| |
| |||||||
Log-Analyse und Auswertung: Windows 8: Ordner werden als shortcut angezeigt, tlw. auch USB-SticksWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
24.05.2015, 22:08
| #1 |
 |  Windows 8: Ordner werden als shortcut angezeigt, tlw. auch USB-Sticks Guten Tag, liebe Helfer! Letzen Montag ist mir das erstemal an einem fremden PC aufgefallen, dass mein USB-Stick als Shortcut angezeigt wurde. Leider habe ich ihn angeklickt und dann auch am eigenen Laptop noch verwendet  Ich habe mich dann gestern im Internet schlau gemacht und einiges zu einem Shortcut Virus gefunden. Ich habe dann nach dieser Anleitung versucht den Schaden zu beheben: hxxp://www.techchore.com/flashdrive-shortcut-virus-and-two-2-methods-to-get-rid-of-it/ Mein USB-Stick scheint auch wieder ok zu sein, nur bei meinem Laptop bin ich mir nicht sicher - ich glaube, das passt noch nicht, da ich einige Male im cmd-File "access denied" bekommen habe. ACHTUNG: nach eurem letzten LOG (Gmer) kann ich Avira Antivir nicht mehr einschalten! Ich habe zwei Fotos gemacht, eines vom Aussehen des Explorers mit seinen Shortcuts und eines von der Fehlermeldung beim Einschalten von Avira Antivier: https://plus.google.com/photos/115128392581057048821/albums/6152550836645109201?banner=pwa Hier nun meine Logs, die ich nach eurer Anleitung erstellt habe - vielen Dank für etwaige Hilfe und Entschuldigung, falls ich nicht immer gleich reagiere - ich lebe momentan in Guatemala = 8 Stunden Zeitverschiebung. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:21 on 24/05/2015 (eva)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
Ran by eva (administrator) on ULLI-PC on 24-05-2015 14:25:05
Running from C:\Users\eva\Desktop
Loaded Profiles: eva & (Available Profiles: eva)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\DptfParticipantProcessorService.exe
() C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
() C:\Users\eva\Desktop\HFV.exe
() C:\Users\eva\Desktop\HFV.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-27] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2013-09-09] (Research In Motion Limited)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1533728 2015-02-13] (Seagate Technology LLC)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EPSON_UD_START] => C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UD.exe [536168 2013-05-31] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\Run: [B497FBE558A0E8CF98F7051B1D4699A80CF8D4D0._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-13] (Google Inc.)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-02-13] (Seagate Technology LLC)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\CurrentVersion\Windows: [Load] C:\ProgramData\msqcmfnsm.exe <===== ATTENTION
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\MountPoints2: {9fb8d0ea-fb3a-11e4-bed1-c4850836bb94} - "E:\EMP_UDSe.exe" /autorun
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [B497FBE558A0E8CF98F7051B1D4699A80CF8D4D0._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-13] (Google Inc.)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-02-13] (Seagate Technology LLC)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\CurrentVersion\Windows: [Load] C:\ProgramData\msqcmfnsm.exe <===== ATTENTION
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {9fb8d0ea-fb3a-11e4-bed1-c4850836bb94} - "E:\EMP_UDSe.exe" /autorun
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File not found
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2015-04-08] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [175880 2015-04-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [154256 2015-04-08] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2012-10-08]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-12-30]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2014-03-24]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\S-1-5-21-964893997-1847190727-3478051664-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-05-06] (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2012-11-04] (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553571000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
FireFox:
========
FF ProfilePath: C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\4qvbq2lp.default
FF SelectedSearchEngine:
FF Homepage: hxxp://www.portal.at/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2014-12-12] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll [2014-12-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-05-06] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2013-11-06] ()
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2012-12-03] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\4qvbq2lp.default\user.js [2014-01-16]
