|
Log-Analyse und Auswertung: Windows 7 - Ist der Rechner noch infiziert?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.04.2015, 20:48 | #1 |
| Windows 7 - Ist der Rechner noch infiziert? Hallo Zusammen! Habe einen Rechner eines Verwandten hier stehen welche nach eigener Aussage einen Trojaner eingefangen und entfernt hat. Habe leider keine Ahnung was für ein Trojaner und wie er ihn entfernt haben will. Könntet ihr bitte mal einen Blick darauf werfen ob der Rechner sauber ist? Vielen Dank! FRST.txt Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015 Ran by martin (administrator) on MARTIN-NOTEBOOK on 14-04-2015 21:31:09 Running from C:\Users\martin\Desktop Loaded Profiles: martin (Available profiles: martin) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (AMD) C:\Windows\System32\atieclxx.exe (Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe () C:\Users\martin\AppData\Roaming\Host System\host.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Hewlett-Packard Company, L.P.) C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Users\martin\AppData\Local\Amazon Music\Amazon Music Helper.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe () C:\Program Files (x86)\HP HD Webcam Driver\Monitor.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [763520 2012-08-08] (Qualcomm Atheros) HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-08] (Atheros Communications) HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2014-08-18] (IDT, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2014-08-18] (Synaptics Incorporated) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-03-01] (Intel Corporation) HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [319360 2012-03-14] (Hewlett-Packard Company) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2014-08-18] (Intel Corporation) HKLM-x32\...\Run: [HP HD Webcam Driver_Monitor] => C:\Program Files (x86)\HP HD Webcam Driver\monitor.exe [303480 2012-07-26] () HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2012-03-30] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] () HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.) HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12313720 2012-08-07] (Hewlett-Packard) HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [184736 2012-09-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [] => [X] HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe, Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X] HKU\S-1-5-21-531367498-374304512-3508266509-1001\...\Run: [Amazon Music] => C:\Users\martin\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] () HKU\S-1-5-21-531367498-374304512-3508266509-1001\...\MountPoints2: {5999006b-9cd1-11e3-9781-b4b52f7b4b7e} - D:\LaunchU3.exe -a Lsa: [Notification Packages] DPPassFilter scecli Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5B0.lnk ShortcutTarget: 5B0.lnk -> C:\ProgramData\{9f91f221-754b-c30c-9f91-1f221754c885}\5B0.exe () Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Old Crow Medicine Show - Wagon Wheel.lnk ShortcutTarget: Old Crow Medicine Show - Wagon Wheel.lnk -> C:\ProgramData\{7b655848-8a6a-6b4a-7b65-558488a66122}\Old Crow Medicine Show - Wagon Wheel.exe () HKLM\...\AppCertDlls: [x64] -> c:\program files (x86)\settings manager\smdmf\x64\sysapcrt.dll HKLM\...\AppCertDlls: [x86] -> c:\program files (x86)\settings manager\smdmf\sysapcrt.dll ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.goodforsearch.info/?pid=2317&r=2015/04/10&hid=14761854521232543427&lg=EN&cc=AT&unqvl=86 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-531367498-374304512-3508266509-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.goodforsearch.info/?l=1&q={searchTerms}&pid=2317&r=2015/04/10&hid=14761854521232543427&lg=EN&cc=AT&unqvl=86 SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.goodforsearch.info/?l=1&q={searchTerms}&pid=2317&r=2015/04/10&hid=14761854521232543427&lg=EN&cc=AT&unqvl=86 SearchScopes: HKU\S-1-5-21-531367498-374304512-3508266509-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.goodforsearch.info/?l=1&q={searchTerms}&pid=2317&r=2015/04/10&hid=14761854521232543427&lg=EN&cc=AT&unqvl=86 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-08-18] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-08-18] (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2014-08-18] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [caeaobpemokdfnidgaebncaooofnbfha] - C:\Users\martin\ChromeExtensions\caeaobpemokdfnidgaebncaooofnbfha\amazon-icon-fwde.crx [2014-09-20] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 2969302e; c:\Program Files (x86)\LibraryEngine\LibraryEngine.dll [1753600 2015-04-10] () [File not signed] S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211072 2012-08-08] (Qualcomm Atheros Commnucations) [File not signed] R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-04-28] (DigitalPersona, Inc.) S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-11-19] (Hewlett-Packard Company) R2 HostService; C:\Users\martin\AppData\Roaming\Host System\host.exe [536576 2014-07-23] () [File not signed] R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [365440 2012-03-14] (Hewlett-Packard Company) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2014-08-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2014-08-18] (Intel Corporation) R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2012-07-11] () [File not signed] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-03-07] (PDF Complete Inc) R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2012-04-05] (ArcSoft, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-08] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [32896 2012-03-20] (Advanced Micro Devices, Inc.) R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2012-02-03] (ArcSoft, Inc.) S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2012-08-08] (Qualcomm Atheros) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-11-09] (Hewlett-Packard Company) R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [90736 2012-07-11] (McAfee, Inc.) R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158832 2012-07-11] (McAfee, Inc.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation) R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1064184 2013-01-23] (Sunplus) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-14 21:31 - 2015-04-14 21:32 - 00017119 _____ () C:\Users\martin\Desktop\FRST.txt 2015-04-14 21:31 - 2015-04-14 21:31 - 00000000 ____D () C:\FRST 2015-04-14 21:30 - 2015-04-14 21:27 - 02096640 _____ (Farbar) C:\Users\martin\Desktop\FRST64.exe 2015-04-11 21:15 - 2015-04-11 21:15 - 00003338 _____ () C:\windows\System32\Tasks\{4DFB186A-DBC0-4E91-8CC4-C473A0F2F01C} 2015-04-10 22:48 - 2015-04-10 22:48 - 00000000 ____D () C:\ProgramData\TEMP 2015-04-10 22:48 - 2015-04-10 22:48 - 00000000 ____D () C:\ProgramData\Licenses 2015-04-10 22:29 - 2015-04-10 22:29 - 00000000 ____D () C:\Program Files (x86)\LibraryEngine 2015-04-10 22:26 - 2015-04-10 22:56 - 00000000 ____D () C:\ProgramData\{9f91f221-754b-c30c-9f91-1f221754c885} 2015-04-07 21:48 - 2015-04-07 21:57 - 891787140 _____ () C:\Users\martin\Desktop\Kitzi Sponsion.zip 2015-04-07 20:53 - 2015-04-07 20:53 - 00000000 ____D () C:\ProgramData\NoMore Ads 2015-04-06 22:59 - 2015-04-09 16:28 - 00000000 ____D () C:\Users\martin\Desktop\Typenschein 2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\windows\SysWOW64\GWX 2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\windows\system32\GWX 2015-04-02 21:39 - 2015-04-10 22:28 - 00000000 ____D () C:\Program Files (x86)\UpgradeLeader 2015-04-02 21:37 - 2015-04-11 21:13 - 00000000 ____D () C:\Program Files (x86)\SalEPPlus 2015-04-02 21:37 - 2015-04-09 22:49 - 00000000 ____D () C:\ProgramData\11055139438368474995 2015-04-02 21:37 - 2015-04-02 21:37 - 00000000 ____D () C:\Program Files (x86)\SAleePLuss 2015-04-02 21:36 - 2015-04-07 13:15 - 00000000 ____D () C:\ProgramData\{7b655848-8a6a-6b4a-7b65-558488a66122} 2015-04-02 21:18 - 2015-04-02 21:18 - 00000000 ____D () C:\ProgramData\{a88a4232-e0de-0c11-a88a-a4232e0d08cb} 2015-03-30 22:07 - 2015-03-30 22:07 - 00003308 _____ () C:\windows\System32\Tasks\{B9880EDD-B16E-4B4C-A9D9-228DB69220ED} 2015-03-30 22:00 - 2015-03-30 22:10 - 00000000 ____D () C:\Program Files (x86)\MP3Gain 2015-03-30 22:00 - 2015-03-30 22:00 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain 2015-03-30 22:00 - 2015-03-30 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain 2015-03-24 21:08 - 2015-04-06 22:23 - 00000000 ____D () C:\Users\martin\.ultramixer 2015-03-24 21:07 - 2015-03-24 21:07 - 00001031 _____ () C:\Users\martin\Desktop\UltraMixer.lnk 2015-03-24 21:07 - 2015-03-24 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraMixer 2015-03-24 21:07 - 2015-03-24 21:07 - 00000000 ____D () C:\Program Files (x86)\UltraMixer 2015-03-24 21:05 - 2015-03-24 21:05 - 55785649 _____ (UltraMixer Digitial Audio Solutions ) C:\Users\martin\Downloads\UltraMixer-2.4.6-win.exe 2015-03-24 21:02 - 2015-03-24 21:02 - 00000022 _____ () C:\Users\martin\Downloads\MP3Fader_Setup.zip 2015-03-16 23:44 - 2015-04-08 21:25 - 00003192 _____ () C:\windows\System32\Tasks\HPCeeScheduleFormartin ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-14 21:28 - 2014-09-20 21:12 - 00025345 _____ () C:\windows\setupact.log 2015-04-14 21:28 - 2012-04-16 07:20 - 00000000 ____D () C:\ProgramData\PDFC 2015-04-14 21:28 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-04-14 21:16 - 2012-10-07 17:41 - 01836762 _____ () C:\windows\WindowsUpdate.log 2015-04-14 21:04 - 2012-04-16 05:53 - 00699666 _____ () C:\windows\system32\perfh007.dat 2015-04-14 21:04 - 2012-04-16 05:53 - 00149774 _____ () C:\windows\system32\perfc007.dat 2015-04-14 21:04 - 2009-07-14 07:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI 2015-04-14 21:00 - 2012-04-16 07:20 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2015-04-14 20:48 - 2009-07-14 06:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-14 20:48 - 2009-07-14 06:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-12 16:15 - 2014-09-20 21:11 - 00020982 _____ () C:\windows\PFRO.log 2015-04-11 23:10 - 2013-05-26 16:41 - 00003962 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{CB48FE46-A3F8-47D2-88D1-C369DC76C2B7} 2015-04-11 21:13 - 2012-12-16 17:58 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log 2015-04-09 22:54 - 2012-12-22 17:04 - 00000000 ____D () C:\Users\martin\AppData\Local\CrashDumps 2015-04-09 16:22 - 2014-07-31 23:15 - 00015360 ___SH () C:\Users\martin\Thumbs.db 2015-04-08 21:25 - 2015-02-02 22:46 - 00000336 _____ () C:\windows\Tasks\HPCeeScheduleFormartin.job 2015-04-07 22:51 - 2012-12-12 20:55 - 00000000 ____D () C:\Users\martin\AppData\Local\PDFC 2015-04-01 20:36 - 2013-04-01 15:36 - 00000000 ____D () C:\Users\martin\AppData\Local\Google 2015-04-01 20:36 - 2013-04-01 15:36 - 00000000 ____D () C:\Program Files (x86)\Google 2015-04-01 20:21 - 2013-04-01 15:36 - 00000000 ____D () C:\Users\martin\AppData\Local\Deployment 2015-03-24 21:08 - 2012-12-12 20:50 - 00000000 ____D () C:\Users\martin 2015-03-18 20:31 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache 2015-03-18 00:14 - 2013-01-20 23:27 - 00002128 _____ () C:\windows\wininit.ini 2015-03-18 00:14 - 2013-01-20 23:26 - 00000000 ___RD () C:\Users\martin\Dropbox 2015-03-18 00:14 - 2013-01-20 23:24 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-03-18 00:14 - 2013-01-20 23:24 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Dropbox 2015-03-17 22:36 - 2009-07-14 07:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD 2015-03-17 00:19 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk ==================== Files in the root of some directories ======= 2015-04-11 21:10 - 2015-04-11 21:15 - 0011700 _____ () C:\Users\martin\AppData\Local\Temp-log.txt Some content of TEMP: ==================== C:\Users\martin\AppData\Local\Temp\10EC.exe C:\Users\martin\AppData\Local\Temp\1333_cov_webssearches.exe C:\Users\martin\AppData\Local\Temp\1850.exe C:\Users\martin\AppData\Local\Temp\2000.exe C:\Users\martin\AppData\Local\Temp\3420.exe C:\Users\martin\AppData\Local\Temp\378C.exe C:\Users\martin\AppData\Local\Temp\492C.exe C:\Users\martin\AppData\Local\Temp\5080.exe C:\Users\martin\AppData\Local\Temp\58A0.exe C:\Users\martin\AppData\Local\Temp\5B0.exe C:\Users\martin\AppData\Local\Temp\7018.exe C:\Users\martin\AppData\Local\Temp\8380.exe C:\Users\martin\AppData\Local\Temp\8F70.exe C:\Users\martin\AppData\Local\Temp\98AC.exe C:\Users\martin\AppData\Local\Temp\A170.exe C:\Users\martin\AppData\Local\Temp\A1C0.exe C:\Users\martin\AppData\Local\Temp\AC00.exe C:\Users\martin\AppData\Local\Temp\adblockplusie-1.1.exe C:\Users\martin\AppData\Local\Temp\amazonicon_fwde.exe C:\Users\martin\AppData\Local\Temp\amazoninstallernircmdc.exe C:\Users\martin\AppData\Local\Temp\B380.exe C:\Users\martin\AppData\Local\Temp\B680.exe C:\Users\martin\AppData\Local\Temp\D4C0.exe C:\Users\martin\AppData\Local\Temp\D930.exe C:\Users\martin\AppData\Local\Temp\DF50.exe C:\Users\martin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmps7hni_.dll C:\Users\martin\AppData\Local\Temp\E790.exe C:\Users\martin\AppData\Local\Temp\jna2562246376404723907.dll C:\Users\martin\AppData\Local\Temp\OptimizerPro.exe C:\Users\martin\AppData\Local\Temp\protegere6_ff_ie_fwde.exe C:\Users\martin\AppData\Local\Temp\Quarantine.exe C:\Users\martin\AppData\Local\Temp\sdanircmdc.exe C:\Users\martin\AppData\Local\Temp\sdapskill.exe C:\Users\martin\AppData\Local\Temp\sdaspwn.exe C:\Users\martin\AppData\Local\Temp\SettingsManagerSetup.exe C:\Users\martin\AppData\Local\Temp\sp64126.exe C:\Users\martin\AppData\Local\Temp\UninstallHPSA.