| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Überall Werbung nach Installation von einem ProgrammWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.12.2014, 11:04
| #1 |
| /// Android Expert     |  Überall Werbung nach Installation von einem Programm Hallo, ich habe mir eine Datei heruntergeladen und installiert, dannach hatte ich das Problem, dass der Computer garnicht mehr funktioniert hat. Nachher habe ich auch gelesen, dass die Datei manipuliert wurde und dass dort ein Keylogger drin sei. FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-12-2014 01
Ran by *** (administrator) on WKSADMIN-HP on 23-12-2014 10:57:49
Running from C:\Users\***\Downloads
Loaded Profile: *** (Available profiles: WKSAdmin & ***)
Platform: Windows 7 Professional (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Smith Micro Software, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Smith Micro Software, Inc) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Farbar) C:\Users\***\Downloads\FRST64 (1).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1691192 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-04] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-04] (ActivIdentity)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-17] (IDT, Inc.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-03-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Connection Manager.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe [1119048 2010-03-13] (Smith Micro Software, Inc)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-22] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-06-24] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-87322475-1675513697-3500870398-1006\...\RunOnce: [Adobe Speed Launcher] => 1419328482
HKU\S-1-5-21-87322475-1675513697-3500870398-1006\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-87322475-1675513697-3500870398-1006\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [256392 2013-06-28] (Citrix Systems, Inc.)
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicyUsers\S-1-5-21-87322475-1675513697-3500870398-1000\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-87322475-1675513697-3500870398-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-87322475-1675513697-3500870398-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler-x32: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myRmProt5.1.0.325.dll (McAfee, Inc.)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2014-07-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-28]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\***\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-27]
CHR Extension: (YouTube) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-27]
CHR Extension: (Google-Suche) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-27]
CHR Extension: (Avast Online Security) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-05-30]
CHR Extension: (Browser Extension) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nhahncknpppipmgjchbbhehkfglelepf [2014-12-23]
CHR Extension: (Print Friendly PDF) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2014-12-23]
CHR Extension: (Google Mail) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-22]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-04] (ActivIdentity)
R2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-22] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-22] (Avast Software)
S4 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [348160 2009-10-30] (AVerMedia) [File not signed]
S4 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [397312 2009-12-07] () [File not signed]
S4 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2010-02-02] (McAfee, Inc.) [File not signed]
S4 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462160 2010-07-16] (DigitalPersona, Inc.)
S4 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2009-12-07] (Hewlett-Packard Ltd)
R2 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [90112 2010-06-14] (Hewlett-Packard Company) [File not signed]
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2010-02-02] (McAfee, Inc.)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2010-01-19] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [264248 2010-03-01] (Hewlett-Packard Company)
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-02-22] (Hewlett-Packard Company) [File not signed]
S4 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199032 2010-02-04] (McAfee, Inc.)
S4 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [149032 2010-02-08] (McAfee, Inc.)
S3 MpfService; C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe [893112 2009-05-08] (McAfee, Inc.)
S3 myAgtSvc; C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [282824 2010-02-17] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2010-03-06] (PDF Complete Inc)
S4 QDLService2kHP; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe [331000 2010-03-15] (QUALCOMM, Inc.)
R2 SMManager; C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe [82760 2010-03-13] (Smith Micro Software, Inc.)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [244736 2010-03-17] (IDT, Inc.)
R2 tvnserver; C:\Program Files (x86)\TightVNC\tvnserver.exe [828944 2011-08-03] (GlavSoft LLC.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-22] ()
S3 AVerAF15DMBTH64; C:\Windows\System32\Drivers\AVerAF15DMBTH64.sys [592256 2009-07-27] (AVerMedia TECHNOLOGIES, Inc.)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-08] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121760 2010-02-08] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [190136 2010-02-08] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [527592 2010-02-08] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [94224 2010-02-08] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [280008 2010-02-08] (McAfee, Inc.)
R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-04-09] (McAfee, Inc.)
S3 qcfilterhp2k; C:\Windows\System32\DRIVERS\qcfilterhp2k.sys [6400 2010-03-15] (QUALCOMM Incorporated)
S3 qcusbnethp2k; C:\Windows\System32\DRIVERS\qcusbnethp2k.sys [242176 2010-03-15] (QUALCOMM Incorporated)
S3 qcusbserhp2k; C:\Windows\System32\DRIVERS\qcusbserhp2k.sys [121600 2010-03-15] (QUALCOMM Incorporated)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2013-11-28] (Research in Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2010-02-02] (McAfee, Inc.)