FF Extension: anonymoX - C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\4qvbq2lp.default\Extensions\client@anonymox.net.xpi [2013-06-25]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-12-30]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-06-24]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
Chrome:
=======
CHR Profile: C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-24]
CHR Extension: (Google Drive) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-24]
CHR Extension: (YouTube) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-24]
CHR Extension: (GeoGebra) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2015-04-08]
CHR Extension: (Google Search) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-24]
CHR Extension: (Logitech SetPoint) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2014-08-24]
CHR Extension: (Bookmark Manager) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-24]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-08-24]
CHR Extension: (Bitdefender QuickScan) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-12-11]
CHR Extension: (Gmail) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-24]
CHR HKU\S-1-5-21-964893997-1847190727-3478051664-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-12-30]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-19] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-09-09] (Research In Motion Limited) []
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [29056 2012-07-30] ()
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [30592 2012-07-30] ()
R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe [157696 2013-05-31] (SEIKO EPSON CORPORATION) []
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) []
R2 HPSIService; C:\Windows\system32\HPSIsvc.exe [120832 2011-08-04] (HP) []
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) []
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) []
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) []
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-13] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-02-13] (Seagate Technology LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-10] (Avira Operations GmbH & Co. KG)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [111104 2015-01-15] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
R3 eppvad_simple; C:\Windows\system32\drivers\EMP_UDAU.sys [23040 2013-05-31] (SEIKO EPSON CORPORATION)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-06-27] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-24 14:25 - 2015-05-24 14:25 - 00031619 _____ () C:\Users\eva\Desktop\FRST.txt
2015-05-24 14:24 - 2015-05-24 14:25 - 00000000 ____D () C:\FRST
2015-05-24 14:23 - 2015-05-24 14:23 - 02108416 _____ (Farbar) C:\Users\eva\Desktop\FRST64.exe
2015-05-24 14:21 - 2015-05-24 14:21 - 00000468 _____ () C:\Users\eva\Desktop\defogger_disable.log
2015-05-24 14:21 - 2015-05-24 14:21 - 00000000 _____ () C:\Users\eva\defogger_reenable
2015-05-24 14:19 - 2015-05-24 14:19 - 00050477 _____ () C:\Users\eva\Desktop\Defogger.exe
2015-05-24 13:14 - 2015-05-24 13:15 - 00003342 ____N () C:\Users\eva\Desktop\ShortcutVirusRemover.bat
2015-05-24 13:01 - 2015-05-24 13:25 - 00000094 ____N () C:\Users\eva\Desktop\removevirus.bat
2015-05-24 09:08 - 2015-05-24 09:08 - 00000320 _____ () C:\WINDOWS\SysWOW64\win_hcleaner.ini
2015-05-24 09:07 - 2015-05-24 09:07 - 00706893 ____N () C:\Users\eva\Desktop\HFV.exe
2015-05-24 06:25 - 2015-05-24 06:25 - 00000000 ____D () C:\Users\eva\Desktop\Heuriger 2015
2015-05-23 23:09 - 2015-05-23 23:09 - 00003700 ____N () C:\WINDOWS\System32\Tasks\eva Merge
2015-05-23 23:09 - 2015-05-23 23:09 - 00003684 ____N () C:\WINDOWS\System32\Tasks\eva
2015-05-23 23:06 - 2015-05-23 23:06 - 00000000 ____D () C:\WINDOWS\LastGood
2015-05-22 07:03 - 2015-05-22 07:03 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard
2015-05-22 07:01 - 2015-05-22 07:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Projector
2015-05-22 07:01 - 2015-05-22 07:01 - 00000000 ____D () C:\Program Files (x86)\EPSON Projector
2015-05-22 07:01 - 2013-05-31 16:33 - 00023040 ____N (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\Drivers\EMP_UDAU.sys
2015-05-22 06:55 - 2015-05-22 06:55 - 00000000 ____N () C:\WINDOWS\system32\Drivers\Msft_Kernel_ax88772_01011.Wdf
2015-05-18 17:43 - 2015-05-18 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia
2015-05-18 17:43 - 2015-05-18 17:43 - 00000000 ____D () C:\ProgramData\Macromedia
2015-05-18 17:43 - 2015-05-18 17:43 - 00000000 ____D () C:\Program Files (x86)\Macromedia
2015-05-18 17:41 - 2015-05-18 17:41 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2015-05-18 17:39 - 2015-05-18 17:56 - 00000000 ____D () C:\Users\eva\Desktop\Macromedia 8
2015-05-16 19:05 - 2015-05-16 19:05 - 00000000 ____D () C:\Users\eva\Documents\ASUS
2015-05-16 19:05 - 2015-05-16 19:05 - 00000000 ____D () C:\ProgramData\ASUS
