92ECA74921A}) (Version: 8.2.4130.3367 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM\...\{2DA697D7-FED3-4DE2-A174-92A2A12F9688}) (Version: 3.0.5.0 - Hewlett-Packard Company)
HP Software Framework (HKLM\...\{DA200FDD-DE3D-4958-8465-C4FBC869544B}) (Version: 3.5.20.1 - Hewlett-Packard Company)
HP Software Setup (HKLM\...\{04801E42-B1A6-4C52-9F3D-CADB5A050433}) (Version: 7.0.1.6 - Hewlett-Packard Company)
HP Support Assistant (HKLM\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP Webcam (HKLM\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.26.3 - Roxio)
HP Webcam Driver (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50012.1 - Sonix)
HP Wireless Assistant (HKLM\...\{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}) (Version: 4.0.6.0 - Hewlett-Packard)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6300.0 - IDT)
ImageMagick 6.8.9-8 Q16 (32-bit) (2014-09-15) (HKLM\...\ImageMagick 6.8.9 Q16 (32-bit)_is1) (Version: 6.8.9 - ImageMagick Studio LLC)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Card Security for HP ProtectTools (HKLM\...\{F4477CC0-7293-414A-93BC-20EE897A80F0}) (Version: 5.0.4.1 - Hewlett-Packard)
Java DB 10.6.2.1 (HKLM\...\{73EC658D-A1C6-40CA-8E86-E05821BAACE7}) (Version: 10.6.2.1 - Oracle)
Java SE Development Kit 7 Update 45 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Java SE Development Kit 8 Update 20 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
Java(TM) SE Development Kit 7 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170000}) (Version: 1.7.0.0 - Oracle)
JavaFX Scene Builder 2.0 (HKLM\...\{B4665EB1-1F7A-44F5-AD07-C20A938E8BC2}) (Version: 2.0 - Oracle)
LightScribe System Software (HKLM\...\{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}) (Version: 1.18.12.1 - LightScribe)
Line 6 Uninstaller (HKLM\...\Line 6 Uninstaller) (Version:  - Line 6)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
MeldaProduction MFreeEffectsBundle 7 (HKLM\...\MeldaProduction MFreeEffectsBundle 7) (Version:  - MeldaProduction)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 de) (HKLM\...\Mozilla Firefox 33.1.1 (x86 de)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Node.js (HKLM\...\{1DC1EC3E-C400-4945-BADA-BBD09F375978}) (Version: 0.10.29 - Joyent, Inc. and other Node contributors)
Notepad++ (HKLM\...\Notepad++) (Version: 6.2 - )
Oracle VM VirtualBox 4.2.12 (HKLM\...\{5FA29565-1B72-488F-B975-E3C76F179F36}) (Version: 4.2.12 - Oracle Corporation)
Privacy Manager for HP ProtectTools (HKLM\...\{350F790E-5C32-4B3A-8AAB-B0478BB76D11}) (Version: 5.10.796 - Hewlett-Packard)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RICOH Media Driver (HKLM\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.14.00.05 - RICOH)
Ruby 1.9.3-p545 (HKU\S-1-5-21-4093947724-3987431265-750155669-1002\...\{17E73B15-62D2-43FD-B851-ACF86A8C9D25}_is1) (Version: 1.9.3-p545 - RubyInstaller Team)
Saffire MixControl 3.3 (HKLM\...\Saffire PRO 40_is1) (Version: 3.3 - Focusrite Audio Engineering Ltd.)
SDK (Version: 2.26.012 - Portrait Displays, Inc.) Hidden
Seven Phases Spectrum Analyzer (HKU\S-1-5-21-4093947724-3987431265-750155669-1002\...\Seven Phases Spectrum Analyzer) (Version:  - )
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Steinberg Cubase 5 (HKLM\...\{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}) (Version: 5.1.0 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 1.0.0.1 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Additional Content Set 01 (HKLM\...\{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}) (Version: 1.0.0.001 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Expression Set (HKLM\...\{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}) (Version: 1.0.1.0 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Pro Set (HKLM\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Drum Set (HKLM\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Set (HKLM\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content (HKLM\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 1.0.0.005 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 1.0.0.006 - Steinberg Media Technologies GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKU\S-1-5-21-4093947724-3987431265-750155669-1002\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Theft Recovery (HKLM\...\InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}) (Version: 5.1.0.21 - Hewlett-Packard)