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-04 19:05 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015 Ran by martin at 2015-04-14 21:32:34 Running from C:\Users\martin\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - ) Adblock Plus für IE (32-Bit- und 64-Bit) (HKLM\...\{C27EF409-FB69-451F-B996-DC853C25FCA2}) (Version: 1.4 - Eyeo GmbH) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Amazon Music (HKU\S-1-5-21-531367498-374304512-3508266509-1001\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC) AMD Catalyst Install Manager (HKLM\...\{8642397F-CF08-6B30-A477-A039BBAA511E}) (Version: 3.0.868.0 - Advanced Micro Devices, Inc.) ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.42 - ArcSoft) ArcSoft TotalMedia (x32 Version: 1.0.61.25 - ArcSoft) Hidden ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.39 - ArcSoft) CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.1.2.0 - Hewlett-Packard Company) Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.39.32378 - Hewlett-Packard Company) Dropbox (HKU\S-1-5-21-531367498-374304512-3508266509-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.) Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard) Evernote v. 4.5.4 (HKLM-x32\...\{550BFF6E-7376-11E1-99EA-984BE15F174E}) (Version: 4.5.4.6487 - Evernote Corp.) Face Recognition for HP ProtectTools (HKLM\...\Face Recognition for HP ProtectTools) (Version: 7.2.1.4548 - Hewlett-Packard Company) Face Recognition for HP ProtectTools (Version: 7.2.1.4548 - Hewlett-Packard Company) Hidden File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 7.0.2.2 - Hewlett-Packard Company) Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM\...\{1B9B252D-62CC-483D-89F5-E2A4FF871C7F}) (Version: 5.1.7.1 - Hewlett-Packard Company) HP Connection Manager (HKLM-x32\...\{5DCA44EB-03F6-44A3-A294-F3E5DE98D7F6}) (Version: 4.4.10.1 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{A351CC1B-C92C-4F37-8109-9F6D33ACF5EF}) (Version: 1.1.1.0 - Hewlett-Packard) HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company) HP HD Webcam Driver (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.8.16 - SunplusIT) HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.5.9.1 - Hewlett-Packard Company) HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company) HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.1.1199 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company) HP SoftPaq Download Manager (HKLM-x32\...\{223AE3E8-4445-410F-8EDA-13EC137E3BDB}) (Version: 3.4.3.0 - Hewlett-Packard Company) HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company) HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP System Default Settings (HKLM-x32\...\{F4F3B985-9B21-4D67-B1B2-2829C5D392E8}) (Version: 2.4.2.1 - Hewlett-Packard Company) HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6402.0 - IDT) Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3090 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation) JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.68.0 - JMicron Technology Corp.) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden NoMore Ads (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - NoMore Ads) <==== ATTENTION opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.93 - PDF Complete, Inc) Privacy Manager for HP ProtectTools (HKLM\...\{29AB47F0-C5A3-401F-8A84-3324F2DC8E46}) (Version: 7.0.1.892 - Hewlett-Packard Company) PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications) Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros) ReactorAppend (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{2969302e}) (Version: - ReactorAppend) <==== ATTENTION Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.50.1123.2011 - Realtek) SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated) Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.0.10 - Hewlett-Packard Company) Theft Recovery for HP ProtectTools (x32 Version: 7.0.0.10 - Hewlett-Packard Company) Hidden UltraMixer 2.4.6 (HKLM-x32\...\{32E2F180-247C-4077-B06A-20F9868568E0}_is1) (Version: 2.4.6 - UltraMixer Digital Audio Solutions) Validity Fingerprint Sensor Driver (HKLM\...\{AA51ED2E-DCE7-415F-9C32-CB9B561D216D}) (Version: 4.4.228.0 - Validity Sensors, Inc.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= 12-03-2015 01:43:49 Windows Update 16-03-2015 23:39:28 Windows Update 20-03-2015 00:43:39 Windows Update 23-03-2015 22:59:44 Windows Update 26-03-2015 23:20:13 Windows Update 30-03-2015 20:31:15 Windows Update 03-04-2015 19:16:42 Windows Update 05-04-2015 03:00:14 Windows Update 08-04-2015 19:30:58 Windows Update 11-04-2015 21:12:03 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1A6B4246-DF9D-4A89-9F11-8DFAB1569C26} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation) Task: {392DA3BD-A1F0-4AD0-8FC3-9B8A4C7D2757} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {3DE30625-59CD-4CB4-8F34-0C46C430712C} - System32\Tasks\HPCeeScheduleFormartin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {4FAEBD17-0406-43E4-9928-63CE28C9726C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {852839C1-0A5C-460A-BAC9-997E21594F0C} - System32\Tasks\{B9880EDD-B16E-4B4C-A9D9-228DB69220ED} => pcalua.exe -a "C:\Users\martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N6ZW7K6W\mp3gain-win-full-1_3_4.exe" -d C:\Users\martin\Desktop Task: {90AB0556-DF62-4591-A214-5D99EA363832} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {9A7FB271-7A3E-4D03-B361-1A2C37A68144} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {BE7E8ED2-A70B-4F9C-87E4-A6A14D15359A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {CB579AB6-3AF5-40A4-B816-40977C64F9F6} - System32\Tasks\{4DFB186A-DBC0-4E91-8CC4-C473A0F2F01C} => pcalua.exe -a "C:\ProgramData\NoMore Ads\NoMore Ads.exe" -c /progname=NoMore Ads /progver=3.4.2 /progpub=NoMore Ads /proguninstallurl=asdahjka.com /deleteappfolder=0 /VERYSILENT Task: {D7C09FC1-0111-45A3-B955-270709093B0F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {E9D10272-09AF-41B6-A2A5-894352D0C6B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated) Task: {EA440D02-1D76-48BD-9C5F-374BE40E3879} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {F2083596-D58B-4F9D-813D-B299128F4A96} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\HPCeeScheduleFormartin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============== 2012-01-17 16:57 - 2012-01-17 16:57 - 00298368 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll 2012-07-11 16:38 - 2012-07-11 16:38 - 03346432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll 2011-10-12 11:03 - 2011-10-12 11:03 - 00213328 _____ () C:\windows\system32\PassThroughOTP.dll 2010-09-06 13:18 - 2010-09-06 13:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll 2012-07-11 15:52 - 2012-07-11 15:52 - 00141824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll 2014-09-20 17:19 - 2014-07-23 14:16 - 00536576 _____ () C:\Users\martin\AppData\Roaming\Host System\host.exe 2012-07-11 15:54 - 2012-07-11 15:54 - 01327104 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe 2012-08-08 03:15 - 2012-08-08 03:15 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll 2012-08-08 03:11 - 2012-08-08 03:11 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll 2012-03-26 14:33 - 2012-03-26 14:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-10-14 20:50 - 2014-09-06 02:54 - 06281536 _____ () C:\Users\martin\AppData\Local\Amazon Music\Amazon Music Helper.exe 2012-07-26 11:22 - 2012-07-26 11:22 - 00303480 _____ () C:\Program Files (x86)\HP HD Webcam Driver\Monitor.exe 2011-12-26 22:20 - 2011-12-26 22:20 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2012-03-30 08:07 - 2012-03-30 08:07 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2012-02-10 23:26 - 2012-02-10 23:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll 2015-04-10 22:29 - 2015-04-10 22:29 - 01753600 _____ () c:\Program Files (x86)\LibraryEngine\LibraryEngine.dll 2014-09-20 17:19 - 2014-09-20 17:19 - 00374272 _____ () C:\Users\martin\AppData\Roaming\Host System\sub\default.dll 2012-07-11 16:23 - 2012-07-11 16:23 - 02854912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll 2012-07-11 15:52 - 2012-07-11 15:52 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll 2012-07-11 16:21 - 2012-07-11 16:21 - 03031040 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll 2012-07-11 16:26 - 2012-07-11 16:26 - 02867200 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll 2012-07-11 16:24 - 2012-07-11 16:24 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll 2012-07-11 15:56 - 2012-07-11 15:56 - 02043904 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll 2012-07-11 15:57 - 2012-07-11 15:57 - 01949696 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll 2014-10-22 20:24 - 2014-10-22 20:24 - 00172544 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll 2012-04-16 07:13 - 2012-02-02 03:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2011-04-27 17:05 - 2011-04-27 17:05 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll 2012-10-07 17:46 - 2014-08-18 22:09 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-531367498-374304512-3508266509-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\martin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: Media is not connected to internet. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: (default) => MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe ==================== Accounts: ============================= Administrator (S-1-5-21-531367498-374304512-3508266509-500 - Administrator - Disabled) Gast (S-1-5-21-531367498-374304512-3508266509-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-531367498-374304512-3508266509-1003 - Limited - Enabled) martin (S-1-5-21-531367498-374304512-3508266509-1001 - Administrator - Enabled) => C:\Users\martin ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/14/2015 09:28:52 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/14/2015 06:47:29 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/12/2015 04:42:11 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/12/2015 04:16:01 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/11/2015 09:50:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: HPHotkeyMonitor.exe, Version: 4.5.9.1, Zeitstempel: 0x4f60f5bb Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0064a1e0 ID des fehlerhaften Prozesses: 0xa40 Startzeit der fehlerhaften Anwendung: 0xHPHotkeyMonitor.exe0 Pfad der fehlerhaften Anwendung: HPHotkeyMonitor.exe1 Pfad des fehlerhaften Moduls: HPHotkeyMonitor.exe2 Berichtskennung: HPHotkeyMonitor.exe3 Error: (04/11/2015 08:58:10 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/10/2015 10:54:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/10/2015 10:25:30 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/09/2015 10:54:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17689, Zeitstempel: 0x54e68526 Name des fehlerhaften Moduls: Flash32_16_0_0_305.ocx, Version: 16.0.0.305, Zeitstempel: 0x54cff11b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0025e5e3 ID des fehlerhaften Prozesses: 0x14d8 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Error: (04/09/2015 05:50:58 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (04/14/2015 09:28:52 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (04/14/2015 09:28:53 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: ) Description: Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt Feature: %%886 Fehlercode: 0x80070005 Fehlerbeschreibung: Zugriff verweigert Grund: %%892 Error: (04/14/2015 09:28:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Offlinedateien" wurde mit folgendem Fehler beendet: %%3 Error: (04/14/2015 09:16:37 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (04/14/2015 08:48:43 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.195.2894.0 Aktualisierungsquelle: %NT-AUTORITÄT59 Aktualisierungsphase: 4.7.0205.00 Quellpfad: 4.7.0205.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (04/14/2015 06:57:28 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.195.2894.0 Aktualisierungsquelle: %NT-AUTORITÄT59 Aktualisierungsphase: 4.7.0205.00 Quellpfad: 4.7.0205.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (04/14/2015 06:57:18 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (04/14/2015 06:57:15 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (04/14/2015 06:47:30 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (04/14/2015 06:47:31 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: ) Description: Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt Feature: %%886 Fehlercode: 0x80070005 Fehlerbeschreibung: Zugriff verweigert Grund: %%892 Microsoft Office Sessions: ========================= Error: (04/14/2015 09:28:52 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/14/2015 06:47:29 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/12/2015 04:42:11 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/12/2015 04:16:01 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/11/2015 09:50:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: HPHotkeyMonitor.exe4.5.9.14f60f5bbunknown0.0.0.000000000c00000050064a1e0a4001d07489676909d3C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exeunknown02ae44fc-e084-11e4-8aea-b4b52f7b4b7e Error: (04/11/2015 08:58:10 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/10/2015 10:54:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/10/2015 10:25:30 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/09/2015 10:54:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE11.0.9600.1768954e68526Flash32_16_0_0_305.ocx16.0.0.30554cff11bc00000050025e5e314d801d073069aa70955C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SysWOW64\Macromed\Flash\Flash32_16_0_0_305.ocx99f2e4ac-defa-11e4-89cc-b4b52f7b4b7e Error: (04/09/2015 05:50:58 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz Percentage of memory in use: 57% Total physical RAM: 3976.55 MB Available physical RAM: 1697.46 MB Total Pagefile: 7951.3 MB Available Pagefile: 5335.2 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:441.8 GB) (Free:365.91 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32 Drive g: (HP_RECOVERY) (Fixed) (Total:21.66 GB) (Free:3.35 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 61D8E20C) Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=441.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=21.7 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=2 GB) - (Type=0C) ==================== End Of Log ============================ |