R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2010-02-02] (McAfee, Inc.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [89344 2010-01-30] (Realtek Semiconductor Corp.)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2010-02-02] () [File not signed]
R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2010-02-02] (McAfee, Inc.)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2010-02-02] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2010-02-02] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2010-02-02] (McAfee, Inc.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
U4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-22] (Avast Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-23 10:57 - 2014-12-23 10:59 - 00026997 _____ () C:\Users\***\Downloads\FRST.txt
2014-12-23 10:57 - 2014-12-23 10:57 - 02122240 _____ (Farbar) C:\Users\***\Downloads\FRST64 (1).exe
2014-12-23 10:56 - 2014-12-23 10:56 - 01114112 _____ (Farbar) C:\Users\***\Downloads\FRST.exe
2014-12-23 09:49 - 2014-12-23 09:49 - 00000000 ____D () C:\Users\***\Documents\Bluetooth Exchange Folder
2014-12-23 09:39 - 2014-12-23 09:44 - 00000000 ____D () C:\AdwCleaner
2014-12-23 09:39 - 2014-12-23 09:39 - 02173952 _____ () C:\Users\***\Downloads\adwcleaner_4.106 (1).exe
2014-12-23 09:35 - 2014-12-23 09:35 - 02163788 _____ () C:\Users\***\Downloads\AdwCleaner_4.106.exe
2014-12-23 09:29 - 2014-12-23 09:29 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-23 09:18 - 2014-12-23 09:18 - 00000000 ____D () C:\Program Files (x86)\A64D5B18-4D59-48B8-9896-89D492EA4945
2014-12-23 09:17 - 2014-12-23 09:17 - 00000000 ____D () C:\Program Files (x86)\BuyyNsave
2014-12-23 09:17 - 2014-12-23 09:17 - 00000000 ____D () C:\Program Files (x86)\Browser Extension
2014-12-23 09:16 - 2014-12-23 09:17 - 00000000 ____D () C:\Program Files (x86)\YoutubeAedBloecckee
2014-12-23 09:16 - 2014-12-23 09:16 - 00000000 ____D () C:\Program Files\A64D5B18-4D59-48B8-9896-89D492EA4945
2014-12-23 09:16 - 2014-12-23 09:16 - 00000000 ____D () C:\Program Files (x86)\BuyaNsave
2014-12-23 09:15 - 2014-12-23 09:15 - 00000000 ____D () C:\ProgramData\clffmpmcdgidihbkoldabaemlhjingjm
2014-12-22 15:15 - 2014-12-22 15:15 - 00000247 _____ () C:\windows\system32\2014-12-22-14-15-14.011-aswFe.exe-3348.log
2014-12-22 15:15 - 2014-12-22 15:15 - 00000197 _____ () C:\windows\system32\2014-12-22-14-15-10.022-AvastVBoxSVC.exe-1684.log
2014-12-22 15:04 - 2014-12-22 15:04 - 00000000 ____D () C:\windows\SysWOW64\vbox
2014-12-22 15:04 - 2014-12-22 15:04 - 00000000 ____D () C:\windows\system32\vbox
2014-12-22 14:19 - 2014-12-04 03:32 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-22 14:19 - 2014-12-04 03:32 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-22 14:19 - 2014-12-04 03:32 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-22 14:19 - 2014-12-04 03:31 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-22 14:19 - 2014-12-04 03:31 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-22 14:19 - 2014-12-04 03:31 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-22 14:19 - 2014-12-04 03:26 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-22 14:19 - 2014-12-02 00:21 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2014-12-22 14:10 - 2014-12-22 14:10 - 00001924 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-22 14:09 - 2014-12-22 14:09 - 00364512 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-12-22 14:09 - 2014-12-22 14:09 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-12-22 14:08 - 2014-12-22 14:08 - 00137256 ____R () C:\Users\Public\Documents\GS-Sport Training Gym Pro-***-141222-3.gpx
2014-12-22 14:08 - 2014-12-22 14:08 - 00093037 ____R () C:\Users\Public\Documents\GS-Sport Training Gym Pro-***-141222-1.gpx
2014-12-22 14:08 - 2014-12-22 14:08 - 00051507 ____R () C:\Users\Public\Documents\GS-Sport Training Gym Pro-***-141222-2.gpx
2014-12-22 14:07 - 2014-12-22 14:07 - 00120738 ____R () C:\Users\Public\Documents\GS-Sport Training Gym Pro-***-141222.gpx
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-23 10:57 - 2014-10-08 07:19 - 00000000 ____D () C:\FRST
2014-12-23 10:57 - 2011-04-20 21:02 - 01556680 _____ () C:\windows\WindowsUpdate.log
2014-12-23 10:54 - 2011-11-03 19:29 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-87322475-1675513697-3500870398-1003UA.job
2014-12-23 10:53 - 2010-09-12 21:05 - 00000000 ____D () C:\ProgramData\HPQLOG
2014-12-23 10:52 - 2014-05-27 14:24 - 00012736 _____ () C:\windows\setupact.log