Theft Recovery (Version: 5.1.0.21 - Hewlett-Packard) Hidden
Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Validity Fingerprint Driver (HKLM\...\{78365FC6-09CA-4AC3-BC01-70FB46596047}) (Version: 4.0.15.0 - Validity Sensors, Inc.)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-4093947724-3987431265-750155669-1002\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows 7 Default Setting (HKLM\...\{5BF8E079-D6E2-4323-B794-75152371122A}) (Version: 1.0.1.7 - Hewlett-Packard Company)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (12/16/2009 6.2.0.9414) (HKLM\...\0973B297E079B467E3776E59F763D63FD557795B) (Version: 12/16/2009 6.2.0.9414 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinHTTrack Website Copier 3.48-1 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.1 - HTTrack)
Wondershare Video Converter Ultimate(Build 7.0.0.3) (HKLM\...\Wondershare Video Converter Ultimate_is1) (Version: 7.0.0.3 - Wondershare Software)
XAMPP (HKLM\...\xampp) (Version: 1.8.3-4 - Bitnami)
ZoneAlarm Antivirus (Version: 10.2.064.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (Version: 11.0.000.018 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security (Version: 11.0.000.018 - Check Point Software Technologies Ltd.) Hidden
Zoom (HKU\S-1-5-21-4093947724-3987431265-750155669-1002\...\ZoomUMX) (Version: 3.0 - Zoom Video Communications, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4093947724-3987431265-750155669-1002_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4093947724-3987431265-750155669-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4093947724-3987431265-750155669-1002_Classes\CLSID\{1A2A78F4-B5A4-4208-B520-BDDA0A7EC5CB}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Google\Google Web Toolkit\Developer Plugin\IE\Win32\oophm.dll No File
CustomCLSID: HKU\S-1-5-21-4093947724-3987431265-750155669-1002_Classes\CLSID\{1D6156B6-002B-49E7-B5CA-C138FB843B4E}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Google\Google Web Toolkit\Developer Plugin\IE\Win32\oophm.dll No File
CustomCLSID: HKU\S-1-5-21-4093947724-3987431265-750155669-1002_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4093947724-3987431265-750155669-1002_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4093947724-3987431265-750155669-1002_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-4093947724-3987431265-750155669-1002_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4093947724-3987431265-750155669-1002_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\HP\AppData\Local\Google\Chrome\Application\39.0.2171.71\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4093947724-3987431265-750155669-1002_Classes\CLSID\{644FD769-8B9D-4AC4-A79E-AAAF5CD751C1}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Google\Google Web Toolkit\Developer Plugin\IE\Win32\oophm.dll No File
CustomCLSID: HKU\S-1-5-21-4093947724-3987431265-750155669-1002_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-4093947724-3987431265-750155669-1002_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4093947724-3987431265-750155669-1002_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4093947724-3987431265-750155669-1002_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\projects\Git\git-cheetah\git_shell_ext.dll ()
CustomCLSID: HKU\S-1-5-21-4093947724-3987431265-750155669-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4093947724-3987431265-750155669-1002_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4093947724-3987431265-750155669-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)