14.04.2015, 22:10 | #2 |
/// TB-Ausbilder /// Anleitungs-Guru | Windows 7 - Ist der Rechner noch infiziert?Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
Hinweis: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst. Los geht's: Schritt 1 Bitte deinstalliere folgende Programme: NoMore Ads ReactorAppend Versuche es bei Windows 7 zunächst über Systemsteuerung/Programme deinstallieren. Sollte das nicht gehen, lade Dir bitte Revo Uninstallerhier herunter. Entpacke die zip-Datei auf den Desktop. Anleitung
Wenn Du ein Programm nicht deinstallieren kannst, mach mit dem nächsten weiter. Auch wenn am Ende noch Programme übrig geblieben sind, führe den nächsten Schritt aus: Schritt 2 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 3
Schritt 4 Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Scan. Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________ |
15.04.2015, 21:56 | #3 |
| Windows 7 - Ist der Rechner noch infiziert? Alles durchgeführt hier die Logfiles
__________________AdwCleaner Code:
ATTFilter # AdwCneaner v4.201 - Bericht erstellt 15/04/2015 um 08:16:23 # Aktualisiert 08/04/205 von Xplode # Datenbank : 6015-04-08,1 [Looal] # Betriebssystam : Windows 7 Professional Service Pack ± (x64) #*Benutzername(: martin - MARTIN-OOTEB_OK # GesTartgd von*: C:\Users\martin\Desktop\AdwKleaner_4.201.exe #$Optiof : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : S:\ProgremDatc\smdmf Ordner Gelöscht : C:\ProgramDaTa\389203cc08005b55 Ordner Çelöscht : C:\Program Fhles (x86)\SAleePLuss Ordner gelöscht : C:\Program Files (x86)\SalEPPlus Datei Celöscht : C:\Users\martin\AppData\Local\Temp\OptimizerPro.exe ***** [ Geplante Tasks0] ***** ***** [ Verknüpfungen ] ***"* ***** [ Registrierungsdatenbank ] ***** We2u Gelöscht(: HKLM\SYSTEM\ControlSet001\Contbol\Session Manager\AppCertDlls`[|64] Wert Gelösãhô :(HKLM\SYSTUM\ControlSet001\C/ntrol\Sgssion Manager\AppCertDlls [x86] Wert Gelöscht : HKLM\SYSTEM\AontrolSet002\Control\Session Manager\AppCertDll3 [x64] Wert Gelöscht : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard Schlüssel Gelöscht : HKLM\SOFTWARE\0f3cef89-f168-02ce-5b08-a63848ff6c62 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA760BA8-5862-4BC5-9263-4452CBC0B264} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93D511B5-143B-4A99-ABFC-B5B78AD0AE1B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6137A08F-29B1-4E48-B6A1-70CC3ABF50F7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FCE74B5F-13A9-47C3-B69E-5210C1EECBEF} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AA760BA8-5862-4BC5-9263-4452CBC0B264} Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} Schlüssel Gelöscht : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} Schlüssel Gelöscht : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Schlüssel Gelöscht : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} Schlüssel Gelöscht : HKLM\SOFTWARE\SmdmF Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F1422DAA-0829-09A1-7536-73936CAB8FFA} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\websearch.goodforsearch.info ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17689 Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] ************************* AdwCleaner[R0].txt - [7217 Bytes] - [20/09/2014 21:06:01] AdwCleaner[R1].txt - [2685 Bytes] - [20/09/2014 22:00:07] AdwCleaner[R2].txt - [4721 Bytes] - [15/04/2015 08:15:32] AdwCleaner[S0].txt - [5551 Bytes] - [20/09/2014 21:10:14] AdwCleaner[S1].txt - [2310 Bytes] - [20/09/2014 22:00:53] AdwCleanerÛS2].txt - [4115*Bytes] - [±5/14¯2015 08:16:2] - ########## MOF - C:\AtwClecner\AdwCleaner[S2].tyt - K4174 Bùtes] #"######## Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 15.04.2015 Suchlauf-Zeit: 08:30:16 Logdatei: malwarebytes.txt Administrator: Ja Version: 2.01.4.1018 Malware Datenbank: v2015.03.09.05 Rootkit Datenbank: v2015.02.25.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: martin Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 350761 Verstrichene Zeit: 22 Min, 54 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 2 PUP.Optional.Multiplug, HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, , [7efbde656f1b290d636e48d2857e8878], PUP.Optional.Multiplug, HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, , [7efbde656f1b290d636e48d2857e8878], Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 7 PUP.Optional.Multiplug, C:\Users\martin\AppData\Local\Temp\5E10\temp\5B0.exe, , [7efbde656f1b290d636e48d2857e8878], PUP.Optional.Linkey.A, C:\Users\martin\AppData\Local\Temp\SettingsManagerSetup.exe, , [3a3fbc87414963d3d9327f3339c80000], PUP.Optional.SearchHijacker.A, C:\Users\martin\AppData\Local\Temp\1333_cov_webssearches.exe, , [68118ab923679a9cd4dbcdfcc43d9a66], PUP.Optional.Linkey.A, C:\Users\martin\AppData\Local\Temp\~nsu.tmp\Au_.exe, , [23564300bcceb68023366c2ae31e0bf5], PUP.Optional.SearchHijacker.A, C:\Users\martin\AppData\Local\Temp\2de641f0768b744ae15fc902dd685b34\1333_cov_webssearches.exe, , [780144ff7a104cea317edbeec43d8b75], PUP.Optional.MultiPlug.A, C:\Users\martin\AppData\Local\Temp\5E10\temp\hpds_setup.exe, , [5128f54e9ceec076dcf859edf50d867a], PUP.Optional.Softonic, C:\Users\martin\Downloads\SoftonicDownloader_fuer_del-ad.exe, , [c9b0f64d6c1ea3930c7221b18180ea16], Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015 Ran by martin (administrator) on MARTIN-NOTEBOOK on 15-04-2015 22:49:05 Running from C:\Users\martin\Desktop Loaded Profiles: martin (Available profiles: martin) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (AMD) C:\Windows\System32\atieclxx.exe (Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe () C:\Users\martin\AppData\Roaming\Host System\host.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Users\martin\AppData\Local\Amazon Music\Amazon Music Helper.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files (x86)\HP HD Webcam Driver\Monitor.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [763520 2012-08-08] (Qualcomm Atheros) HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-08] (Atheros Communications) HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2014-08-18] (IDT, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2014-08-18] (Synaptics Incorporated) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-03-01] (Intel Corporation) HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [319360 2012-03-14] (Hewlett-Packard Company) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2014-08-18] (Intel Corporation) HKLM-x32\...\Run: [HP HD Webcam Driver_Monitor] => C:\Program Files (x86)\HP HD Webcam Driver\monitor.exe [303480 2012-07-26] () HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2012-03-30] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] () HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.) HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12313720 2012-08-07] (Hewlett-Packard) HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [184736 2012-09-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [] => [X] HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe, Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X] HKU\S-1-5-21-531367498-374304512-3508266509-1001\...\Run: [Amazon Music] => C:\Users\martin\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] () HKU\S-1-5-21-531367498-374304512-3508266509-1001\...\MountPoints2: {5999006b-9cd1-11e3-9781-b4b52f7b4b7e} - D:\LaunchU3.exe -a Lsa: [Notification Packages] DPPassFilter scecli Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5B0.lnk ShortcutTarget: 5B0.lnk -> C:\ProgramData\{9f91f221-754b-c30c-9f91-1f221754c885}\5B0.exe () Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Old Crow Medicine Show - Wagon Wheel.lnk ShortcutTarget: Old Crow Medicine Show - Wagon Wheel.lnk -> C:\ProgramData\{7b655848-8a6a-6b4a-7b65-558488a66122}\Old Crow Medicine Show - Wagon Wheel.exe () ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-531367498-374304512-3508266509-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-08-18] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-08-18] (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2014-08-18] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [caeaobpemokdfnidgaebncaooofnbfha] - C:\Users\martin\ChromeExtensions\caeaobpemokdfnidgaebncaooofnbfha\amazon-icon-fwde.crx [2014-09-20] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211072 2012-08-08] (Qualcomm Atheros Commnucations) [File not signed] R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-04-28] (DigitalPersona, Inc.) S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-11-19] (Hewlett-Packard Company) R2 HostService; C:\Users\martin\AppData\Roaming\Host System\host.exe [536576 2014-07-23] () [File not signed] R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [365440 2012-03-14] (Hewlett-Packard Company) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2014-08-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2014-08-18] (Intel Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2012-07-11] () [File not signed] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-03-07] (PDF Complete Inc) R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2012-04-05] (ArcSoft, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-08] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [32896 2012-03-20] (Advanced Micro Devices, Inc.) R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2012-02-03] (ArcSoft, Inc.) S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2012-08-08] (Qualcomm Atheros) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-11-09] (Hewlett-Packard Company) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation) R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [90736 2012-07-11] (McAfee, Inc.) R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158832 2012-07-11] (McAfee, Inc.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation) R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1064184 2013-01-23] (Sunplus) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-15 22:42 - 2015-04-15 22:42 - 00000000 ____H () C:\Users\martin\BIT512D.tmp 2015-04-15 08:29 - 2015-04-15 08:30 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-15 08:29 - 2015-04-15 08:29 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-04-15 08:29 - 2015-04-15 08:29 - 00001102 _____ () C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk 2015-04-15 08:29 - 2015-04-15 08:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-04-15 08:29 - 2015-04-15 08:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-04-15 08:29 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2015-04-15 08:29 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2015-04-15 08:29 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2015-04-15 08:19 - 2015-04-15 08:19 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-04-15 08:12 - 2015-04-15 08:05 - 02217984 _____ () C:\Users\martin\Desktop\AdwCleaner_4.201.exe 2015-04-15 08:11 - 2015-04-15 08:12 - 00000000 ____D () C:\Users\martin\Desktop\RevoUninstallerPortable 2015-04-14 21:32 - 2015-04-14 21:33 - 00033149 _____ () C:\Users\martin\Desktop\Addition.txt 2015-04-14 21:31 - 2015-04-15 22:49 - 00017218 _____ () C:\Users\martin\Desktop\FRST.txt 2015-04-14 21:31 - 2015-04-15 22:49 - 00000000 ____D () C:\FRST 2015-04-14 21:30 - 2015-04-14 21:27 - 02096640 _____ (Farbar) C:\Users\martin\Desktop\FRST64.exe 2015-04-11 21:15 - 2015-04-11 21:15 - 00003338 _____ () C:\windows\System32\Tasks\{4DFB186A-DBC0-4E91-8CC4-C473A0F2F01C} 2015-04-10 22:48 - 2015-04-10 22:48 - 00000000 ____D () C:\ProgramData\TEMP 2015-04-10 22:48 - 2015-04-10 22:48 - 00000000 ____D () C:\ProgramData\Licenses 2015-04-10 22:26 - 2015-04-10 22:56 - 00000000 ____D () C:\ProgramData\{9f91f221-754b-c30c-9f91-1f221754c885} 2015-04-07 21:48 - 2015-04-07 21:57 - 891787140 _____ () C:\Users\martin\Desktop\Kitzi Sponsion.zip 2015-04-06 22:59 - 2015-04-09 16:28 - 00000000 ____D () C:\Users\martin\Desktop\Typenschein 2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\windows\SysWOW64\GWX 2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\windows\system32\GWX 2015-04-02 21:39 - 2015-04-10 22:28 - 00000000 ____D () C:\Program Files (x86)\UpgradeLeader 2015-04-02 