2014-12-23 10:52 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-23 09:54 - 2009-07-14 05:45 - 00020720 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-23 09:54 - 2009-07-14 05:45 - 00020720 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-23 09:53 - 2010-09-12 21:06 - 00656746 _____ () C:\windows\system32\perfh007.dat
2014-12-23 09:53 - 2010-09-12 21:06 - 00131088 _____ () C:\windows\system32\perfc007.dat
2014-12-23 09:53 - 2009-07-14 06:13 - 01500358 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-23 09:52 - 2014-06-10 06:49 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-12-23 09:45 - 2010-09-12 21:43 - 00056034 _____ () C:\windows\PFRO.log
2014-12-23 09:32 - 2014-05-27 13:35 - 00000000 ____D () C:\windows\pss
2014-12-23 09:29 - 2014-09-11 14:58 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-23 09:29 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\AppCompat
2014-12-23 09:18 - 2013-08-15 04:51 - 00000000 ____D () C:\windows\system32\MRT
2014-12-23 09:16 - 2014-02-11 14:52 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-23 09:11 - 2014-05-27 14:11 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-23 09:07 - 2011-11-03 19:15 - 00001132 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-87322475-1675513697-3500870398-1002UA.job
2014-12-23 09:04 - 2012-06-05 19:54 - 00001142 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-87322475-1675513697-3500870398-1003UA.job
2014-12-23 08:59 - 2014-07-06 13:23 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-23 08:56 - 2014-02-28 09:13 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-12-23 08:54 - 2012-06-05 19:54 - 00001120 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-87322475-1675513697-3500870398-1003Core.job
2014-12-22 21:31 - 2011-11-03 19:29 - 00001072 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-87322475-1675513697-3500870398-1003Core.job
2014-12-22 21:31 - 2011-11-03 19:15 - 00001080 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-87322475-1675513697-3500870398-1002Core.job
2014-12-22 14:43 - 2009-07-14 05:45 - 00460976 _____ () C:\windows\system32\FNTCACHE.DAT
2014-12-22 14:40 - 2014-05-27 14:12 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-22 14:10 - 2014-02-28 09:13 - 01050432 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-12-22 14:09 - 2014-05-27 13:38 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-12-22 14:09 - 2014-02-28 09:13 - 00436624 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-12-22 14:09 - 2014-02-28 09:13 - 00267632 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-12-22 14:09 - 2014-02-28 09:13 - 00116728 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2014-12-22 14:09 - 2014-02-28 09:13 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-12-22 14:09 - 2014-02-28 09:13 - 00083280 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-12-22 14:09 - 2014-02-28 09:13 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-12-22 14:06 - 2014-05-27 14:11 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-22 14:06 - 2014-05-27 14:11 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-22 14:06 - 2014-05-27 14:11 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-22 14:03 - 2014-02-11 14:52 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-22 14:03 - 2014-02-11 14:52 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-22 14:03 - 2014-02-11 14:52 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-27 16:40 - 2012-11-20 20:04 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\***\AppData\Local\Temp\c30b2CC4.exe
C:\Users\***\AppData\Local\Temp\fb92C2.exe
C:\Users\***\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\***\AppData\Local\Temp\OnlineBackup.exe
C:\Users\***\AppData\Local\Temp\optprosetup.exe
C:\Users\***\AppData\Local\Temp\Quarantine.exe
C:\Users\***\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-22 14:04
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-12-2014 01
Ran by *** at 2014-12-23 11:00:28
Running from C:\Users\***\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee® Total Protection™ Service (Disabled - Out of date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee® Total Protection™ Service (Disabled - Out of date) {3D54B793-665E-3129-9103-206115370C8A}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: McAfee® Total Protection™ Service (Disabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ActivClient x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
AVerMedia A850 USB DMB-TH 1.0.64.28 (HKLM-x32\...\AVerMedia A850 USB DMB-TH) (Version: 1.0.64.28 - AVerMedia TECHNOLOGIES, Inc.)