==================== Restore Points  =========================

09-11-2014 14:06:55 Windows Update
10-11-2014 16:20:14 avast! antivirus system restore point
12-11-2014 11:50:44 Windows Update
18-11-2014 12:40:46 Windows Update
19-11-2014 08:36:33 Windows Update
25-11-2014 19:16:14 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2012-10-22 11:59 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0DE2272D-359A-4BED-9681-4E7ED6B94A5C} - System32\Tasks\Registration => C:\Program Files\Hewlett-Packard\HP Setup\RemEngine.exe [2010-04-22] ()
Task: {13B9CA3A-880C-4913-927A-243DEEC73600} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {2683B56A-4B2C-4642-BFE3-8EF0C383CDEF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {36604D7F-7E03-4CAB-B6EA-9D7FD9BE0265} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-15] (Google Inc.)
Task: {3886ADA6-A100-4C7C-B17B-18E46056CBBA} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-25] (Adobe Systems Incorporated)
Task: {3EFA0F47-FE62-4966-9A5E-9DD72B75A28B} - System32\Tasks\Notebookschoner => C:\Users\HP\Documents\Notebookschoner\Screen.exe
Task: {40BC610C-A44D-4302-9916-4200D2BFDDD0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4093947724-3987431265-750155669-1002Core => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-13] (Google Inc.)
Task: {4ABCC136-29E4-4F36-8DB3-A5A9AAA20CE6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {4D7D6387-A262-4649-9245-51939E976F71} - System32\Tasks\Google Updater and Installer => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-13] (Google Inc.)
Task: {6F15CA53-09B4-4A94-A046-CD342286FBCD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-15] (Google Inc.)
Task: {7B9A03AB-5E0C-475A-847C-2E31AE2ECE18} - System32\Tasks\HPCeeScheduleForHP => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {8CAE12A5-5E1F-422B-B622-4C4DC97B43EA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {92101CD0-7FF0-4107-B3D9-03006698F40F} - System32\Tasks\SpottyFiles Update => C:\Program Files\SpottyFiles\SpottyFilesUpdater.exe
Task: {A7DA4E22-0180-465C-A676-193FAE7B3BA9} - System32\Tasks\avast! Emergency Update => C:\projects\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-10] (AVAST Software)
Task: {B0E20778-3AC3-48EE-8A00-A450E1757F6A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {B4B4DA66-738E-485F-8EBB-B8D92EDCBB7E} - System32\Tasks\{75358032-1B3D-45C4-94E8-B7FB09D7BF52} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.107/de/abandoninstall?page=tsProgressBar
Task: {B5C323EE-5D6A-4A2B-84F4-77E60CA7122E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {BAF24584-00FA-4C79-AAE3-E44D2A486BD0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4093947724-3987431265-750155669-1002UA => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-13] (Google Inc.)
Task: {DF99DF47-3699-43C3-A0A3-1F8FF22EF9CD} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {F8E51955-9AF2-457C-9B71-D3151F21FA01} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2012-07-30] (Microsoft)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4093947724-3987431265-750155669-1002Core.job => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4093947724-3987431265-750155669-1002UA.job => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForHP.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2014-11-27 01:13 - 2014-11-27 01:13 - 02903552 _____ () C:\projects\AVAST Software\Avast\defs\14112601\algo.dll
2014-09-06 17:44 - 2014-09-06 17:44 - 00035328 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll
2010-07-04 22:32 - 2010-07-04 22:32 - 00010752 _____ () C:\projects\Unlocker\UnlockerCOM.dll
2014-04-04 11:29 - 2013-08-07 13:31 - 00214528 _____ () C:\Windows\System32\WSCM32.dll
2014-07-07 18:46 - 2014-06-12 15:09 - 00334464 _____ () C:\projects\Git\git-cheetah\git_shell_ext.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00260096 _____ () C:\projects\Notepad++\NppShell_05.dll
2012-12-06 19:48 - 2012-12-06 19:48 - 00035840 _____ () C:\projects\ERL593~1.1\ERTS-5~1.1\bin\epmd.exe
2014-11-10 17:21 - 2014-11-10 17:21 - 38562088 _____ () C:\projects\AVAST Software\Avast\libcef.dll
2012-07-13 17:35 - 2013-02-04 13:05 - 00319488 _____ () C:\projects\eclipse\eclipse.exe
2013-05-03 10:44 - 2012-10-03 11:53 - 00053248 _____ () C:\projects\eclipse\plugins\org.eclipse.equinox.launcher.win32.win32.x86_1.1.200.v20120913-144807\eclipse_1503.dll
2013-12-12 13:34 - 2013-12-12 13:34 - 00047616 _____ () C:\projects\eclipse\configuration\org.eclipse.osgi\bundles\3283\1\.cp\os\win32\x86\localfile_1_0_0.dll
2014-09-01 11:41 - 2014-09-01 11:41 - 00032768 _____ () C:\projects\eclipse\configuration\org.eclipse.osgi\bundles\3288\1\.cp\os\win32\x86\win32refresh.dll
2013-12-12 13:34 - 2013-12-12 13:34 - 00044544 _____ () C:\projects\eclipse\configuration\org.eclipse.osgi\bundles\3286\1\.cp\jWinHttp-1.0.0.dll
2014-09-01 11:41 - 2014-09-01 11:41 - 00095685 _____ () C:\projects\eclipse\configuration\org.eclipse.osgi\bundles\4315\1\.cp\os\win32\x86\jnotify.dll
2011-09-12 16:14 - 2011-09-12 16:14 - 00891960 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2010-04-05 19:12 - 2010-04-05 19:12 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2014-11-17 14:07 - 2014-11-17 14:07 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-4093947724-3987431265-750155669-500 - Administrator - Disabled)
Gast (S-1-5-21-4093947724-3987431265-750155669-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4093947724-3987431265-750155669-1004 - Limited - Enabled)
HP (S-1-5-21-4093947724-3987431265-750155669-1002 - Administrator - Enabled) => C:\Users\HP