21:37 - 2015-04-09 22:49 - 00000000 ____D () C:\ProgramData\11055139438368474995 2015-04-02 21:36 - 2015-04-07 13:15 - 00000000 ____D () C:\ProgramData\{7b655848-8a6a-6b4a-7b65-558488a66122} 2015-04-02 21:18 - 2015-04-02 21:18 - 00000000 ____D () C:\ProgramData\{a88a4232-e0de-0c11-a88a-a4232e0d08cb} 2015-03-30 22:07 - 2015-03-30 22:07 - 00003308 _____ () C:\windows\System32\Tasks\{B9880EDD-B16E-4B4C-A9D9-228DB69220ED} 2015-03-30 22:00 - 2015-03-30 22:10 - 00000000 ____D () C:\Program Files (x86)\MP3Gain 2015-03-30 22:00 - 2015-03-30 22:00 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain 2015-03-30 22:00 - 2015-03-30 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain 2015-03-24 21:08 - 2015-04-06 22:23 - 00000000 ____D () C:\Users\martin\.ultramixer 2015-03-24 21:07 - 2015-03-24 21:07 - 00001031 _____ () C:\Users\martin\Desktop\UltraMixer.lnk 2015-03-24 21:07 - 2015-03-24 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraMixer 2015-03-24 21:07 - 2015-03-24 21:07 - 00000000 ____D () C:\Program Files (x86)\UltraMixer 2015-03-24 21:05 - 2015-03-24 21:05 - 55785649 _____ (UltraMixer Digitial Audio Solutions ) C:\Users\martin\Downloads\UltraMixer-2.4.6-win.exe 2015-03-24 21:02 - 2015-03-24 21:02 - 00000022 _____ () C:\Users\martin\Downloads\MP3Fader_Setup.zip 2015-03-16 23:44 - 2015-04-15 22:42 - 00003192 _____ () C:\windows\System32\Tasks\HPCeeScheduleFormartin ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-15 22:49 - 2012-10-07 17:41 - 01906294 _____ () C:\windows\WindowsUpdate.log 2015-04-15 22:45 - 2014-09-20 21:12 - 00025513 _____ () C:\windows\setupact.log 2015-04-15 22:45 - 2014-09-20 21:11 - 00023760 _____ () C:\windows\PFRO.log 2015-04-15 22:45 - 2012-04-16 07:20 - 00000000 ____D () C:\ProgramData\PDFC 2015-04-15 22:45 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-04-15 22:45 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\IME 2015-04-15 22:42 - 2015-02-02 22:46 - 00000336 _____ () C:\windows\Tasks\HPCeeScheduleFormartin.job 2015-04-15 22:42 - 2012-12-12 20:50 - 00000000 ____D () C:\Users\martin 2015-04-15 22:42 - 2012-04-16 07:20 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2015-04-15 08:24 - 2009-07-14 06:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-15 08:24 - 2009-07-14 06:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-15 08:16 - 2014-09-20 21:05 - 00000000 ____D () C:\AdwCleaner 2015-04-14 21:04 - 2012-04-16 05:53 - 00699666 _____ () C:\windows\system32\perfh007.dat 2015-04-14 21:04 - 2012-04-16 05:53 - 00149774 _____ () C:\windows\system32\perfc007.dat 2015-04-14 21:04 - 2009-07-14 07:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI 2015-04-11 23:10 - 2013-05-26 16:41 - 00003962 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{CB48FE46-A3F8-47D2-88D1-C369DC76C2B7} 2015-04-11 21:13 - 2012-12-16 17:58 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log 2015-04-09 22:54 - 2012-12-22 17:04 - 00000000 ____D () C:\Users\martin\AppData\Local\CrashDumps 2015-04-09 16:22 - 2014-07-31 23:15 - 00015360 ___SH () C:\Users\martin\Thumbs.db 2015-04-07 22:51 - 2012-12-12 20:55 - 00000000 ____D () C:\Users\martin\AppData\Local\PDFC 2015-04-01 20:36 - 2013-04-01 15:36 - 00000000 ____D () C:\Users\martin\AppData\Local\Google 2015-04-01 20:36 - 2013-04-01 15:36 - 00000000 ____D () C:\Program Files (x86)\Google 2015-04-01 20:21 - 2013-04-01 15:36 - 00000000 ____D () C:\Users\martin\AppData\Local\Deployment 2015-03-18 20:31 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache 2015-03-18 00:14 - 2013-01-20 23:27 - 00002128 _____ () C:\windows\wininit.ini 2015-03-18 00:14 - 2013-01-20 23:26 - 00000000 ___RD () C:\Users\martin\Dropbox 2015-03-18 00:14 - 2013-01-20 23:24 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-03-18 00:14 - 2013-01-20 23:24 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Dropbox 2015-03-17 22:36 - 2009-07-14 07:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD 2015-03-17 00:19 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk ==================== Files in the root of some directories ======= 2015-04-11 21:10 - 2015-04-11 21:15 - 0011700 _____ () C:\Users\martin\AppData\Local\Temp-log.txt Some content of TEMP: ==================== C:\Users\martin\AppData\Local\Temp\10EC.exe C:\Users\martin\AppData\Local\Temp\1850.exe C:\Users\martin\AppData\Local\Temp\2000.exe C:\Users\martin\AppData\Local\Temp\3420.exe C:\Users\martin\AppData\Local\Temp\378C.exe C:\Users\martin\AppData\Local\Temp\492C.exe C:\Users\martin\AppData\Local\Temp\5080.exe C:\Users\martin\AppData\Local\Temp\5700.exe C:\Users\martin\AppData\Local\Temp\58A0.exe C:\Users\martin\AppData\Local\Temp\5B0.exe C:\Users\martin\AppData\Local\Temp\7018.exe C:\Users\martin\AppData\Local\Temp\7F20.exe C:\Users\martin\AppData\Local\Temp\8380.exe C:\Users\martin\AppData\Local\Temp\8B80.exe C:\Users\martin\AppData\Local\Temp\8F70.exe C:\Users\martin\AppData\Local\Temp\9260.exe C:\Users\martin\AppData\Local\Temp\98AC.exe C:\Users\martin\AppData\Local\Temp\A170.exe C:\Users\martin\AppData\Local\Temp\A1C0.exe C:\Users\martin\AppData\Local\Temp\AC00.exe C:\Users\martin\AppData\Local\Temp\adblockplusie-1.1.exe C:\Users\martin\AppData\Local\Temp\amazonicon_fwde.exe C:\Users\martin\AppData\Local\Temp\amazoninstallernircmdc.exe C:\Users\martin\AppData\Local\Temp\B380.exe C:\Users\martin\AppData\Local\Temp\B680.exe C:\Users\martin\AppData\Local\Temp\B904.exe C:\Users\martin\AppData\Local\Temp\D4C0.exe C:\Users\martin\AppData\Local\Temp\D930.exe C:\Users\martin\AppData\Local\Temp\DF50.exe C:\Users\martin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmps7hni_.dll C:\Users\martin\AppData\Local\Temp\E790.exe C:\Users\martin\AppData\Local\Temp\FB58.exe C:\Users\martin\AppData\Local\Temp\jna2562246376404723907.dll C:\Users\martin\AppData\Local\Temp\protegere6_ff_ie_fwde.exe C:\Users\martin\AppData\Local\Temp\Quarantine.exe C:\Users\martin\AppData\Local\Temp\sdanircmdc.exe C:\Users\martin\AppData\Local\Temp\sdapskill.exe C:\Users\martin\AppData\Local\Temp\sdaspwn.exe C:\Users\martin\AppData\Local\Temp\sp64126.exe C:\Users\martin\AppData\Local\Temp\sqlite3.dll C:\Users\martin\AppData\Local\Temp\UninstallHPSA.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-04 19:05 ==================== End Of Log ============================ --- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015 Ran by martin at 2015-04-15 22:49:53 Running from C:\Users\martin\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - ) Adblock Plus für IE (32-Bit- und 64-Bit) (HKLM\...\{C27EF409-FB69-451F-B996-DC853C25FCA2}) (Version: 1.4 - Eyeo GmbH) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Amazon Music (HKU\S-1-5-21-531367498-374304512-3508266509-1001\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC) AMD Catalyst Install Manager (HKLM\...\{8642397F-CF08-6B30-A477-A039BBAA511E}) (Version: 3.0.868.0 - Advanced Micro Devices, Inc.) ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.42 - ArcSoft) ArcSoft TotalMedia (x32 Version: 1.0.61.25 - ArcSoft) Hidden ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.39 - ArcSoft) CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.1.2.0 - Hewlett-Packard Company) Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.39.32378 - Hewlett-Packard Company) Dropbox (HKU\S-1-5-21-531367498-374304512-3508266509-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.) Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard) Evernote v. 4.5.4 (HKLM-x32\...\{550BFF6E-7376-11E1-99EA-984BE15F174E}) (Version: 4.5.4.6487 - Evernote Corp.) Face Recognition for HP ProtectTools (HKLM\...\Face Recognition for HP ProtectTools) (Version: 7.2.1.4548 - Hewlett-Packard Company) Face Recognition for HP ProtectTools (Version: 7.2.1.4548 - Hewlett-Packard Company) Hidden File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 7.0.2.2 - Hewlett-Packard Company) Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM\...\{1B9B252D-62CC-483D-89F5-E2A4FF871C7F}) (Version: 5.1.7.1 - Hewlett-Packard Company) HP Connection Manager (HKLM-x32\...\{5DCA44EB-03F6-44A3-A294-F3E5DE98D7F6}) (Version: 4.4.10.1 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{A351CC1B-C92C-4F37-8109-9F6D33ACF5EF}) (Version: 1.1.1.0 - Hewlett-Packard) HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company) HP HD Webcam Driver (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.8.16 - SunplusIT) HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.5.9.1 - Hewlett-Packard Company) HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company) HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.1.1199 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company) HP SoftPaq Download Manager (HKLM-x32\...\{223AE3E8-4445-410F-8EDA-13EC137E3BDB}) (Version: 3.4.3.0 - Hewlett-Packard Company) HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company) HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP System Default Settings (HKLM-x32\...\{F4F3B985-9B21-4D67-B1B2-2829C5D392E8}) (Version: 2.4.2.1 - Hewlett-Packard Company) HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6402.0 - IDT) Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3090 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation) JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.68.0 - JMicron Technology Corp.) Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.93 - PDF Complete, Inc) Privacy Manager for HP ProtectTools (HKLM\...\{29AB47F0-C5A3-401F-8A84-3324F2DC8E46}) (Version: 7.0.1.892 - Hewlett-Packard Company) PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications) Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros) Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.50.1123.2011 - Realtek) SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated) Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.0.10 - Hewlett-Packard Company) Theft Recovery for HP ProtectTools (x32 Version: 7.0.0.10 - Hewlett-Packard Company) Hidden UltraMixer 2.4.6 (HKLM-x32\...\{32E2F180-247C-4077-B06A-20F9868568E0}_is1) (Version: 2.4.6 - UltraMixer Digital Audio Solutions) Validity Fingerprint Sensor Driver (HKLM\...\{AA51ED2E-DCE7-415F-9C32-CB9B561D216D}) (Version: 4.4.228.0 - Validity Sensors, Inc.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= 16-03-2015 23:39:28 Windows Update 20-03-2015 00:43:39 Windows Update 23-03-2015 22:59:44 Windows Update 26-03-2015 23:20:13 Windows Update 30-03-2015 20:31:15 Windows Update 03-04-2015 19:16:42 Windows Update 05-04-2015 03:00:14 Windows Update 08-04-2015 19:30:58 Windows Update 11-04-2015 21:12:03 Windows Update 15-04-2015 08:13:04 Revo Uninstaller's restore point - NoMore Ads ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1A6B4246-DF9D-4A89-9F11-8DFAB1569C26} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation) Task: {392DA3BD-A1F0-4AD0-8FC3-9B8A4C7D2757} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {3DE30625-59CD-4CB4-8F34-0C46C430712C} - System32\Tasks\HPCeeScheduleFormartin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {4FAEBD17-0406-43E4-9928-63CE28C9726C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {852839C1-0A5C-460A-BAC9-997E21594F0C} - System32\Tasks\{B9880EDD-B16E-4B4C-A9D9-228DB69220ED} => pcalua.exe -a "C:\Users\martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N6ZW7K6W\mp3gain-win-full-1_3_4.exe" -d C:\Users\martin\Desktop Task: {90AB0556-DF62-4591-A214-5D99EA363832} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {9A7FB271-7A3E-4D03-B361-1A2C37A68144} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {BE7E8ED2-A70B-4F9C-87E4-A6A14D15359A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {CB579AB6-3AF5-40A4-B816-40977C64F9F6} - System32\Tasks\{4DFB186A-DBC0-4E91-8CC4-C473A0F2F01C} => pcalua.exe -a "C:\ProgramData\NoMore Ads\NoMore Ads.exe" -c /progname=NoMore Ads /progver=3.4.2 /progpub=NoMore Ads /proguninstallurl=asdahjka.com /deleteappfolder=0 /VERYSILENT Task: {D7C09FC1-0111-45A3-B955-270709093B0F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {E9D10272-09AF-41B6-A2A5-894352D0C6B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated) Task: {EA440D02-1D76-48BD-9C5F-374BE40E3879} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {F2083596-D58B-4F9D-813D-B299128F4A96} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\HPCeeScheduleFormartin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============== 2012-01-17 16:57 - 2012-01-17 16:57 - 00298368 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll 2012-07-11 16:38 - 2012-07-11 16:38 - 03346432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll 2011-10-12 11:03 - 2011-10-12 11:03 - 00213328 _____ () C:\windows\system32\PassThroughOTP.dll 2010-09-06 13:18 - 2010-09-06 13:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll 2014-09-20 17:19 - 2014-07-23 14:16 - 00536576 _____ () C:\Users\martin\AppData\Roaming\Host System\host.exe 2012-07-11 15:54 - 2012-07-11 15:54 - 01327104 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe 2012-08-08 03:15 - 2012-08-08 03:15 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll 2012-08-08 03:11 - 2012-08-08 03:11 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll 2012-03-26 14:33 - 2012-03-26 14:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-10-14 20:50 - 2014-09-06 02:54 - 06281536 _____ () C:\Users\martin\AppData\Local\Amazon Music\Amazon Music Helper.exe 2012-07-26 11:22 - 2012-07-26 11:22 - 00303480 _____ () C:\Program Files (x86)\HP HD Webcam Driver\Monitor.exe 2011-12-26 22:20 - 2011-12-26 22:20 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2012-03-30 08:07 - 2012-03-30 08:07 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2012-02-10 23:26 - 2012-02-10 23:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll 2014-09-20 17:19 - 2014-09-20 17:19 - 00374272 _____ () C:\Users\martin\AppData\Roaming\Host System\sub\default.dll 2012-07-11 16:23 - 2012-07-11 16:23 - 02854912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll 2012-07-11 15:52 - 2012-07-11 15:52 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll 2012-07-11 16:21 - 2012-07-11 16:21 - 03031040 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll 2012-07-11 16:26 - 2012-07-11 16:26 - 02867200 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll 2012-07-11 16:24 - 2012-07-11 16:24 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll 2012-07-11 15:56 - 2012-07-11 15:56 - 02043904 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll 2012-07-11 15:57 - 2012-07-11 15:57 - 01949696 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll 2014-10-22 20:24 - 2014-10-22 20:24 - 00172544 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll 2012-04-16 07:13 - 2012-02-02 03:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2012-10-07 17:46 - 2014-08-18 22:09 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2011-04-27 17:05 - 2011-04-27 17:05 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-531367498-374304512-3508266509-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\martin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: Media is not connected to internet. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: (default) => MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe ==================== Accounts: ============================= Administrator (S-1-5-21-531367498-374304512-3508266509-500 - Administrator - Disabled) Gast (S-1-5-21-531367498-374304512-3508266509-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-531367498-374304512-3508266509-1003 - Limited - Enabled) martin (S-1-5-21-531367498-374304512-3508266509-1001 - Administrator - Enabled) => C:\Users\martin ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/15/2015 10:45:50 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/15/2015 08:17:34 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/15/2015 08:09:51 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/14/2015 09:28:52 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/14/2015 06:47:29 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/12/2015 04:42:11 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/12/2015 04:16:01 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/11/2015 09:50:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: HPHotkeyMonitor.exe, Version: 4.5.9.1, Zeitstempel: 0x4f60f5bb Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0064a1e0 ID des fehlerhaften Prozesses: 0xa40 Startzeit der fehlerhaften Anwendung: 0xHPHotkeyMonitor.exe0 Pfad der fehlerhaften Anwendung: HPHotkeyMonitor.exe1 Pfad des fehlerhaften Moduls: HPHotkeyMonitor.exe2 Berichtskennung: HPHotkeyMonitor.exe3 Error: (04/11/2015 08:58:10 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/10/2015 10:54:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (04/15/2015 10:45:52 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: ) Description: Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt Feature: %%886 Fehlercode: 0x80070005 Fehlerbeschreibung: Zugriff verweigert Grund: %%892 Error: (04/15/2015 10:45:51 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (04/15/2015 10:45:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Offlinedateien" wurde mit folgendem Fehler beendet: %%3 Error: (04/15/2015 10:44:51 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (04/15/2015 08:27:40 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.195.2894.0 Aktualisierungsquelle: %NT-AUTORITÄT59 Aktualisierungsphase: 4.7.0205.00 Quellpfad: 4.7.0205.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (04/15/2015 08:27:27 AM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (04/15/2015 08:27:24 AM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (04/15/2015 08:17:38 AM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (04/15/2015 08:17:39 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: ) Description: Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt Feature: %%886 Fehlercode: 0x80070005 Fehlerbeschreibung: Zugriff verweigert Grund: %%892 Error: (04/15/2015 08:17:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Offlinedateien" wurde mit folgendem Fehler beendet: %%3 Microsoft Office Sessions: ========================= Error: (04/15/2015 10:45:50 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/15/2015 08:17:34 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/15/2015 08:09:51 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/14/2015 09:28:52 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/14/2015 06:47:29 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/12/2015 04:42:11 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/12/2015 04:16:01 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/11/2015 09:50:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: HPHotkeyMonitor.exe4.5.9.14f60f5bbunknown0.0.0.000000000c00000050064a1e0a4001d07489676909d3C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exeunknown02ae44fc-e084-11e4-8aea-b4b52f7b4b7e Error: (04/11/2015 08:58:10 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/10/2015 10:54:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz Percentage of memory in use: 59% Total physical RAM: 3976.55 MB Available physical RAM: 1599.28 MB Total Pagefile: 7951.3 MB Available Pagefile: 5263.32 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:441.8 GB) (Free:366.37 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: () (Removable) (Total:3.9 GB) (Free:3.7 GB) FAT32 Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32 Drive g: (HP_RECOVERY) (Fixed) (Total:21.66 GB) (Free:3.35 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 61D8E20C) Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=441.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=21.7 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=2 GB) - (Type=0C) ======================================================== Disk: 1 (Size: 3.9 GB) (Disk ID: 01E63116) Partition 1: (Active) - (Size=3.9 GB) - (Type=0B) ==================== End Of Log ============================ |
15.04.2015, 22:02 | #4 |
/// TB-Ausbilder /// Anleitungs-Guru | Windows 7 - Ist der Rechner noch infiziert? Hi, bitte Malwarebytes-Scan wiederholen und darauf achten, dass die Datenbanken up-to-date sind und die Funde in Quarantäne verschoben werden. http://anleitung.trojaner-board.de/trojaner-entfernen-mit-malwarebytes-anti-malware_5 Code:
ATTFilter Malware Datenbank: v2015.03.09.05 Rootkit Datenbank: v2015.02.25.01
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
16.04.2015, 10:01 | #5 |
| Windows 7 - Ist der Rechner noch infiziert? Hallo, habe den Scan wiederholt hier das Log. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 16.04.2015 Suchlauf-Zeit: 09:10:10 Logdatei: malwarebytes.txt Administrator: Ja Version: 2.01.4.1018 Malware Datenbank: v2015.04.16.02 Rootkit Datenbank: v2015.03.31.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: martin Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 347417 Verstrichene Zeit: 30 Min, 41 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 35 PUP.Optional.MultiPlug, C:\ProgramData\{7b655848-8a6a-6b4a-7b65-558488a66122}\Old Crow Medicine Show - Wagon Wheel.exe, In Quarantäne, [6fd3bcb1d9b1a98dbab56dd46a9811ef], PUP.Optional.MultiPlug, C:\ProgramData\{9f91f221-754b-c30c-9f91-1f221754c885}\5B0.exe, In Quarantäne, [75cd006dc7c37fb70c63073a22e0c739], PUP.Optional.MultiPlug, C:\ProgramData\{a88a4232-e0de-0c11-a88a-a4232e0d08cb}\Old Crow Medicine Show - Wagon Wheel.exe, In Quarantäne, [033ff17c701ac4724629fd44ef136997], PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\B380.exe, In Quarantäne, [bd85da933e4c1c1a402f94ad55ad15eb], PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\B680.exe, In Quarantäne, [251d81ec8505e94d9dd2f9480bf7e917], PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\B904.exe, In Quarantäne, [4af8432ae0aa191d29461b26679b946c], PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\D4C0.exe, In Quarantäne, [78ca3736751539fde38cb78ab15108f8], PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\D930.exe, In Quarantäne, [78ca7df00b7f93a393dc073aee14ea16], PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\DF50.exe, In Quarantäne, [73cfd39a1d6dff37452a82bfd23046ba], PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\E790.exe, In Quarantäne, [70d27af3afdbc96d056a2d14e121f30d], PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\EA00.exe, In Quarantäne, [e45e0a631a700531521d97aae31f9d63], PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\FB58.exe, In Quarantäne, [ae94a4c9f79383b3fa7576cb778b43bd], PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\7018.exe, In Quarantäne, [3210a6c727631620f47bba879d65fc04], PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\7F20.exe, In Quarantäne, [d46edc91692102345f106dd49072d828], PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\8380.exe, In Quarantäne, [cd75ed80b0da51e594db78c9a0625fa1], PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\8B80.exe, In Quarantäne, [9ca68be2ddaddb5b026d10318979fb05], PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\8F70.exe, In Quarantäne, [4ff3036a9eec0a2c9cd347fafc06eb15], PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\9260.exe, In Quarantäne, [043ebfaee6a4e84e75fad46dae5415eb], PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\98AC.exe, In Quarantäne, [e55daac30c7e1c1af97688b916ec3ac6], PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\A170.exe, In Quarantäne, [b78b48256921a6902e4193aec33f16ea], PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\A1C0.exe, In Quarantäne, [6ed46b0292f8da5c026d45fc1ce6b54b], PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\10EC.exe, In Quarantäne, [9da5b8b591f973c396d9cd74b151fe02], PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\1850.exe, In Quarantäne, [f74bee7f4e3c47ef145bee538b770ef2], PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\2000.exe, In Quarantäne, [3012fc718dfd0f27f47bda6706fc7888], PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\AC00.exe, In Quarantäne, [5fe3d697206a270f2a45e25fda28827e], PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\3420.exe, In Quarantäne, [cf73a9c488029b9be58a6bd6cd3542be], PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\3640.exe, In Quarantäne, [d072511c1d6dff37acc3e45ddc26ad53], PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\378C.exe, In Quarantäne, [31112b42deac87af2f40073a5ca639c7], PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\492C.exe, In Quarantäne, [ba8872fb4b3fc76f2649cf7225ddb050], PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\5080.exe, In Quarantäne, [cb77e489f991bb7b5d1210315da5718f], PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\5700.exe, In Quarantäne, [ab974f1e2f5b979fb5ba40013cc633cd], PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\58A0.exe, In Quarantäne, [6ed4fd701f6b2016e08f7cc526dcd828], PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\5B0.exe, In Quarantäne, [d1715d10741696a0e887192807fbc838], PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\E560\temp\Old Crow Medicine Show - Wagon Wheel.exe, In Quarantäne, [ac96b8b5cac02214fc73370aa260df21], PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\5860\temp\Old Crow Medicine Show - Wagon Wheel.exe, In Quarantäne, [94ae4825c9c106300867e75a52b003fd], Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) |
16.04.2015, 21:13 | #6 |
/// TB-Ausbilder /// Anleitungs-Guru | Windows 7 - Ist der Rechner noch infiziert? Hi, bitte mal folgendes durchführen: Schritt 1 Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter CloseProcesses: HKLM-x32\...\Run: [] => [X] Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X] Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5B0.lnk ShortcutTarget: 5B0.lnk -> C:\ProgramData\{9f91f221-754b-c30c-9f91-1f221754c885}\5B0.exe () Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Old Crow Medicine Show - Wagon Wheel.lnk ShortcutTarget: Old Crow Medicine Show - Wagon Wheel.lnk -> C:\ProgramData\{7b655848-8a6a-6b4a-7b65-558488a66122}\Old Crow Medicine Show - Wagon Wheel.exe () CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = R2 HostService; C:\Users\martin\AppData\Roaming\Host System\host.exe [536576 2014-07-23] () [File not signed] C:\Users\martin\AppData\Roaming\Host System\ Task: {852839C1-0A5C-460A-BAC9-997E21594F0C} - System32\Tasks\{B9880EDD-B16E-4B4C-A9D9-228DB69220ED} => pcalua.exe -a "C:\Users\martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N6ZW7K6W\mp3gain-win-full-1_3_4.exe" -d C:\Users\martin\Desktop Task: {CB579AB6-3AF5-40A4-B816-40977C64F9F6} - System32\Tasks\{4DFB186A-DBC0-4E91-8CC4-C473A0F2F01C} => pcalua.exe -a "C:\ProgramData\NoMore Ads\NoMore Ads.exe" -c /progname=NoMore Ads /progver=3.4.2 /progpub=NoMore Ads /proguninstallurl=asdahjka.com /deleteappfolder=0 /VERYSILENT C:\ProgramData\{7b655848-8a6a-6b4a-7b65-558488a66122} C:\ProgramData\{9f91f221-754b-c30c-9f91-1f221754c885} EmptyTemp:
Schritt 2 Upload:
Bitte um Rückmeldung ob es geklappt hat! Danke für Deine Hilfe!