AVerTV (HKLM-x32\...\InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}) (Version: 6.0.18 - AVerMedia Technologies, Inc.)
AVerTV (x32 Version: 6.0.18 - AVerMedia Technologies, Inc.) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 2070 Bluetooth 2.1 + EDR (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.35 - Broadcom Corporation)
Browser Extension (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version: - )
Citrix Receiver (Enterprise) (HKLM-x32\...\CitrixOnlinePluginFull) (Version: 13.4.200.11 - Citrix Systems, Inc.)
couponarific (HKLM\...\A64D5B18-4D59-48B8-9896-89D492EA4945) (Version: 2.0.1 - couponarific) <==== ATTENTION
CSI - Tödliche Verschwörung (HKLM-x32\...\CSI - Tödliche Verschwörung) (Version: 1.0.0.0 - Ubisoft)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.1.6 - Hewlett-Packard)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Drive Encryption for HP ProtectTools (HKLM-x32\...\Drive Encryption) (Version: 5.0.6.0 - Hewlett-Packard)
Drive Encryption for HP ProtectTools (Version: 5.0.6.0 - Hewlett-Packard) Hidden
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.3.20141009 - Landesfinanzdirektion Thüringen)
Elsword_DE (HKLM-x32\...\Elsword_DE_is1) (Version: - )
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 5.0.1.3 - Hewlett-Packard)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{2A83AD05-56E6-3FBD-8752-B4143162EF59}) (Version: 4.9.1.16010 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GS-Sport Training Gym Pro (HKLM-x32\...\GS-Sport Training Gym Pro) (Version: - )
Handset WinDriver 1.02.03.00 (HKLM-x32\...\Handset WinDriver) (Version: 1.02.03.00 - Huawei technologies Co., Ltd.)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{299625B9-6C69-462C-9CEA-8E06D878B1C5}) (Version: 4.0.5.1 - Hewlett-Packard Company)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Connection Manager (HKLM-x32\...\{DE637160-7A1C-4F73-B1AB-4300AE2C2DDE}) (Version: 3.1.3 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{4054365C-8CD6-4F08-A2F9-44CADFD7A9D0}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{B1FE3DA1-15C1-4AEB-85A6-883F8C4AFD42}) (Version: 2.0.2.1 - Hewlett-Packard Company)
HP HotKey Support (HKLM\...\{4BBA5224-C5B1-4B8C-AAA4-68DA6654B9C1}) (Version: 3.5.15.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{3C33FD2E-6B21-4CD3-B41A-A7331D467617}) (Version: 1.0.6.0 - Hewlett-Packard)
HP Power Data (HKLM\...\{42DBA167-C25D-49CE-BBAF-DEC25E737DA8}) (Version: 1.0.21.158 - Hewlett-Packard)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 5.13.766 - Hewlett-Packard Company)
HP QuickLook (HKLM\...\{E6BEE2A9-04CF-42FF-B95B-BB70FAD2DC3E}) (Version: 3.3.1.4 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{7861911B-4270-498A-8F7A-FCF0570F4877}) (Version: 1.0.1.62 - DeviceVM, Inc.)
HP Setup (HKLM-x32\...\{96AC1B0B-02D1-4FAA-9C1E-C92ECA74921A}) (Version: 8.2.4130.3367 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{2DA697D7-FED3-4DE2-A174-92A2A12F9688}) (Version: 3.0.5.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{18F4179A-385F-40EE-AE2D-FA0E1BE62753}) (Version: 4.5.12.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{04801E42-B1A6-4C52-9F3D-CADB5A050433}) (Version: 7.0.1.6 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.19.5 - Roxio)
HP Webcam Driver (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.1.7600.0028 - Realtek Semiconductor Corp.)