2015-05-09 13:08 - 2015-05-09 13:08 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2015-05-09 13:08 - 2015-05-09 13:08 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-24 14:21 - 2014-01-14 01:48 - 00000000 ____D () C:\Users\eva
2015-05-24 14:12 - 2013-05-28 20:06 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-24 14:02 - 2012-12-30 13:46 - 00000350 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2015-05-24 14:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-24 13:01 - 2013-11-14 01:28 - 00863592 ____N () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-24 11:46 - 2012-12-15 19:29 - 00003598 ____N () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-964893997-1847190727-3478051664-1002
2015-05-24 10:57 - 2014-01-14 01:43 - 01553697 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-24 10:16 - 2014-08-26 06:54 - 00136408 ____N (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-24 06:20 - 2013-08-22 08:46 - 00388858 _____ () C:\WINDOWS\setupact.log
2015-05-24 06:19 - 2015-02-10 19:43 - 00000000 ____D () C:\Users\eva\Desktop\div_sticks
2015-05-23 23:08 - 2015-01-16 14:49 - 00003480 ____N () C:\WINDOWS\System32\Tasks\eva DBAgent 2 0
2015-05-23 23:07 - 2015-04-08 18:41 - 00000000 ____D () C:\Users\eva\Google Drive
2015-05-23 23:07 - 2014-01-14 05:26 - 00000000 ___DO () C:\Users\eva\SkyDrive
2015-05-23 23:07 - 2013-05-28 20:06 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-23 23:05 - 2015-04-19 08:47 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-05-23 23:05 - 2015-04-19 08:47 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-05-23 23:05 - 2013-11-14 01:20 - 00236396 _____ () C:\WINDOWS\PFRO.log
2015-05-23 23:05 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-23 23:05 - 2013-08-22 08:44 - 00492528 ____N () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-23 23:04 - 2013-08-22 07:25 - 01048576 _____ () C:\WINDOWS\system32\config\BBI
2015-05-23 20:50 - 2014-08-26 06:54 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-23 20:50 - 2014-08-26 06:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-23 20:50 - 2014-08-26 06:53 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-05-23 19:47 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-23 17:10 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-05-22 06:54 - 2015-04-19 08:45 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2015-05-21 20:34 - 2012-08-04 19:42 - 03497316 _____ () C:\WINDOWS\AsDebug.log
2015-05-21 20:34 - 2012-08-04 19:42 - 00573596 _____ () C:\WINDOWS\AsCDProc.log
2015-05-21 19:47 - 2013-01-07 21:43 - 00123256 ____N () C:\Users\eva\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-20 18:40 - 2013-05-15 06:40 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-19 15:49 - 2014-04-01 07:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-19 15:47 - 2013-03-31 10:07 - 00152744 ____N (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-05-19 15:47 - 2013-03-31 10:07 - 00132120 ____N (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-05-18 17:50 - 2012-12-15 20:00 - 00000000 ____D () C:\Users\eva\AppData\Roaming\Macromedia
2015-05-17 20:07 - 2013-05-28 20:06 - 00003894 ____N () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 20:07 - 2013-05-28 20:06 - 00003658 ____N () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-17 17:32 - 2013-01-09 20:43 - 00000000 ____D () C:\Users\Public\Documents\Personalvertretung
2015-05-16 19:05 - 2012-12-15 19:19 - 00000000 ____D () C:\Users\eva\AppData\Local\ASUS
2015-05-09 13:09 - 2015-04-08 18:39 - 00002060 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-05-09 13:09 - 2015-04-08 18:39 - 00002058 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-05-09 13:09 - 2015-04-08 18:39 - 00002048 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-05-09 13:09 - 2015-04-08 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-06 14:07 - 2015-02-02 14:07 - 00000338 _____ () C:\WINDOWS\Tasks\SuperEasyDriverUpdater_UPDATES.job
2015-05-03 19:39 - 2012-12-30 11:25 - 00000000 ____D () C:\Users\eva\AppData\Roaming\HpUpdate
==================== Files in the root of some directories =======
2013-01-02 20:14 - 2013-01-02 20:14 - 0000021 ____N () C:\Users\eva\AppData\Roaming\my_intel.sys
2013-09-06 20:07 - 2014-06-02 11:21 - 0001001 ____N () C:\Users\eva\AppData\Roaming\Rim.Desktop.Exception.log
2013-09-06 20:06 - 2013-09-06 20:06 - 0001092 ____N () C:\Users\eva\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-09-06 20:07 - 2014-06-02 11:21 - 0001001 ____N () C:\Users\eva\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-12-15 19:22 - 2015-04-05 15:20 - 0000401 ____N () C:\Users\eva\AppData\Roaming\sp_data.sys
2014-10-04 23:41 - 2014-10-04 23:41 - 0004634 ____N () C:\Users\eva\AppData\Local\recently-used.xbel
2012-12-30 13:37 - 2014-09-23 20:10 - 0005807 _____ () C:\ProgramData\hpzinstall.log
2014-12-26 10:17 - 2014-10-28 19:52 - 98635776 ____N (Linoma Software) C:\ProgramData\msqcmfnsm.exe