__________________ --> Windows 7 - Ist der Rechner noch infiziert? |
17.04.2015, 04:27 | #7 |
| Windows 7 - Ist der Rechner noch infiziert? Fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-04-2015 04 Ran by martin at 2015-04-17 05:18:52 Run:1 Running from C:\Users\martin\Desktop Loaded Profiles: martin (Available profiles: martin) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: HKLM-x32\...\Run: [] => [X] Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X] Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5B0.lnk ShortcutTarget: 5B0.lnk -> C:\ProgramData\{9f91f221-754b-c30c-9f91-1f221754c885}\5B0.exe () Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Old Crow Medicine Show - Wagon Wheel.lnk ShortcutTarget: Old Crow Medicine Show - Wagon Wheel.lnk -> C:\ProgramData\{7b655848-8a6a-6b4a-7b65-558488a66122}\Old Crow Medicine Show - Wagon Wheel.exe () CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = R2 HostService; C:\Users\martin\AppData\Roaming\Host System\host.exe [536576 2014-07-23] () [File not signed] C:\Users\martin\AppData\Roaming\Host System\ Task: {852839C1-0A5C-460A-BAC9-997E21594F0C} - System32\Tasks\{B9880EDD-B16E-4B4C-A9D9-228DB69220ED} => pcalua.exe -a "C:\Users\martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N6ZW7K6W\mp3gain-win-full-1_3_4.exe" -d C:\Users\martin\Desktop Task: {CB579AB6-3AF5-40A4-B816-40977C64F9F6} - System32\Tasks\{4DFB186A-DBC0-4E91-8CC4-C473A0F2F01C} => pcalua.exe -a "C:\ProgramData\NoMore Ads\NoMore Ads.exe" -c /progname=NoMore Ads /progver=3.4.2 /progpub=NoMore Ads /proguninstallurl=asdahjka.com /deleteappfolder=0 /VERYSILENT C:\ProgramData\{7b655848-8a6a-6b4a-7b65-558488a66122} C:\ProgramData\{9f91f221-754b-c30c-9f91-1f221754c885} EmptyTemp: ***************** Processes closed successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP" => Key deleted successfully. C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5B0.lnk => Moved successfully. C:\ProgramData\{9f91f221-754b-c30c-9f91-1f221754c885}\5B0.exe not found. C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Old Crow Medicine Show - Wagon Wheel.lnk => Moved successfully. C:\ProgramData\{7b655848-8a6a-6b4a-7b65-558488a66122}\Old Crow Medicine Show - Wagon Wheel.exe not found. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HostService => Service stopped successfully. HostService => Service deleted successfully. C:\Users\martin\AppData\Roaming\Host System => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{852839C1-0A5C-460A-BAC9-997E21594F0C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{852839C1-0A5C-460A-BAC9-997E21594F0C}" => Key deleted successfully. C:\Windows\System32\Tasks\{B9880EDD-B16E-4B4C-A9D9-228DB69220ED} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B9880EDD-B16E-4B4C-A9D9-228DB69220ED}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB579AB6-3AF5-40A4-B816-40977C64F9F6}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB579AB6-3AF5-40A4-B816-40977C64F9F6}" => Key deleted successfully. C:\Windows\System32\Tasks\{4DFB186A-DBC0-4E91-8CC4-C473A0F2F01C} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4DFB186A-DBC0-4E91-8CC4-C473A0F2F01C}" => Key deleted successfully. C:\ProgramData\{7b655848-8a6a-6b4a-7b65-558488a66122} => Moved successfully. C:\ProgramData\{9f91f221-754b-c30c-9f91-1f221754c885} => Moved successfully. EmptyTemp: => Removed 679.2 MB temporary data. The system needed a reboot. ==== End of Fixlog 05:19:56 ==== |
17.04.2015, 11:19 | #8 |
/// TB-Ausbilder /// Anleitungs-Guru | Windows 7 - Ist der Rechner noch infiziert? Ne, das kannst hier auch nicht sehen. Schritt 1 ESET Online Scanner
Schritt 2 Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Scan. Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
17.04.2015, 17:27 | #9 |
| Windows 7 - Ist der Rechner noch infiziert? Hallo! Hier die Logfiles Eset Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=7387ebc51000434492e93e5cff2844cf # engine=23432 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-04-17 04:15:59 # local_time=2015-04-17 06:15:59 (+0100, Mitteleuropäische Sommerzeit) # country="Austria" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 5614986 122600969 0 0 # scanned=221070 # found=36 # cleaned=0 # scan_time=11167 sh=66E6AF2A5BB7F214A7D9B5FF7C22A9860EA63EF3 ft=1 fh=c71c00118d26cb68 vn="Variante von Win32/Adware.MultiPlug.FL Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SAleePLuss\Q3H8djXS1ZPDM3.dll.vir" sh=3A46A97ED632D6EB55559059F43BA0F2C2D1261B ft=1 fh=c71c001114689753 vn="Variante von Win32/BHOUninstaller.AB evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SAleePLuss\Q3H8djXS1ZPDM3.exe.vir" sh=696808CA814B4ADC0DB0D969E5B10BCFC897CB30 ft=1 fh=d1dc74617bb90d5c vn="Variante von Win64/Adware.MultiPlug.G Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SAleePLuss\Q3H8djXS1ZPDM3.x64.dll.vir" sh=0D679A276D4DDAF0AB98A067F949434E031BB9D0 ft=1 fh=c71c00115ec9c1ab vn="Variante von Win32/BHOUninstaller.AB evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SalEPPlus\SalEPPlus.exe.vir" sh=53F226B3D1D3828304E40C6C7A50667ADF23B42A ft=1 fh=e1ea10a5e9416a5c vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir" sh=0CB68F399D491465198E3E86F1D2923A211614E7 ft=1 fh=021f675753f993f2 vn="Win64/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir" sh=86EA851108D635D9ED47C01E86899845DFDA3EC7 ft=1 fh=90733a3b10b3e858 vn="Variante von Win32/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir" sh=12EBF6FC8AD543662053CA101C2D5DA175137EB2 ft=1 fh=c71c00119e5c1a87 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe.vir" sh=8F0ABE23DDA3F9DC04497B1A4F455AF8CE9D45B8 ft=1 fh=787e176d56997de7 vn="Win64/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir" sh=A8E3A9E6972C6F8B253EA0E1837AEEBF0A07B187 ft=1 fh=e2a5b168a3934371 vn="Win32/Thinknice.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir" sh=30E2FB1C671B2808D2E80518D793575965AF2416 ft=1 fh=d06e6f3f3f60e357 vn="Variante von Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir" sh=AC11914CC02E023E2EF06A80DEE1701419A5473A ft=1 fh=4cb2d0bd10147652 vn="Win64/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir" sh=36F969E522FD53A189312D946C430EFD02D5A982 ft=1 fh=5d022c015afe1524 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe.vir" sh=D037F58CF4B36F3B437FAA0D9500720445B27D65 ft=1 fh=b07c7921935b766c vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir" sh=4139F95644E13A650D4827C943BCC9F2F0F6AA93 ft=1 fh=3b96e1736604b8bc vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir" sh=79C9BD304C93AB8FD0544108656A899993DB14EF ft=1 fh=e6f80544d6e8089f vn="Variante von Win32/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll32.dll.vir" sh=96B85214CD9E4FF85AC6144E7EF3DDF9E0F215E6 ft=1 fh=098a6735f96a550a vn="Variante von Win32/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll64.dll.vir" sh=36F969E522FD53A189312D946C430EFD02D5A982 ft=1 fh=5d022c015afe1524 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir" sh=9C6C68EFAE364FC17008C32848E148F86D468C99 ft=1 fh=c71c0011e4b098f3 vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir" sh=ECCAC05AC1B234C920664876442DF3EFD776DE60 ft=1 fh=e9325afa081f4f27 vn="Variante von Win32/Toolbar.SearchSuite.U evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\martin\AppData\Local\Linkey\IEExtension\iedll.dll.vir" sh=87E2338DB2AA37BEA99D572F792DE8C94B5C77E4 ft=1 fh=45260490e49e3a0a vn="Variante von Win32/OptimizerEliteMax.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\martin\AppData\Local\Temp\OptimizerPro.exe.vir" sh=16A9F50D9E0ED205CFF4474BD99E2900FEB16F19 ft=1 fh=50427314871b5fda vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\martin\AppData\Roaming\Security Systems\uninstall.exe.vir" sh=B21BFF68D39A17C19914C6B3A44361CB36986162 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\All Users\Application Data\InstallMate\{7DCD6576-B055-4691-A47A-F877A62E4780}\Custom.dll" sh=B21BFF68D39A17C19914C6B3A44361CB36986162 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\All Users\InstallMate\{7DCD6576-B055-4691-A47A-F877A62E4780}\Custom.dll" sh=45A30A7CB5CBF88FB013D55585DC9835D2D9A1FA ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\martin\Downloads\SopCast3.5.0.zip" sh=AB49838A2E7E35D9D8B7B924D6A8BABA1139CEC5 ft=0 fh=0000000000000000 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\FRST\Quarantine.zip" sh=52C62112EBE6C00644D6A5C3A1DA1D4124BB31A7 ft=1 fh=6d95cedaba666fcd vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\martin\AppData\Roaming\Host System\host.exe" sh=B21BFF68D39A17C19914C6B3A44361CB36986162 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\InstallMate\{7DCD6576-B055-4691-A47A-F877A62E4780}\Custom.dll" sh=DF678B81D0A2C063E5467C5113DCCFF238B44DC4 ft=1 fh=55941976f4437196 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\swsetup\WinZBas\Setup.exe" sh=B21BFF68D39A17C19914C6B3A44361CB36986162 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Application Data\InstallMate\{7DCD6576-B055-4691-A47A-F877A62E4780}\Custom.dll" sh=B21BFF68D39A17C19914C6B3A44361CB36986162 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{7DCD6576-B055-4691-A47A-F877A62E4780}\Custom.dll" sh=45A30A7CB5CBF88FB013D55585DC9835D2D9A1FA ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\martin\Downloads\SopCast3.5.0.zip" sh=64672C26701C177148D446EB17CF45C1060FA37C ft=1 fh=e1f7b6dbf8eef072 vn="Variante von Win32/Adware.MultiPlug.HW Anwendung" ac=I fn="D:\$RECYCLE.BIN\S-1-5-21-531367498-374304512-3508266509-1001\$RF80ZQZ.exe" sh=A11B742E5A985FF215EDC3C6D68C2B4209C2AA44 ft=1 fh=48c78541455d6d07 vn="Variante von Win32/Adware.MultiPlug.IE Anwendung" ac=I fn="D:\$RECYCLE.BIN\S-1-5-21-531367498-374304512-3508266509-1001\$RLMS4TN.exe" sh=87E5EA637FD917B85C5BF3D026E6932811093215 ft=1 fh=7004ba2ec1ea3750 vn="Variante von Win32/Adware.MultiPlug.EP Anwendung" ac=I fn="D:\$RECYCLE.BIN\S-1-5-21-531367498-374304512-3508266509-1001\$ROMWGFB.exe" sh=6FB801A9152E0289B659229BA3236DE8A0FC0806 ft=1 fh=28353a0245e11705 vn="Variante von Win32/Adware.MultiPlug.HW Anwendung" ac=I fn="D:\$RECYCLE.BIN\S-1-5-21-531367498-374304512-3508266509-1001\$RSC2EY3.exe" FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 04 Ran by martin (administrator) on MARTIN-NOTEBOOK on 17-04-2015 18:24:01 Running from C:\Users\martin\Desktop Loaded Profiles: martin (Available profiles: martin) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (AMD) C:\Windows\System32\atieclxx.exe (Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Users\martin\AppData\Local\Amazon Music\Amazon Music Helper.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe () C:\Program Files (x86)\HP HD Webcam Driver\Monitor.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe (Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [763520 2012-08-08] (Qualcomm Atheros) HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-08] (Atheros Communications) HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2014-08-18] (IDT, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2014-08-18] (Synaptics Incorporated) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-03-01] (Intel Corporation) HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [319360 2012-03-14] (Hewlett-Packard Company) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2014-08-18] (Intel Corporation) HKLM-x32\...\Run: [HP HD Webcam Driver_Monitor] => C:\Program Files (x86)\HP HD Webcam Driver\monitor.exe [303480 2012-07-26] () HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2012-03-30] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] () HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.) HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12313720 2012-08-07] (Hewlett-Packard) HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [184736 2012-09-05] (Hewlett-Packard Development Company, L.P.) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe, Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-531367498-374304512-3508266509-1001\...