HP Wireless Assistant (HKLM\...\{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}) (Version: 4.0.6.0 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6275.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 14.8 - Intel)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Card Security for HP ProtectTools (HKLM\...\{F4477CC0-7293-414A-93BC-20EE897A80F0}) (Version: 5.0.4.1 - Hewlett-Packard)
Java SE Development Kit 7 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)
King’s Bounty – Gold Edition (HKLM-x32\...\King’s Bounty – Gold Edition_is1) (Version: - dtp)
LightScribe System Software (HKLM-x32\...\{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}) (Version: 1.18.12.1 - LightScribe)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{8B8BF55D-6561-4911-A7C1-33D90F3FB989}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X6 (HKLM\...\MX.{CBC84EDA-E830-4240-9392-325C3E6D5DCA}) (Version: 13.0.4.2 - MAGIX Software GmbH)
MAGIX Video Pro X6 (Version: 13.0.4.2 - MAGIX Software GmbH) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Firewall Protection Service (HKLM-x32\...\McAfee Managed Firewall) (Version: 5.1.0.325 - McAfee, Inc.)
McAfee Virus and Spyware Protection Service (HKLM-x32\...\MVS) (Version: 5.1.0.325 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MULTIWEB FinMail Client (HKLM-x32\...\MULTIWEB FinMail Client) (Version: - )
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.34 - Symantec)
NTFS Undelete 3.0.4.812 (HKLM-x32\...\NTFS Undelete_is1) (Version: - Copyright © 2011 eSupport.com • All Rights Reserved)
Online Plug-in (x32 Version: 13.4.200.11 - Citrix Systems, Inc.) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.117 - PDF Complete, Inc)
phase-6 2.3.4 (HKLM-x32\...\phase-6) (Version: 2.3.4 - phase-6)
Privacy Manager for HP ProtectTools (HKLM\...\{04255D34-6C6D-4F63-A218-EE8FD2D13AF0}) (Version: 5.10.796 - Hewlett-Packard)
QF-Test 3.4.0 (HKLM-x32\...\QF-Test_is1) (Version: - Quality First Software)
Qualcomm Gobi 2000 Package for HP (HKLM-x32\...\{46DD6CB5-C129-40A5-9427-2E67A400888E}) (Version: 1.1.130 - QUALCOMM)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RICOH Media Driver (HKLM-x32\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.14.00.05 - RICOH)
Roxio Creator Business (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3.56.20 - Roxio)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Theft Recovery (HKLM-x32\...\InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}) (Version: 5.1.0.21 - Hewlett-Packard)
Theft Recovery (x32 Version: 5.1.0.21 - Hewlett-Packard) Hidden
TightVNC 2.0.4 (HKLM-x32\...\TightVNC) (Version: 2.0.4 - GlavSoft LLC.)
Validity Fingerprint Driver (HKLM\...\{DD966CEF-5EA9-4BA2-B210-490FEBC27EA7}) (Version: 4.0.15.0 - Validity Sensors, Inc.)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows 7 Default Setting (HKLM-x32\...\{5BF8E079-D6E2-4323-B794-75152371122A}) (Version: 1.0.1.6 - Hewlett-Packard Company)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414) (HKLM\...\7E38E30BB92ED94B21CF062A7386554CBA991FEB) (Version: 12/16/2009 6.2.0.9414 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinHTTrack Website Copier 3.48-13 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.48.13 - HTTrack)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}) (Version: 18.0.10661 - WinZip Computing, S.L. )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
03-07-2014 15:44:54 Windows Update
03-07-2014 15:53:10 HPSF Applying updates
03-07-2014 16:00:27 Windows Update
03-07-2014 16:01:55 Windows Update
03-07-2014 16:02:47 Windows Update
03-07-2014 16:03:48 Windows Update
03-07-2014 16:04:51 Windows Update
03-07-2014 16:06:00 Windows Update
03-07-2014 16:07:04 Windows Update
03-07-2014 16:08:09 Windows Update
03-07-2014 16:09:15 Windows Update
11-09-2014 14:26:11 Windows Update
11-09-2014 14:32:44 Revo Uninstaller's restore point - HiSuite
11-09-2014 14:35:46 Revo Uninstaller's restore point - Windows Live Essentials
11-09-2014 14:44:59 Windows Update
19-09-2014 06:03:46 Windows Update
08-10-2014 07:10:45 avast! antivirus system restore point
08-10-2014 07:13:30 Windows Update
25-10-2014 21:48:28 Geplanter Prüfpunkt
22-12-2014 14:03:29 Windows Update
23-12-2014 08:57:36 Windows Modules Installer
23-12-2014 09:19:04 Windows Modules Installer
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-10-08 08:05 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0572EB59-D14D-494C-B6F1-3B1DD91F7864} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-87322475-1675513697-3500870398-1002UA => C:\Users\WKSAdmin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-03] (Google Inc.)