==================== Faulty Device Manager Devices =============

Name: HP Integrated Module with Bluetooth 2.1 Wireless Technology
Description: HP Integrated Module with Bluetooth 2.1 Wireless Technology
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (11/27/2014 01:16:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "RabbitMQ" wurde mit folgendem Fehler beendet: 
%%1067

Error: (11/27/2014 01:16:03 PM) (Source: ErlSrv) (EventID: 17) (User: )
Description: RabbitMQ: Erlang machine stopped instantly (distribution name conflict?). The service is not restarted as OnFail is set to ignore.

Error: (11/27/2014 05:45:34 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "RabbitMQ" wurde mit folgendem Fehler beendet: 
%%1067

Error: (11/27/2014 05:45:34 AM) (Source: ErlSrv) (EventID: 17) (User: )
Description: RabbitMQ: Erlang machine stopped instantly (distribution name conflict?). The service is not restarted as OnFail is set to ignore.


Microsoft Office Sessions:
=========================
Error: (11/25/2014 04:15:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 13173 seconds with 3300 seconds of active time.  This session ended with a crash.

Error: (12/28/2013 00:39:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 7363 seconds with 720 seconds of active time.  This session ended with a crash.

Error: (12/17/2013 08:29:02 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2566 seconds with 1980 seconds of active time.  This session ended with a crash.

Error: (09/14/2013 06:12:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1633 seconds with 1380 seconds of active time.  This session ended with a crash.

Error: (09/13/2013 09:22:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 702 seconds with 660 seconds of active time.  This session ended with a crash.

Error: (01/07/2013 04:10:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 22893 seconds with 540 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-04-14 20:52:04.250
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-14 20:25:16.178
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-14 19:19:13.301
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-14 18:48:10.722
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-14 17:40:32.176
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-14 17:25:55.017
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-14 15:43:21.333
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-14 15:32:11.138
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-14 15:14:34.904
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-14 15:06:00.537
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD Phenom(tm) II N850 Triple-Core Processor
Percentage of memory in use: 60%
Total physical RAM: 2806.43 MB
Available physical RAM: 1099.95 MB
Total Pagefile: 5611.15 MB
Available Pagefile: 3237.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.72 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:280.8 GB) (Free:127.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.48 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2A72D50E)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=280.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End Of Log ============================