\Run: [Amazon Music] => C:\Users\martin\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] () HKU\S-1-5-21-531367498-374304512-3508266509-1001\...\MountPoints2: {5999006b-9cd1-11e3-9781-b4b52f7b4b7e} - D:\LaunchU3.exe -a Lsa: [Notification Packages] DPPassFilter scecli ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-531367498-374304512-3508266509-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-08-18] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-08-18] (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2014-08-18] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [caeaobpemokdfnidgaebncaooofnbfha] - C:\Users\martin\ChromeExtensions\caeaobpemokdfnidgaebncaooofnbfha\amazon-icon-fwde.crx [2014-09-20] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211072 2012-08-08] (Qualcomm Atheros Commnucations) [File not signed] R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-04-28] (DigitalPersona, Inc.) S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-11-19] (Hewlett-Packard Company) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [365440 2012-03-14] (Hewlett-Packard Company) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2014-08-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2014-08-18] (Intel Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2012-07-11] () [File not signed] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-03-07] (PDF Complete Inc) R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2012-04-05] (ArcSoft, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-08] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [32896 2012-03-20] (Advanced Micro Devices, Inc.) R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2012-02-03] (ArcSoft, Inc.) S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2012-08-08] (Qualcomm Atheros) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-11-09] (Hewlett-Packard Company) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation) R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [90736 2012-07-11] (McAfee, Inc.) R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158832 2012-07-11] (McAfee, Inc.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation) R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1064184 2013-01-23] (Sunplus) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-17 18:24 - 2015-04-17 18:24 - 00016241 _____ () C:\Users\martin\Desktop\FRST.txt 2015-04-17 17:03 - 2015-04-17 17:03 - 17593008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe 2015-04-17 15:05 - 2015-04-17 15:05 - 02347384 _____ (ESET) C:\Users\martin\Downloads\esetsmartinstaller_deu.exe 2015-04-17 05:18 - 2015-04-17 05:18 - 00000000 ____D () C:\Users\martin\Desktop\FRST-OlderVersion 2015-04-15 08:29 - 2015-04-16 10:59 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-15 08:29 - 2015-04-15 08:29 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-04-15 08:29 - 2015-04-15 08:29 - 00001102 _____ () C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk 2015-04-15 08:29 - 2015-04-15 08:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-04-15 08:29 - 2015-04-15 08:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-04-15 08:29 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2015-04-15 08:29 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2015-04-15 08:29 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2015-04-15 08:19 - 2015-04-15 08:19 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-04-15 08:12 - 2015-04-15 08:05 - 02217984 _____ () C:\Users\martin\Desktop\AdwCleaner_4.201.exe 2015-04-15 08:11 - 2015-04-15 08:12 - 00000000 ____D () C:\Users\martin\Desktop\RevoUninstallerPortable 2015-04-14 21:31 - 2015-04-17 18:24 - 00000000 ____D () C:\FRST 2015-04-14 21:30 - 2015-04-17 05:18 - 02097664 _____ (Farbar) C:\Users\martin\Desktop\FRST64.exe 2015-04-10 22:48 - 2015-04-10 22:48 - 00000000 ____D () C:\ProgramData\TEMP 2015-04-10 22:48 - 2015-04-10 22:48 - 00000000 ____D () C:\ProgramData\Licenses 2015-04-07 21:48 - 2015-04-07 21:57 - 891787140 _____ () C:\Users\martin\Desktop\Kitzi Sponsion.zip 2015-04-06 22:59 - 2015-04-09 16:28 - 00000000 ____D () C:\Users\martin\Desktop\Typenschein 2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\windows\SysWOW64\GWX 2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\windows\system32\GWX 2015-04-02 21:39 - 2015-04-10 22:28 - 00000000 ____D () C:\Program Files (x86)\UpgradeLeader 2015-04-02 21:37 - 2015-04-09 22:49 - 00000000 ____D () C:\ProgramData\11055139438368474995 2015-04-02 21:18 - 2015-04-16 10:57 - 00000000 ____D () C:\ProgramData\{a88a4232-e0de-0c11-a88a-a4232e0d08cb} 2015-03-30 22:00 - 2015-03-30 22:10 - 00000000 ____D () C:\Program Files (x86)\MP3Gain 2015-03-30 22:00 - 2015-03-30 22:00 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain 2015-03-30 22:00 - 2015-03-30 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain 2015-03-24 21:08 - 2015-04-06 22:23 - 00000000 ____D () C:\Users\martin\.ultramixer 2015-03-24 21:07 - 2015-03-24 21:07 - 00001031 _____ () C:\Users\martin\Desktop\UltraMixer.lnk 2015-03-24 21:07 - 2015-03-24 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraMixer 2015-03-24 21:07 - 2015-03-24 21:07 - 00000000 ____D () C:\Program Files (x86)\UltraMixer 2015-03-24 21:05 - 2015-03-24 21:05 - 55785649 _____ (UltraMixer Digitial Audio Solutions ) C:\Users\martin\Downloads\UltraMixer-2.4.6-win.exe 2015-03-24 21:02 - 2015-03-24 21:02 - 00000022 _____ () C:\Users\martin\Downloads\MP3Fader_Setup.zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-17 18:00 - 2012-04-16 07:20 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2015-04-17 17:03 - 2012-10-07 17:41 - 01378790 _____ () C:\windows\WindowsUpdate.log 2015-04-17 17:03 - 2012-04-16 07:20 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2015-04-17 17:03 - 2012-04-16 07:20 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-04-17 17:03 - 2012-04-16 07:20 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2015-04-17 15:12 - 2013-05-26 16:41 - 00003962 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{CB48FE46-A3F8-47D2-88D1-C369DC76C2B7} 2015-04-17 15:10 - 2009-07-14 06:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-17 15:10 - 2009-07-14 06:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-17 15:06 - 2012-04-16 05:53 - 00699666 _____ () C:\windows\system32\perfh007.dat 2015-04-17 15:06 - 2012-04-16 05:53 - 00149774 _____ () C:\windows\system32\perfc007.dat 2015-04-17 15:06 - 2009-07-14 07:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI 2015-04-17 15:03 - 2014-09-20 21:12 - 00025905 _____ () C:\windows\setupact.log 2015-04-17 15:03 - 2012-04-16 07:20 - 00000000 ____D () C:\ProgramData\PDFC 2015-04-17 15:03 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-04-16 21:53 - 2014-09-20 21:11 - 00032948 _____ () C:\windows\PFRO.log 2015-04-16 10:58 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\IME 2015-04-15 22:42 - 2015-03-16 23:44 - 00003192 _____ () C:\windows\System32\Tasks\HPCeeScheduleFormartin 2015-04-15 22:42 - 2015-02-02 22:46 - 00000336 _____ () C:\windows\Tasks\HPCeeScheduleFormartin.job 2015-04-15 22:42 - 2012-12-12 20:50 - 00000000 ____D () C:\Users\martin 2015-04-15 08:16 - 2014-09-20 21:05 - 00000000 ____D () C:\AdwCleaner 2015-04-11 21:13 - 2012-12-16 17:58 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log 2015-04-09 22:54 - 2012-12-22 17:04 - 00000000 ____D () C:\Users\martin\AppData\Local\CrashDumps 2015-04-09 16:22 - 2014-07-31 23:15 - 00015360 ___SH () C:\Users\martin\Thumbs.db 2015-04-07 22:51 - 2012-12-12 20:55 - 00000000 ____D () C:\Users\martin\AppData\Local\PDFC 2015-04-01 20:36 - 2013-04-01 15:36 - 00000000 ____D () C:\Users\martin\AppData\Local\Google 2015-04-01 20:36 - 2013-04-01 15:36 - 00000000 ____D () C:\Program Files (x86)\Google 2015-04-01 20:21 - 2013-04-01 15:36 - 00000000 ____D () C:\Users\martin\AppData\Local\Deployment 2015-03-18 20:31 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache 2015-03-18 00:14 - 2013-01-20 23:27 - 00002128 _____ () C:\windows\wininit.ini 2015-03-18 00:14 - 2013-01-20 23:26 - 00000000 ___RD () C:\Users\martin\Dropbox 2015-03-18 00:14 - 2013-01-20 23:24 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-03-18 00:14 - 2013-01-20 23:24 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Dropbox ==================== Files in the root of some directories ======= 2015-04-11 21:10 - 2015-04-11 21:15 - 0011700 _____ () C:\Users\martin\AppData\Local\Temp-log.txt ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-16 10:00 ==================== End Of Log ============================ Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2015 04 Ran by martin at 2015-04-17 18:24:39 Running from C:\Users\martin\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - ) Adblock Plus für IE (32-Bit- und 64-Bit) (HKLM\...\{C27EF409-FB69-451F-B996-DC853C25FCA2}) (Version: 1.4 - Eyeo GmbH) Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated) Amazon Music (HKU\S-1-5-21-531367498-374304512-3508266509-1001\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC) AMD Catalyst Install Manager (HKLM\...\{8642397F-CF08-6B30-A477-A039BBAA511E}) (Version: 3.0.868.0 - Advanced Micro Devices, Inc.) ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.42 - ArcSoft) ArcSoft TotalMedia (x32 Version: 1.0.61.25 - ArcSoft) Hidden ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.39 - ArcSoft) CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.1.2.0 - Hewlett-Packard Company) Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.39.32378 - Hewlett-Packard Company) Dropbox (HKU\S-1-5-21-531367498-374304512-3508266509-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.) Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard) Evernote v. 4.5.4 (HKLM-x32\...\{550BFF6E-7376-11E1-99EA-984BE15F174E}) (Version: 4.5.4.6487 - Evernote Corp.) Face Recognition for HP ProtectTools (HKLM\...\Face Recognition for HP ProtectTools) (Version: 7.2.1.4548 - Hewlett-Packard Company) Face Recognition for HP ProtectTools (Version: 7.2.1.4548 - Hewlett-Packard Company) Hidden File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 7.0.2.2 - Hewlett-Packard Company) Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM\...\{1B9B252D-62CC-483D-89F5-E2A4FF871C7F}) (Version: 5.1.7.1 - Hewlett-Packard Company) HP Connection Manager (HKLM-x32\...\{5DCA44EB-03F6-44A3-A294-F3E5DE98D7F6}) (Version: 4.4.10.1 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{A351CC1B-C92C-4F37-8109-9F6D33ACF5EF}) (Version: 1.1.1.0 - Hewlett-Packard) HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company) HP HD Webcam Driver (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.8.16 - SunplusIT) HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.5.9.1 - Hewlett-Packard Company) HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company) HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.1.1199 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company) HP SoftPaq Download Manager (HKLM-x32\...\{223AE3E8-4445-410F-8EDA-13EC137E3BDB}) (Version: 3.4.3.0 - Hewlett-Packard Company) HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company) HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP System Default Settings (HKLM-x32\...\{F4F3B985-9B21-4D67-B1B2-2829C5D392E8}) (Version: 2.4.2.1 - Hewlett-Packard Company) HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6402.0 - IDT) Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3090 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation) JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.68.0 - JMicron Technology Corp.) Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.93 - PDF Complete, Inc) Privacy Manager for HP ProtectTools (HKLM\...