Task: {1B18370D-9C96-48F1-81E1-79B0AEEBA6D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {1DA27B49-CF89-442C-9E37-D7CFDF569200} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-06-24] (Microsoft)
Task: {3D9A956D-29D9-4E8F-9BEA-EC454D51331C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-87322475-1675513697-3500870398-1003Core => C:\Users\Marius\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {429DF5D7-E424-4AE4-86DF-9B7E354C1CFF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-27] (Google Inc.)
Task: {58D48D36-C2CC-43DE-A9AD-3C7E2B560ECC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Assistant Restart => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {6C115F72-B819-4A72-A2A0-DB2459E919CA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-87322475-1675513697-3500870398-1003UA => C:\Users\Marius\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-03] (Google Inc.)
Task: {A63ECA4B-4883-402F-A1E8-9B8277026CEA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-87322475-1675513697-3500870398-1003UA => C:\Users\Marius\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {B3FC8E84-202B-4C76-B02E-9076EB495449} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-27] (Google Inc.)
Task: {B4E9667D-E42B-4874-A93C-4062AF8BDB7E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-22] (AVAST Software)
Task: {BCE5D81B-EBC7-4252-8395-019213D626FA} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-22] (Adobe Systems Incorporated)
Task: {C1478A53-F58B-439B-A503-1192A7FFEF56} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C7B7642E-026A-447D-8C7F-ACDD50521771} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {E078609A-81FA-4CF8-BBDC-99C35AAB7312} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-87322475-1675513697-3500870398-1002Core => C:\Users\WKSAdmin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-03] (Google Inc.)
Task: {E7AC1466-6CEE-4F73-B9A7-A50EA1A602A8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-87322475-1675513697-3500870398-1003Core => C:\Users\Marius\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-03] (Google Inc.)
Task: {FE9B86CE-79B6-4AB0-9181-B5D522674FF8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-87322475-1675513697-3500870398-1003Core.job => C:\Users\Marius\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-87322475-1675513697-3500870398-1003UA.job => C:\Users\Marius\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-87322475-1675513697-3500870398-1002Core.job => C:\Users\WKSAdmin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-87322475-1675513697-3500870398-1002UA.job => C:\Users\WKSAdmin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-87322475-1675513697-3500870398-1003Core.job => C:\Users\Marius\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-87322475-1675513697-3500870398-1003UA.job => C:\Users\Marius\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-02-11 00:57 - 2006-02-23 11:35 - 00020480 _____ () C:\windows\System32\FritzColorPort64.dll
2014-02-11 00:57 - 2006-02-22 10:39 - 00020480 _____ () C:\windows\System32\FritzPort64.dll
2014-12-22 14:08 - 2014-12-22 14:08 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-22 14:08 - 2014-12-22 14:08 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2010-04-05 19:15 - 2010-04-05 19:15 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll
2010-04-05 19:15 - 2010-04-05 19:15 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HPCommon.XmlSerializers.dll
2010-04-05 19:15 - 2010-04-05 19:15 - 00055352 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll
2010-04-05 19:12 - 2010-04-05 19:12 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2010-04-05 19:11 - 2010-04-05 19:11 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-04-05 19:12 - 2010-04-05 19:12 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2014-12-23 08:55 - 2014-12-23 08:55 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122201\algo.dll
2014-12-22 14:08 - 2014-12-22 14:08 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-12-23 10:53 - 2014-12-23 10:53 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122300\algo.dll
2010-03-13 03:27 - 2010-03-13 03:27 - 00168280 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMBIOSController.dll
2010-03-13 03:25 - 2010-03-13 03:25 - 00602624 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.UI.ViewModel.dll
2010-03-13 03:25 - 2010-03-13 03:25 - 00355328 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Application.dll
2010-03-13 03:24 - 2010-03-13 03:24 - 00130048 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP.ShinyNoire.UI.dll