2012-08-04 19:42 - 2012-07-30 00:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-04 19:42 - 2009-07-22 04:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
Files to move or delete:
====================
C:\ProgramData\msqcmfnsm.exe
C:\ProgramData\SetStretch.exe
Some files in TEMP:
====================
C:\Users\eva\AppData\Local\Temp\5e015ba4-1ce8-44f6-aa10-3710366e46ae.setup.exe
C:\Users\eva\AppData\Local\Temp\avgnt.exe
C:\Users\eva\AppData\Local\Temp\cdo3012836724.dll
C:\Users\eva\AppData\Local\Temp\cdo3469322610.dll
C:\Users\eva\AppData\Local\Temp\cdo3566297938.dll
C:\Users\eva\AppData\Local\Temp\cdo397585490.dll
C:\Users\eva\AppData\Local\Temp\FileSystemView.dll
C:\Users\eva\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\eva\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\eva\AppData\Local\Temp\setup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-23 23:56
==================== End of log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
Ran by eva at 2015-05-24 14:25:54
Running from C:\Users\eva\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-964893997-1847190727-3478051664-500 - Administrator - Disabled)
eva (S-1-5-21-964893997-1847190727-3478051664-1002 - Administrator - Enabled) => C:\Users\eva
Guest (S-1-5-21-964893997-1847190727-3478051664-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research in Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research in Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM-x32\...\{334147DC-B3C8-4626-A985-4AEA8A36DAB6}) (Version: 8.0.0.41 - Research In Motion Ltd)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CoffeeCup Free HTML Editor (HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\CoffeeCup Free HTML Editor) (Version: - )
CoffeeCup Free HTML Editor (HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\CoffeeCup Free HTML Editor) (Version: - )
D110 (x32 Version: 140.0.353.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
Epson USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.62.000 - SEIKO EPSON CORPORATION)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GeoGebra (HKLM-x32\...\GeoGebra) (Version: 4.0.30.0 - International GeoGebra Institute)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP LaserJet Professional CP1020 Series (HKLM-x32\...\{F2918DE9-8F79-44c8-85D8-CAD1245B95D3}) (Version: - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP Photo Creations Powered by RocketLife)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{A5E2418D-B360-419D-AAAD-0D8F2E98FBF6}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPLaserJetHelp_LearnCenter (HKLM-x32\...\{66012C7F-D4FD-4C8D-8FBA-D0A680B1C149}) (Version: 1.02.0000 - Hewlett-Packard)
HPLJUT (x32 Version: 1.00.0012 - HP) Hidden
hppCP1020LaserJetService (x32 Version: 001.008.00477 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 002.015.00599 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: - )
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Logitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech)
Macromedia Dreamweaver 8 (HKLM-x32\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (Version: 8.0.0.2734 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.365.000 - Hewlett-Packard) Hidden
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6710 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.0.1902.0 - Seagate)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - )
SUPER © Version 2010.bld.37 (Jan 2, 2010) (HKLM-x32\...\SUPER ©) (Version: Version 2010.bld.37 (Jan 2, 2010) - eRightSoft)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
04-05-2015 20:11:22 Scheduled Checkpoint
13-05-2015 17:43:42 Scheduled Checkpoint
18-05-2015 17:43:07 Installed Macromedia Dreamweaver 8
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {023417BE-10B3-4661-BD22-B8CF42195E3C} - System32\Tasks\{AB276CEB-C1A2-4370-99E9-903C8E7626F1} => Chrome.exe hxxp://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsMain
Task: {036BBF42-E7E6-4608-A51C-2BFD0973F31F} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-02-13] (Seagate Technology LLC)
Task: {04D3D92E-0BDE-45CB-9121-030F9E2A28F6} - System32\Tasks\{0E7401C2-FC9C-41EB-8F4D-27299929021B} => pcalua.exe -a C:\Users\eva\AppData\Local\BeamriseUninstall\Bootstrapper{1.4BR2gpTP.100}.exe -c uninstall –slot=1 –bagKey=yikAakHwZJ8U
Task: {11F247F4-96AE-42BC-AC9C-D0EA67929A1C} - System32\Tasks\SuperEasyDriverUpdaterRunAtStartup => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe
Task: {18E683ED-5BC5-4276-AB05-6D1EB05A0B5F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1D189FBA-F98A-4916-B000-CCE4E9337DCA} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {23131080-1C79-41EA-8A08-0CDFFDB01746} - System32\Tasks\eva Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-02-13] (Seagate Technology LLC)
Task: {245749BD-F7E4-4E88-9E8F-F8AD903DCEDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28] (Google Inc.)