\{29AB47F0-C5A3-401F-8A84-3324F2DC8E46}) (Version: 7.0.1.892 - Hewlett-Packard Company) PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications) Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros) Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.50.1123.2011 - Realtek) SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated) Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.0.10 - Hewlett-Packard Company) Theft Recovery for HP ProtectTools (x32 Version: 7.0.0.10 - Hewlett-Packard Company) Hidden UltraMixer 2.4.6 (HKLM-x32\...\{32E2F180-247C-4077-B06A-20F9868568E0}_is1) (Version: 2.4.6 - UltraMixer Digital Audio Solutions) Validity Fingerprint Sensor Driver (HKLM\...\{AA51ED2E-DCE7-415F-9C32-CB9B561D216D}) (Version: 4.4.228.0 - Validity Sensors, Inc.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= 20-03-2015 00:43:39 Windows Update 23-03-2015 22:59:44 Windows Update 26-03-2015 23:20:13 Windows Update 30-03-2015 20:31:15 Windows Update 03-04-2015 19:16:42 Windows Update 05-04-2015 03:00:14 Windows Update 08-04-2015 19:30:58 Windows Update 11-04-2015 21:12:03 Windows Update 15-04-2015 08:13:04 Revo Uninstaller's restore point - NoMore Ads 17-04-2015 05:18:16 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1A6B4246-DF9D-4A89-9F11-8DFAB1569C26} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation) Task: {392DA3BD-A1F0-4AD0-8FC3-9B8A4C7D2757} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {3DE30625-59CD-4CB4-8F34-0C46C430712C} - System32\Tasks\HPCeeScheduleFormartin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {4FAEBD17-0406-43E4-9928-63CE28C9726C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {90AB0556-DF62-4591-A214-5D99EA363832} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {9A7FB271-7A3E-4D03-B361-1A2C37A68144} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {BE7E8ED2-A70B-4F9C-87E4-A6A14D15359A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {D7C09FC1-0111-45A3-B955-270709093B0F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {E9D10272-09AF-41B6-A2A5-894352D0C6B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-17] (Adobe Systems Incorporated) Task: {EA440D02-1D76-48BD-9C5F-374BE40E3879} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {F2083596-D58B-4F9D-813D-B299128F4A96} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\HPCeeScheduleFormartin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============== 2012-01-17 16:57 - 2012-01-17 16:57 - 00298368 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll 2012-07-11 16:38 - 2012-07-11 16:38 - 03346432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll 2011-10-12 11:03 - 2011-10-12 11:03 - 00213328 _____ () C:\windows\system32\PassThroughOTP.dll 2010-09-06 13:18 - 2010-09-06 13:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll 2012-07-11 15:54 - 2012-07-11 15:54 - 01327104 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe 2012-08-08 03:15 - 2012-08-08 03:15 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll 2012-08-08 03:11 - 2012-08-08 03:11 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll 2012-03-26 14:33 - 2012-03-26 14:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-10-14 20:50 - 2014-09-06 02:54 - 06281536 _____ () C:\Users\martin\AppData\Local\Amazon Music\Amazon Music Helper.exe 2012-07-26 11:22 - 2012-07-26 11:22 - 00303480 _____ () C:\Program Files (x86)\HP HD Webcam Driver\Monitor.exe 2011-12-26 22:20 - 2011-12-26 22:20 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2012-03-30 08:07 - 2012-03-30 08:07 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2012-02-10 23:26 - 2012-02-10 23:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll 2012-07-11 16:23 - 2012-07-11 16:23 - 02854912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll 2012-07-11 15:52 - 2012-07-11 15:52 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll 2012-07-11 16:21 - 2012-07-11 16:21 - 03031040 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll 2012-07-11 16:26 - 2012-07-11 16:26 - 02867200 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll 2012-07-11 16:24 - 2012-07-11 16:24 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll 2012-07-11 15:56 - 2012-07-11 15:56 - 02043904 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll 2012-07-11 15:57 - 2012-07-11 15:57 - 01949696 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll 2014-10-22 20:24 - 2014-10-22 20:24 - 00172544 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll 2012-04-16 07:13 - 2012-02-02 03:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2012-10-07 17:46 - 2014-08-18 22:09 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2011-04-27 17:05 - 2011-04-27 17:05 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-531367498-374304512-3508266509-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\martin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 10.0.0.138 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: (default) => MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe ==================== Accounts: ============================= Administrator (S-1-5-21-531367498-374304512-3508266509-500 - Administrator - Disabled) Gast (S-1-5-21-531367498-374304512-3508266509-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-531367498-374304512-3508266509-1003 - Limited - Enabled) martin (S-1-5-21-531367498-374304512-3508266509-1001 - Administrator - Enabled) => C:\Users\martin ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/17/2015 06:21:55 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (04/17/2015 03:05:54 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (04/17/2015 03:05:49 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (04/17/2015 03:03:34 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/17/2015 05:25:06 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/17/2015 05:21:13 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/17/2015 05:14:11 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/16/2015 09:53:27 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/16/2015 10:58:50 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/16/2015 09:08:06 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (04/17/2015 03:03:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Offlinedateien" wurde mit folgendem Fehler beendet: %%3 Error: (04/17/2015 05:30:02 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (04/17/2015 05:29:45 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (04/17/2015 05:24:56 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Offlinedateien" wurde mit folgendem Fehler beendet: %%3 Error: (04/17/2015 05:22:57 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (04/17/2015 05:22:51 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: ) Description: Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt Feature: %%886 Fehlercode: 0x80070005 Fehlerbeschreibung: Zugriff verweigert Grund: %%858 Error: (04/17/2015 05:22:47 AM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (04/17/2015 05:21:14 AM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (04/17/2015 05:21:15 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: ) Description: Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt Feature: %%886 Fehlercode: 0x80070005 Fehlerbeschreibung: Zugriff verweigert Grund: %%892 Error: (04/17/2015 05:21:04 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Offlinedateien" wurde mit folgendem Fehler beendet: %%3 Microsoft Office Sessions: ========================= Error: (04/17/2015 06:21:55 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (04/17/2015 03:05:54 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\martin\Downloads\esetsmartinstaller_deu.exe Error: (04/17/2015 03:05:49 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\martin\Downloads\esetsmartinstaller_deu.exe Error: (04/17/2015 03:03:34 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/17/2015 05:25:06 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/17/2015 05:21:13 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/17/2015 05:14:11 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/16/2015 09:53:27 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/16/2015 10:58:50 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/16/2015 09:08:06 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz Percentage of memory in use: 49% Total physical RAM: 3976.55 MB Available physical RAM: 2021.92 MB Total Pagefile: 7951.3 MB Available Pagefile: 5355.47 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:441.8 GB) (Free:366.46 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Ext.-Festplatte-Martin) (Fixed) (Total:465.76 GB) (Free:350.97 GB) NTFS Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32 Drive g: (HP_RECOVERY) (Fixed) (Total:21.66 GB) (Free:3.35 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive h: () (Removable) (Total:3.9 GB) (Free:3.9 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 61D8E20C) Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=441.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=21.7 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=2 GB) - (Type=0C) ======================================================== Disk: 1 (Size: 465.8 GB) (Disk ID: 3CE913E0) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 3.9 GB) (Disk ID: 01E63116) Partition 1: (Active) - (Size=3.9 GB) - (Type=0B) ==================== End Of Log ============================ |
17.04.2015, 20:18 | #10 |
/// TB-Ausbilder /// Anleitungs-Guru | Windows 7 - Ist der Rechner noch infiziert? Hi, wie läuft der Rechner? Noch irgendwelche Probleme?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
17.04.2015, 20:22 | #11 |
| Windows 7 - Ist der Rechner noch infiziert? Hi, nein läuft alles normal soweit ich das einschätzen kann. Ist das Ding wieder sauber? |
18.04.2015, 15:54 | #12 |
/// TB-Ausbilder /// Anleitungs-Guru | Windows 7 - Ist der Rechner noch infiziert? Jup, können wir lassen. Schritt 1 Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter C:\Documents and Settings\All Users\Application Data\InstallMate\{7DCD6576-B055-4691-A47A-F877A62E4780} C:\Documents and Settings\All Users\InstallMate\{7DCD6576-B055-4691-A47A-F877A62E4780} C:\Documents and Settings\martin\Downloads\SopCast3.5.0.zip C:\ProgramData\InstallMate\{7DCD6576-B055-4691-A47A-F877A62E4780} C:\swsetup\WinZBas\Setup.exe C:\Users\All Users\Application Data\InstallMate\{7DCD6576-B055-4691-A47A-F877A62E4780} C:\Users\martin\Downloads\SopCast3.5.0.zip D:\$RECYCLE.BIN\S-1-5-21-531367498-374304512-3508266509-1001\$RF80ZQZ.exe D:\$RECYCLE.BIN\S-1-5-21-531367498-374304512-3508266509-1001\$RLMS4TN.exe D:\$RECYCLE.BIN\S-1-5-21-531367498-374304512-3508266509-1001\$ROMWGFB.exe D:\$RECYCLE.BIN\S-1-5-21-531367498-374304512-3508266509-1001\$RSC2EY3.exe
Cleanup: Alle Logs gepostet? Ja! Dann lade Dir bitte DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. >>clean<< Wir haben es geschafft! Die Logs sehen für mich im Moment sauber aus. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. Wie kann ich mich in Zukunft besser schützen? Tipps, Dos & Don'ts Updates & Software
Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Firewall, Antivirus & Co.
Cracks, Downloads & Co. Neben unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch dubioser Websites kann bereits Risiken bergen. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten. Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher und beliebter Weg um Malware zu verbreiten. Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kann man nie sicher sein, ob auch wirklich drin ist, was drauf steht. (Trojanisches Pferd^^)
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden zu verleiten, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Abschließend noch ein paar grundsätzliche Bemerkungen:
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
Themen zu Windows 7 - Ist der Rechner noch infiziert? |
administrator, adobe, adware, branding, browser, cpu, defender, device driver, dll, explorer, flash player, google, home, iexplore.exe, installation, registry, rundll, security, services.exe, software, svchost.exe, system, trojaner, usb, windows, winlogon.exe, zugriff verweigert |