2010-03-13 03:27 - 2010-03-13 03:27 - 00136040 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.SharedUI.WPF.dll
2010-03-13 03:24 - 2010-03-13 03:24 - 00015360 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Resources.WPF.dll
2010-03-13 03:24 - 2010-03-13 03:24 - 00014848 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\de\SmithMicro.Resources.WPF.resources.dll
2010-03-13 03:24 - 2010-03-13 03:24 - 01601536 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\en-US\HP.ShinyNoire.UI.resources.dll
2010-03-13 03:26 - 2010-03-13 03:26 - 00311296 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\de\SmithMicro.SharedUI.WPF.resources.dll
2010-03-13 03:24 - 2010-03-13 03:24 - 00483328 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\en-US\SmithMicro.Resources.WPF.resources.dll
2010-03-13 03:25 - 2010-03-13 03:25 - 00059904 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.UI.Models.dll
2010-03-13 03:26 - 2010-03-13 03:26 - 00195584 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.WwanDiagnostics.dll
2010-03-13 03:24 - 2010-03-13 03:24 - 00573440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Message.XmlSerializers.dll
2010-03-13 03:25 - 2010-03-13 03:25 - 00045056 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Application.XmlSerializers.dll
2010-03-13 03:25 - 2010-03-13 03:25 - 00005120 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\de\SmithMicro.Application.resources.dll
2010-03-13 03:25 - 2010-03-13 03:25 - 00015872 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\de\SmithMicro.UI.ViewModel.resources.dll
2014-12-22 14:08 - 2014-12-22 14:08 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-22 14:39 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-22 14:39 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-22 14:39 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-22 14:39 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: AVerRemote => 2
MSCONFIG\Services: AVerScheduleService => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: DEBridge => 3
MSCONFIG\Services: DpHost => 2
MSCONFIG\Services: FLCDLOCK => 3
MSCONFIG\Services: HiSuiteOuc64.exe => 2
MSCONFIG\Services: HuaweiHiSuiteService64.exe => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: McShield => 2
MSCONFIG\Services: mfevtp => 2
MSCONFIG\Services: QDLService2kHP => 2
MSCONFIG\Services: RIM Tunnel Service => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVer HID Receiver.lnk => C:\windows\pss\AVer HID Receiver.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk => C:\windows\pss\AVerQuick.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^phase-6 Reminder.lnk => C:\windows\pss\phase-6 Reminder.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: File Sanitizer => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
MSCONFIG\startupreg: HPAdvisorDock => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: McAfee Managed Services Tray => C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.Exe
MSCONFIG\startupreg: Mobile Partner => C:\Program Files (x86)\HiSuite\HiSuite.exe -s
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: RIM PeerManager => "C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe"
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: svchospt => C:\windows\SysWOW64\svchospt.exe
MSCONFIG\startupreg: tvncontrol => "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
========================= Accounts: ==========================
Administrator (S-1-5-21-87322475-1675513697-3500870398-500 - Administrator - Disabled)
*** (S-1-5-21-87322475-1675513697-3500870398-1006 - Administrator - Enabled) => C:\Users\***
Gast (S-1-5-21-87322475-1675513697-3500870398-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-87322475-1675513697-3500870398-1005 - Limited - Enabled)
McAfeeMVSUser (S-1-5-21-87322475-1675513697-3500870398-1000 - Limited - Enabled)
WKSAdmin (S-1-5-21-87322475-1675513697-3500870398-1002 - Administrator - Enabled) => C:\Users\WKSAdmin
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: McAfee Inc. mfewfpk
Description: McAfee Inc. mfewfpk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfewfpk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/23/2014 08:57:36 AM) (Source: MsiInstaller) (EventID: 1024) (User: WKSAdmin-HP)
Description: Produkt: Adobe Reader XI (11.0.09) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011010}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (12/23/2014 08:54:47 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x81000101).