Task: {35656B35-E85E-4C6A-9B8D-5EC52D675717} - System32\Tasks\eva => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-02-13] (Seagate Technology LLC)
Task: {42DBDD1E-4E71-4A40-B3E9-EA0FE0E7E87C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {5634D503-D8D5-4A9F-8C32-6B892A801A72} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {5AE3412E-FE4F-4321-9757-2564CB7BB64B} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22] (Hewlett Packard)
Task: {60F4703E-DEC6-415F-9332-D7F342331CE8} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {66ECB3A6-E689-424E-8C2A-A59EAADE18C6} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {706EF7A2-97FB-416C-A1DC-4FAB69D9C5CE} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2012-12-30] ()
Task: {8876534E-C15B-4F96-991D-8D05A6ADDF35} - System32\Tasks\eva DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2015-02-13] (Seagate Technology LLC)
Task: {8B2368B4-6ABD-4F21-909D-A0996E083497} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28] (Google Inc.)
Task: {8BCE6D0F-FFC3-4D84-87B2-DB3B19E62F7E} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {8FFF57FB-7441-4151-9599-D9BB58C58C95} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {98594AE4-B71D-45C6-9755-4CA12EFD2519} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {9BDDAB86-5729-4122-AE5B-209977814EDD} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {A72EB1D4-0D6B-497D-B8C7-A8C125929275} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {BC3C2220-EDBD-4A5F-814B-F6D3753B57DE} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {C41A826B-0CD1-4A6E-A06F-E8CE4A1D08E7} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {CA563CBE-3913-4085-B26B-F7E803503895} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {CDC0FE9F-6CB9-4A2E-B92A-23840B25F391} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {E419F02F-4791-4CFC-8C44-8E3B2236F936} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {E6BD8F1F-8383-4A8D-BF0A-FAE5F031BA8B} - System32\Tasks\SuperEasyDriverUpdater_UPDATES => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\WINDOWS\Tasks\SuperEasyDriverUpdater_UPDATES.job => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe
==================== Loaded Modules (Whitelisted) ==============
2014-01-14 01:43 - 2015-04-08 15:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-12-24 06:53 - 2012-12-24 06:53 - 00129024 ____N () C:\WINDOWS\System32\HPCP1020LM.DLL
2012-08-30 01:35 - 2012-07-30 05:26 - 00029056 ____N () C:\WINDOWS\system32\DptfParticipantProcessorService.exe
2012-08-30 01:35 - 2012-07-30 05:27 - 00030592 ____N () C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe
2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-11-04 11:42 - 2012-11-04 11:42 - 00071992 _____ () C:\Program Files\Logitech\SetPointP\WinRTProxy.DLL
2012-08-30 01:33 - 2012-08-15 11:52 - 00094208 ____N () C:\Windows\System32\IccLibDll_x64.dll
2015-05-24 09:07 - 2015-05-24 09:07 - 00706893 ____N () C:\Users\eva\Desktop\HFV.exe
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-08 04:34 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-05-22 12:14 - 2015-05-13 10:48 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libglesv2.dll
2015-05-22 12:14 - 2015-05-13 10:48 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libegl.dll
2015-05-22 12:14 - 2015-05-13 10:48 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\eva\SkyDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\eva\Pictures\2013\Hawaii 0613\DSCN4234.JPG
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\eva\Pictures\2013\Hawaii 0613\DSCN4234.JPG
DNS Servers: 172.20.10.1
==================== MSCONFIG/TASK MANAGER Error getting ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "AsusVibeLauncher.lnk"
HKLM\...\StartupApproved\Run: => "ACMON"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "DBAgent"
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\StartupApproved\Run: => "Uploader"
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Uploader"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D8DAD5D1-1F06-4852-BB73-7B4278961884}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{3EACD543-70F3-4831-8C2A-A380D71DDC7E}] => (Allow) LPort=4482
FirewallRules: [{9D23796F-42F7-4D51-A623-9ADB51FD7F94}] => (Allow) LPort=4482
FirewallRules: [{B50E7D48-D4A5-430C-BAA2-EA6E3548AEEE}] => (Allow) LPort=4481
FirewallRules: [{4EFF1B9B-0D5A-4DA5-9858-15F30BDECB06}] => (Allow) LPort=4481