--- --- ---

cosinus · 27.11.2014, 15:27

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Toolbar: HKU\S-1-5-21-4093947724-3987431265-750155669-1002 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
CHR HKU\S-1-5-21-4093947724-3987431265-750155669-1002\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4093947724-3987431265-750155669-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
EmptyTemp:
Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

ranxero · 27.11.2014, 16:23

fixlog

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-11-2014 01
Ran by HP at 2014-11-27 16:16:23 Run:1
Running from C:\Users\HP\Desktop\MalwareWar
Loaded Profile: HP (Available profiles: HP)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Toolbar: HKU\S-1-5-21-4093947724-3987431265-750155669-1002 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
CHR HKU\S-1-5-21-4093947724-3987431265-750155669-1002\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4093947724-3987431265-750155669-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
EmptyTemp:
Hosts:

*****************

HKU\S-1-5-21-4093947724-3987431265-750155669-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => value deleted successfully.
"HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" => Key not found.
"HKU\S-1-5-21-4093947724-3987431265-750155669-1002\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-4093947724-3987431265-750155669-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 3.2 GB temporary data.


The system needed a reboot. 

==== End of Fixlog ====

cosinus · 27.11.2014, 16:59

Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

ranxero · 27.11.2014, 18:19

mbam.txt

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 27.11.2014
Scan Time: 17:55:49
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.27.06
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: HP

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 304011
Time Elapsed: 13 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.Neurowise.A, HKLM\SOFTWARE\neurowise, Quarantined, [853dbf81e498290d8678b59d8f74b64a], 
PUP.Optional.Neurowise.A, HKU\S-1-5-21-4093947724-3987431265-750155669-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\neurowise, Quarantined, [8141ae924e2ead89b14e96bcee15d828], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.SnapDo.A, C:\Windows\Installer\15dd380.msi, Quarantined, [f3cf57e9e09c44f25bfbd3cc8879e31d], 
PUP.Optional.SmartBar, C:\Windows\Installer\MSI2F44.tmp-\Smartbar.Installer.CustomActions.dll, Quarantined, [00c24ef2106c9d99dc8861cdac5416ea], 

Physical Sectors: 0
(No malicious items detected)


(end)

mbam-protection.txt

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 27.11.2014
Scan Time: 17:55:49
Logfile: mbam-protection.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.27.06
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: HP

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 304011
Time Elapsed: 13 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.Neurowise.A, HKLM\SOFTWARE\neurowise, Quarantined, [853dbf81e498290d8678b59d8f74b64a], 
PUP.Optional.Neurowise.A, HKU\S-1-5-21-4093947724-3987431265-750155669-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\neurowise, Quarantined, [8141ae924e2ead89b14e96bcee15d828], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.SnapDo.A, C:\Windows\Installer\15dd380.msi, Quarantined, [f3cf57e9e09c44f25bfbd3cc8879e31d], 
PUP.Optional.SmartBar, C:\Windows\Installer\MSI2F44.tmp-\Smartbar.Installer.CustomActions.dll, Quarantined, [00c24ef2106c9d99dc8861cdac5416ea], 

Physical Sectors: 0
(No malicious items detected)


(end)

cosinus · 27.11.2014, 23:26

ESET fehlt noch

ranxero · 28.11.2014, 00:07

ja, dauert schon 2+ stunden und noch nicht mal ein Drittel. ich schicke es sobald ich es habe.

cosinus · 28.11.2014, 00:30

Lass es über Nacht laufen notfalls. Ruhezustand und Bildschirmschoner deaktivieren

ranxero · 28.11.2014, 11:07

so jetzt:
eset.log
nach dem Suchlauf ist jezt Avast kaputt:
beim Wiederaktivieren Fehlerdialog:
Webschutz konnte nicht gestartet werden.
Das ist definitv neu.