Error: (10/08/2014 07:08:44 AM) (Source: MsiInstaller) (EventID: 1024) (User: WKSAdmin-HP)
Description: Produkt: Adobe Reader XI (11.0.08) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (09/19/2014 06:07:30 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (09/19/2014 05:59:49 AM) (Source: MsiInstaller) (EventID: 1024) (User: WKSAdmin-HP)
Description: Produkt: Adobe Reader XI (11.0.08) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (09/11/2014 02:23:40 PM) (Source: MsiInstaller) (EventID: 1024) (User: WKSAdmin-HP)
Description: Produkt: Adobe Reader XI (11.0.07) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (06/10/2014 08:44:53 AM) (Source: MsiInstaller) (EventID: 11609) (User: WKSAdmin-HP)
Description: Product: HP Customer Experience Enhancements -- Error 1609.An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (06/10/2014 08:42:29 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: WKSAdmin-HP)
Description: Die Anwendung oder der Dienst "hpCaslNotification" konnte nicht heruntergefahren werden.
Error: (06/10/2014 08:42:29 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: WKSAdmin-HP)
Description: Die Anwendung oder der Dienst "QLBController" konnte nicht heruntergefahren werden.
Error: (05/27/2014 03:53:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SystemPropertiesAdvanced.exe, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 17f4
Startzeit: 01cf79bb5fc339e9
Endzeit: 9
Anwendungspfad: C:\windows\system32\SystemPropertiesAdvanced.exe
Berichts-ID: b4e8043d-e5ae-11e3-9c93-cc52af77c95f
System errors:
=============
Error: (12/23/2014 10:54:41 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (12/23/2014 10:53:49 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Type" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (12/23/2014 10:52:44 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 23.12.2014 um 10:01:54 unerwartet heruntergefahren.
Error: (12/23/2014 09:47:39 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (12/23/2014 09:46:52 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Type" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (12/23/2014 09:45:17 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\windows\System32\bcmihvsrv64.dll
Error: (12/23/2014 09:45:17 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\windows\System32\bcmihvsrv64.dll
Error: (12/23/2014 09:45:10 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (12/23/2014 09:44:37 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\windows\System32\bcmihvsrv64.dll
Error: (12/23/2014 09:44:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (12/23/2014 08:57:36 AM) (Source: MsiInstaller) (EventID: 1024) (User: WKSAdmin-HP)
Description: Adobe Reader XI (11.0.09) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011010}1625(NULL)(NULL)(NULL)
Error: (12/23/2014 08:54:47 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\windows\system32\svchost.exe -k netsvcsWindows Update0x81000101
Error: (10/08/2014 07:08:44 AM) (Source: MsiInstaller) (EventID: 1024) (User: WKSAdmin-HP)
Description: Adobe Reader XI (11.0.08) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)
Error: (09/19/2014 06:07:30 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (09/19/2014 05:59:49 AM) (Source: MsiInstaller) (EventID: 1024) (User: WKSAdmin-HP)
Description: Adobe Reader XI (11.0.08) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)
Error: (09/11/2014 02:23:40 PM) (Source: MsiInstaller) (EventID: 1024) (User: WKSAdmin-HP)
Description: Adobe Reader XI (11.0.07) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)
Error: (06/10/2014 08:44:53 AM) (Source: MsiInstaller) (EventID: 11609) (User: WKSAdmin-HP)
Description: Product: HP Customer Experience Enhancements -- Error 1609.An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (06/10/2014 08:42:29 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: WKSAdmin-HP)
Description: 1C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exehpCaslNotification0211778320
Error: (06/10/2014 08:42:29 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: WKSAdmin-HP)
Description: 1C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exeQLBController0211756120
Error: (05/27/2014 03:53:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SystemPropertiesAdvanced.exe6.1.7600.1638517f401cf79bb5fc339e99C:\windows\system32\SystemPropertiesAdvanced.exeb4e8043d-e5ae-11e3-9c93-cc52af77c95f
CodeIntegrity Errors:
===================================
Date: 2014-10-08 09:03:10.163
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-10-08 09:03:10.062
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-12-05 17:04:31.892
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-12-05 17:04:31.840
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 64%
Total physical RAM: 2991.43 MB
Available physical RAM: 1070.02 MB
Total Pagefile: 5981 MB
Available Pagefile: 3475.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:280.79 GB) (Free:176.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.45 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 8C949010)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=280.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)
==================== End Of Log ============================
Danke für Hilfe |
| Themen zu Überall Werbung nach Installation von einem Programm |
| antivirus, browser, combofix, computer, desktop, device driver, failed, flash player, google, iexplore.exe, mozilla, problem, programm, prozess, realtek, registry, scan, security, software, spyware, svchost.exe, symantec, system, system error, teredo, tunnel, werbung, windows |
Baum-Darstellung