FirewallRules: [{D1D4F05A-9B5E-4254-A67A-9EDBA99DD92B}] => (Allow) C:\Program Files (x86)\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{B3275FE2-402E-4974-9F15-DF7FBD9392C8}] => (Allow) C:\Program Files (x86)\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{EF2F7E10-DC3E-44DD-AC06-962107218977}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{7FB06B69-0145-457B-8515-95E4D7928483}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{8379195E-12BE-415A-9270-E058B0D1855C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{B160BA9B-350A-4FC2-8466-A11CC0A637C9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{4E9632B1-8A9F-47E6-A4B7-022DC04B15B2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{9762F22F-037D-4546-8872-0D88C5F935CE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{D1D5CEDE-3A4C-45BA-AD94-52077F44A01D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{33A33B8C-30EF-4177-9261-35E4042FE61E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{EE3DB352-4315-4A5C-A829-00F796B30733}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{4331D622-2D3A-4EC7-B751-7331269EEEE8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{57A47C89-72FC-46BD-BFDB-5A8564569EBB}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\services\windows-x86-skypekit.exe
FirewallRules: [{4CD96E01-16D9-4C23-87A8-B670171E6A56}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\services\windows-x86-skypekit.exe
FirewallRules: [{291BA644-B436-4523-AF44-22CB31EC0BAC}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\windows-x86-skypekit.exe
FirewallRules: [{5762DD5A-3C03-4DB4-B103-661F078C9601}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\windows-x86-skypekit.exe
FirewallRules: [{8065A733-1D14-4A1B-B773-C3DD2B511F97}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3BEFD9F0-1099-47BC-A19D-4199F29A289A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CDF323BF-A11E-4503-A2B8-ED5296601115}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{6662D437-18BE-4DCA-96DF-5DAB086DD99A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E2B64105-2A35-44FC-9946-5DEC1FB95B60}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{51EF41A7-BAB2-4ACE-80F3-7DDD43199D4E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7A1A014E-F774-4294-8F84-CD9F4E21ACA4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CDA3D6A8-9DC3-459D-AB67-F629FA6B2862}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{68685F20-7A9E-455A-9E43-07C7E29E042D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F82D61C3-001D-4360-85AF-AF4AA8FE604B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D2DA6547-A1CB-4607-A8D7-B23ABF94D077}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{14DF9E15-01E9-4FEE-8070-5970F2696559}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{7FDE5B33-7032-495B-B7B5-CDC1706EC7D3}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{699861EE-6C4D-40DE-997F-F6C10787E2E0}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{953C0655-4803-4F56-BD0E-6C3C913A0C80}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{1A6AED7F-F488-410A-8F4D-FA4A6FDBAC8C}] => (Allow) E:\Installer\hpbcsiInstaller.exe
FirewallRules: [{B361681B-84A6-4C81-9CC7-34AB4833A203}] => (Allow) E:\Installer\hpbcsiInstaller.exe
FirewallRules: [TCP Query User{396CA64A-FEE5-4575-B62D-39F8D5FFBBFF}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{2077040E-1322-4757-AA02-686BCE692B81}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{14E60836-010F-4724-88AD-13634D3F1C52}] => (Allow) LPort=8888
FirewallRules: [{445249C1-BBAC-4BA9-ACFA-3ADF41817C57}] => (Allow) LPort=8888
FirewallRules: [{42CA0C55-D77A-4BFA-9A3F-865326466217}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP Color LaserJet CM2320nf MFP
Description: HP Color LaserJet CM2320nf MFP
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: HP LaserJet P3010 Series
Description: HP LaserJet P3010 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP LaserJet P3010 Series
Description: HP LaserJet P3010 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP LaserJet P3010 Series
Description: HP LaserJet P3010 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP LaserJet P3010 Series
Description: HP LaserJet P3010 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP LaserJet P3010 Series
Description: HP LaserJet P3010 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP LaserJet P3010 Series
Description: HP LaserJet P3010 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP LaserJet P4014
Description: HP LaserJet P4014
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP Color LaserJet CM2320nf MFP
Description: HP Color LaserJet CM2320nf MFP
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP LaserJet P4014
Description: HP LaserJet P4014
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP LaserJet P4014
Description: HP LaserJet P4014
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP LaserJet P3010 Series
Description: HP LaserJet P3010 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP LaserJet P3010 Series
Description: HP LaserJet P3010 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP LaserJet P3010 Series
Description: HP LaserJet P3010 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/24/2015 08:55:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: googledrivesync.exe, version: 1.21.9226.6034, time stamp: 0x509418e4
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c846bb
Exception code: 0xc0000005
Fault offset: 0x00041eee
Faulting process id: 0x1a6c
Faulting application start time: 0xgoogledrivesync.exe0
Faulting application path: googledrivesync.exe1
Faulting module path: googledrivesync.exe2