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d0b2b33a3864c54ab514ae4f8e499876
# engine=21302
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-28 06:29:23
# local_time=2014-11-28 07:29:23 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 216730 168787354 0 0
# scanned=718634
# found=51
# cleaned=0
# scan_time=25130
sh=9DA187D5C3E987B46234347999FDD81F7604AEF1 ft=1 fh=97e421befd8323b3 vn="Variante von Win32/Toolbar.SearchSuite.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\jZip\Uninstall.exe.vir"
sh=28B1091D6D02EC40B4FA9D3B43E3274519500CC2 ft=1 fh=dc3dd842225a5598 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=0A97E76D470BDF2FEC3210A9481458F73FA11FC5 ft=1 fh=0a1e00ceb507ee08 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\LPT\sppsm.dll.vir"
sh=5203FC48184140370D77A233D2B87E38789D1FAE ft=1 fh=4a7e921095e7b713 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\LPT\spusm.dll.vir"
sh=F942C2DDD83B52C19800599A1EDC41CF4DD4B85B ft=1 fh=08056106f4cd783d vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\LPT\srbs.dll.vir"
sh=BDA09511E34B5B402029090624B8C16B2740EFBB ft=1 fh=4cddddbd6f60add9 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\LPT\srbu.dll.vir"
sh=FFB6DEEA914EDB830A2065A83CC43B06952DCDFB ft=1 fh=bbcfb579c6e9abfa vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\LPT\srptc.dll.vir"
sh=4C685D9DCC2D144D70ED50B918660F8C86A71BAF ft=1 fh=c4739051513afd1d vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll.vir"
sh=24B15C15E9C1B13854A6C30CB9DE35B422AE6A4B ft=1 fh=11858545bf819d27 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll.vir"
sh=5B47B8E46C04FA3CE610CD1C583F2A77C8768BED ft=1 fh=b022a1896b0948ba vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll.vir"
sh=64E541FF22567CC88631E1B5B21DCE0A68A01436 ft=1 fh=2295c923ac6e9738 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll.vir"
sh=28B1091D6D02EC40B4FA9D3B43E3274519500CC2 ft=1 fh=dc3dd842225a5598 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=78D9E0411C1526954C2CBE6323DEEB2785DDEE4A ft=1 fh=fdb7dcf1b7f59c67 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir"
sh=78D9E0411C1526954C2CBE6323DEEB2785DDEE4A ft=1 fh=fdb7dcf1b7f59c67 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll.vir"
sh=1FF9AF16D449C2BFB1EF1E7FA06BCDAA583F30A3 ft=1 fh=149a39831ca470ca vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir"
sh=1FF9AF16D449C2BFB1EF1E7FA06BCDAA583F30A3 ft=1 fh=149a39831ca470ca vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir"
sh=7AB836645400B6C93597C98F01344925B26ECB34 ft=1 fh=ccaa2072c2336201 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\Smartbar\Application\smta.dll.vir"
sh=EB25F2FC448AACEAA3E5CB017E712369E42C9747 ft=1 fh=6f92e9d9af0788c8 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\Smartbar\Application\smtu.dll.vir"
sh=202B30E1DE95B9E2326E84C56125C4332788EDA8 ft=1 fh=85a07bdf5b422be2 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\Smartbar\Application\spbe.dll.vir"
sh=911497C3842999564F201A892883380B0DDC0F6D ft=1 fh=6071f30fc8aea719 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\Smartbar\Application\spbl.dll.vir"
sh=0A97E76D470BDF2FEC3210A9481458F73FA11FC5 ft=1 fh=0a1e00ceb507ee08 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\Smartbar\Application\sppsm.dll.vir"
sh=5203FC48184140370D77A233D2B87E38789D1FAE ft=1 fh=4a7e921095e7b713 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\Smartbar\Application\spusm.dll.vir"
sh=F942C2DDD83B52C19800599A1EDC41CF4DD4B85B ft=1 fh=08056106f4cd783d vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\Smartbar\Application\srbs.dll.vir"
sh=BDA09511E34B5B402029090624B8C16B2740EFBB ft=1 fh=4cddddbd6f60add9 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\Smartbar\Application\srbu.dll.vir"
sh=F3EB186AE221978925BDF95B9EBD7110B7B29361 ft=1 fh=5ffd94704bbd93ac vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\Smartbar\Application\srpu.dll.vir"
sh=C017F422723F95B2F7A57B0EAED2615F60C0A233 ft=1 fh=0d7aa04b8ca04d08 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir"
sh=00E358003E82516A33E3D834CDA66362E1CE113D ft=1 fh=bed6c6187d6e6527 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_26.dll.vir"
sh=3A3E33010480F28C82F13F9B82A8A8250A4E24C9 ft=1 fh=dac6c464e5f8caf3 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_27.dll.vir"
sh=E924ACC7D0ADA5E9DCD9BF470F43C111DA7DCAC0 ft=1 fh=f7ce5c0d4777c675 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_28.dll.vir"
sh=3104A4AF7EE939C3A72311EEFC655D9E90C84E6D ft=1 fh=20179e17001b2b68 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_29.dll.vir"
sh=4BEC847ED8A9161B730C7FC3CE8BF88B459AFC26 ft=1 fh=64a2134b5fbfb573 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_30.dll.vir"
sh=188BCFB0653F0BBCE88A1E22BC3CC8FD0C433134 ft=1 fh=96d9225e06f9ddbf vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_31.dll.vir"
sh=1969D81C0AEF045E5D6E3BDFC7F9A59B1118BEC7 ft=1 fh=1828f8b9c0450694 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI2F44.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=AE0496E8B7EF7260A5A9A03C5283D6345D09A13C ft=1 fh=d5332291c5aae89f vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI2F44.tmp-\Smartbar.Resources.LanguageSettings.resources.dll"
sh=2A202A2F429F4102BD3516F2C116925EEA12E7E1 ft=1 fh=b18d6bdb77076cb4 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI2F44.tmp-\spbe.dll"
sh=354DAE7D75BC3750A7C27F46E144689ADD69FECE ft=1 fh=56e124954a8ab304 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI2F44.tmp-\spbl.dll"
sh=B54A10A054F72B438B85B8C01A2FDDB9E4AA9D95 ft=1 fh=bad654b42602edb0 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI2F44.tmp-\sppsm.dll"
sh=74E1FD38F895EE603C538EEB0CB62D2B7AD1F9EF ft=1 fh=eadc0e05b009aa54 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI2F44.tmp-\spusm.dll"
sh=C321BD2BA55FC1450102B52CF4320050F96E6ACE ft=1 fh=5f440c13eb246cc1 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI2F44.tmp-\srbs.dll"
sh=8BCF64604E5A8369D2032F0DEAD0FA65CED3959C ft=1 fh=de00f46990bdea72 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI2F44.tmp-\srbu.dll"
sh=39E0129484C7D4950D9E3ACB4016A95333C372C1 ft=1 fh=b2d51b366a5174b0 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI2F44.tmp-\srptc.dll"
sh=A80CE1722B00015806A72129AD99D6CD456BC430 ft=1 fh=a0739cbdc3e3df69 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI2F44.tmp-\srpu.dll"
sh=E15FCF5F10F20D7AC61FD9E6A28B1BC3A3F0287F ft=1 fh=89b2a7d857292965 vn="Variante von Win32/BrowseFox.O evtl. unerwünschte Anwendung" ac=I fn="C:\zoek_backup\C_Program Files_neurowise\neurowisebho.dll"
sh=44F42520CBD205E3335E04A900385137B04702D1 ft=1 fh=5d00834339acfda0 vn="Variante von Win64/BrowseFox.AR evtl. unerwünschte Anwendung" ac=I fn="C:\zoek_backup\C_Program Files_neurowise\neurowiseUninstall.exe"
sh=7A6CFDF166FEB8760DAD3E1CCD1DBE4DF0AD1C75 ft=1 fh=dc9057f3dcc7acce vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\zoek_backup\C_Program Files_neurowise\updateneurowise.exe"
sh=7A6CFDF166FEB8760DAD3E1CCD1DBE4DF0AD1C75 ft=1 fh=dc9057f3dcc7acce vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\zoek_backup\C_Program Files_neurowise\bin\utilneurowise.exe"
sh=EBCC34209A65FD4848DF8EFA653FF4CC1A0D1F48 ft=1 fh=2b481a14e1d51a22 vn="Variante von Win64/BrowseFox.AR evtl. unerwünschte Anwendung" ac=I fn="C:\zoek_backup\C_Program Files_neurowise\bin\plugins\neurowise.Bromon.dll"
sh=F9CEFADC81C2DC4F71BBB9C90AD0A885554BB9FF ft=1 fh=78ec6427646faea6 vn="Variante von Win64/BrowseFox.AR evtl. unerwünschte Anwendung" ac=I fn="C:\zoek_backup\C_Program Files_neurowise\bin\plugins\neurowise.BroStats.dll"
sh=770CD87661A7D93E94E8E80253276FABD243B368 ft=1 fh=a1e7ac1c48c05959 vn="Variante von Win64/BrowseFox.AR evtl. unerwünschte Anwendung" ac=I fn="C:\zoek_backup\C_Program Files_neurowise\bin\plugins\neurowise.CompatibilityChecker.dll"
sh=9EB7BA92797F8C0EBDED33D20B39B6395F136AC5 ft=1 fh=3c69812ecfd93599 vn="Variante von MSIL/BrowseFox.E evtl. unerwünschte Anwendung" ac=I fn="C:\zoek_backup\C_Program Files_neurowise\bin\plugins\neurowise.FFUpdate.dll"
sh=B31C4D606DF240904FAAB027B39E327EBC7ADCAD ft=1 fh=27bab795266f79d5 vn="Variante von Win64/BrowseFox.AR evtl. unerwünschte Anwendung" ac=I fn="C:\zoek_backup\C_Program Files_neurowise\bin\plugins\neurowise.IEUpdate.dll"