Report Id: googledrivesync.exe3
Faulting package full name: googledrivesync.exe4
Faulting package-relative application ID: googledrivesync.exe5
Error: (05/24/2015 08:55:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6500
Error: (05/24/2015 08:55:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6500
Error: (05/24/2015 08:55:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/24/2015 07:51:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.3.9600.17415, time stamp: 0x545045a2
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c846bb
Exception code: 0xc0000005
Fault offset: 0x00027fb3
Faulting process id: 0x1284
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5
Error: (05/24/2015 05:39:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.3.9600.17415, time stamp: 0x545045a2
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c846bb
Exception code: 0xc0000005
Fault offset: 0x00027fb3
Faulting process id: 0x104c
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5
Error: (05/24/2015 00:33:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3437
Error: (05/24/2015 00:33:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3437
Error: (05/24/2015 00:33:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/24/2015 00:33:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2328
System errors:
=============
Error: (05/24/2015 10:20:15 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: ULLI-PC)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \S-1-5-21-964893997-1847190727-3478051664-1002-1-ntuser.dat
Error: (05/24/2015 10:19:23 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: ULLI-PC)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \S-1-5-21-964893997-1847190727-3478051664-1002-0-ntuser.dat
Error: (05/23/2015 11:04:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062
Error: (05/23/2015 08:52:20 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: ULLI-PC)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \S-1-5-21-964893997-1847190727-3478051664-1002-1-ntuser.dat
Error: (05/23/2015 08:51:32 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: ULLI-PC)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \S-1-5-21-964893997-1847190727-3478051664-1002-0-ntuser.dat
Error: (05/22/2015 07:01:12 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The EMP_UDSA service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (05/21/2015 09:06:00 PM) (Source: DCOM) (EventID: 10010) (User: ULLI-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (05/21/2015 09:06:00 PM) (Source: DCOM) (EventID: 10010) (User: ULLI-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (05/17/2015 08:54:09 PM) (Source: DCOM) (EventID: 10010) (User: ULLI-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (05/17/2015 08:54:09 PM) (Source: DCOM) (EventID: 10010) (User: ULLI-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Microsoft Office:
=========================
Error: (09/07/2014 00:21:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3887 seconds with 3360 seconds of active time. This session ended with a crash.
Error: (08/06/2014 06:52:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5469 seconds with 2760 seconds of active time. This session ended with a crash.
Error: (07/02/2014 07:05:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1546 seconds with 1320 seconds of active time. This session ended with a crash.
Error: (01/27/2014 05:12:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 679 seconds with 660 seconds of active time. This session ended with a crash.
Error: (08/25/2013 00:34:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 563 seconds with 420 seconds of active time. This session ended with a crash.
Error: (05/20/2013 04:14:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1123 seconds with 360 seconds of active time. This session ended with a crash.
Error: (04/19/2013 03:13:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 34 seconds with 0 seconds of active time. This session ended with a crash.
Error: (04/19/2013 03:12:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2672 seconds with 1200 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3517U CPU @ 1.90GHz
Percentage of memory in use: 58%
Total physical RAM: 6029.56 MB
Available physical RAM: 2524.17 MB
Total Pagefile: 7181.56 MB
Available Pagefile: 3015.77 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:76.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:258.45 GB) (Free:258.33 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4F359092)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: 41B54F21)
Partition: GPT Partition Type.
==================== End of log ============================
GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-24 14:43:27
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000052 Hitachi_HTS545050A7E380 rev.GG2OA6C0 465.76GB
Running: Gmer-19357.exe; Driver: C:\Users\eva\AppData\Local\Temp\pxldapod.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff9600010fa00 15 bytes [00, 2E, F4, 01, 80, A0, 6E, ...]