cosinus · 28.11.2014, 11:56

Nur Reste...einmal noch Temps leeren mit FRST:

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

EmptyTemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) empfehle ich die Erweiterung Ghostery, diese verhindert weitgehend Usertracking bzw. das Anzeigen von Werbebannern.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

ranxero · 28.11.2014, 12:12

fixlog. txt

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-11-2014 01
Ran by HP at 2014-11-28 12:03:36 Run:2
Running from C:\Users\HP\Desktop\MalwareWar
Loaded Profile: HP (Available profiles: HP)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
EmptyTemp:
*****************

EmptyTemp: => Removed 71.2 MB temporary data.


The system needed a reboot. 

==== End of Fixlog ====

vielen vielen dank erstmal. Was ist mit dem Avast-Problem? Avast scheint was abbekommen zu haben. der Web-Schutz lässt sich nicht mehr starten. Neuinstallieren?

nein, stimmt nicht, Avast hat sich grad "selbst repariert"

also alles ok, sweit ich das beurteilen kann. Rechnerperformance ist definitiv besser.
*Mein Held*

)

cosinus · 28.11.2014, 13:27

Freeware Virenscanner kommen mit Werbung daher. Wenn man die wegknallt geht idR sowas wie ein Browserschutz nicht mehr. Der aber idR völlig unnötig ist, wird viel zu oft überbewertet, wie der Virenscanner selbst auch. Virenscanner selbst können auch Lücken enthalten und somit die Angriffsfläche des System erhöhen => http://www.heise.de/security/meldung...e-2277782.html

Aber das nur so BTW

Dann wären wir durch!

Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board

Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. Es empfiehlt sich Malwarebytes Anti-Malware zu behalten und damit wöchentlich nach Malware zu scannen.

Helfen kann dir dabei delfix:

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

27.11.2014, 09:36	#16
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	ZEOK.exe als Malware durch AVAST erkannt. Download nicht möglich Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken. __________________ Logfiles bitte immer in CODE-Tags posten

27.11.2014, 23:26	#22
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	ZEOK.exe als Malware durch AVAST erkannt. Download nicht möglich ESET fehlt noch __________________ Logfiles bitte immer in CODE-Tags posten

28.11.2014, 00:30	#24
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	ZEOK.exe als Malware durch AVAST erkannt. Download nicht möglich Lass es über Nacht laufen notfalls. Ruhezustand und Bildschirmschoner deaktivieren __________________ Logfiles bitte immer in CODE-Tags posten

ZEOK.exe als Malware durch AVAST erkannt. Download nicht möglich

Plagegeister aller Art und deren Bekämpfung: ZEOK.exe als Malware durch AVAST erkannt. Download nicht möglich