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 17 fffff9600010fa11 10 bytes [5E, FC, FF, 00, BB, C7, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[628] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffde1e33e10 7 bytes JMP 00007ffee01b0260
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[628] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffde1e33e20 7 bytes JMP 00007ffee01b0298
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[628] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffde1ee39b0 7 bytes JMP 00007ffee01b0340
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[628] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffde1ee3ef0 7 bytes JMP 00007ffee01b02d0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[628] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffde1ee3fe0 7 bytes JMP 00007ffee01b0308
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[628] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffde1f106c0 7 bytes JMP 00007ffee01b01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[628] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffde1f10730 7 bytes JMP 00007ffee01b0228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[628] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffde28dd050 7 bytes JMP 00007ffee01b0500
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[628] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffde290b170 5 bytes JMP 00007ffee01b0538
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffde1e33e10 7 bytes JMP 00007ffee01b0260
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffde1e33e20 7 bytes JMP 00007ffee01b0298
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffde1ee39b0 7 bytes JMP 00007ffee01b0340
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffde1ee3ef0 7 bytes JMP 00007ffee01b02d0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffde1ee3fe0 7 bytes JMP 00007ffee01b0308
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffde1f106c0 7 bytes JMP 00007ffee01b01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffde1f10730 7 bytes JMP 00007ffee01b0228
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffde01c21d0 5 bytes JMP 00007ffee01b0180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffde01c29d0 7 bytes JMP 00007ffee01b00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffde01c4310 5 bytes JMP 00007ffee01b0110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffde01c8d80 5 bytes JMP 00007ffee01b0148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffde023f0b0 5 bytes JMP 00007ffee01b01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffde2676d90 1 byte JMP 00007ffee01b0420
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffde2676d92 8 bytes {JMP 0xfffffffffdb39690}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffde26874a0 5 bytes JMP 00007ffee01b03e8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffde2687560 9 bytes JMP 00007ffee01b0378
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffde2687730 5 bytes JMP 00007ffee01b0458
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffde2696b10 5 bytes JMP 00007ffee01b03b0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffde1f71500 1 byte JMP 00007ffee01b0490
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffde1f71502 6 bytes {JMP 0xfffffffffe23ef90}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffde1f71750 8 bytes JMP 00007ffee01b04c8
.text C:\Windows\System32\igfxpers.exe[3560] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffde1e33e10 7 bytes JMP 00007ffee01b0260
.text C:\Windows\System32\igfxpers.exe[3560] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffde1e33e20 7 bytes JMP 00007ffee01b0298
.text C:\Windows\System32\igfxpers.exe[3560] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffde1ee39b0 7 bytes JMP 00007ffee01b0340
.text C:\Windows\System32\igfxpers.exe[3560] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffde1ee3ef0 7 bytes JMP 00007ffee01b02d0
.text C:\Windows\System32\igfxpers.exe[3560] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffde1ee3fe0 7 bytes JMP 00007ffee01b0308
.text C:\Windows\System32\igfxpers.exe[3560] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffde1f106c0 7 bytes JMP 00007ffee01b01f0
.text C:\Windows\System32\igfxpers.exe[3560] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffde1f10730 7 bytes JMP 00007ffee01b0228
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [732:764] fffff9600099f2d0
Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [5116:6824] 00007ffdd0fc3e0c
Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [5116:7096] 00007ffdcec9f5f8
Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [5116:5024] 00007ffdd0fc3e0c
Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [5116:7408] 00007ffdceb3bc60
Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [5116:5648] 00007ffdd0fc3e0c
Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [5116:7456] 00007ffdcec2cfb8
Thread C:\WINDOWS\SysWOW64\msiexec.exe [6872:7108] 000000007e94392e
Thread C:\WINDOWS\syswow64\wwahost.exe [4780:7384] 000000005fe250e0
Thread C:\WINDOWS\syswow64\wwahost.exe [4780:7748] 00000000747e4ad0
Thread C:\WINDOWS\syswow64\wwahost.exe [4780:496] 00000000747e5850
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Geändert von eva_mariee (24.05.2015 um 22:28 Uhr) |
| Themen zu Windows 8: Ordner werden als shortcut angezeigt, tlw. auch USB-Sticks |
| access denied, adware.browsefox.bs, antivirus, computer, entfernen, fehlercode 0xc0000005, fehlercode 22, fehlercode 28, fehlercode 31, flash player, generic.js.blackhole, homepage, internet, mobogenie, mobogenie entfernen, registry, required, software, this device is disabled. (code 22), win32/systweak.r, win32/trojandownloader.wauchos.ak, win32/trojaner.downloader.wauchos |
Baum-Darstellung