| |
| |||||||
Log-Analyse und Auswertung: Windows 8: Ordner werden als shortcut angezeigt, tlw. auch USB-SticksWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.05.2015, 22:08
| #1 |
 |  Windows 8: Ordner werden als shortcut angezeigt, tlw. auch USB-Sticks Guten Tag, liebe Helfer! Letzen Montag ist mir das erstemal an einem fremden PC aufgefallen, dass mein USB-Stick als Shortcut angezeigt wurde. Leider habe ich ihn angeklickt und dann auch am eigenen Laptop noch verwendet  Ich habe mich dann gestern im Internet schlau gemacht und einiges zu einem Shortcut Virus gefunden. Ich habe dann nach dieser Anleitung versucht den Schaden zu beheben: hxxp://www.techchore.com/flashdrive-shortcut-virus-and-two-2-methods-to-get-rid-of-it/ Mein USB-Stick scheint auch wieder ok zu sein, nur bei meinem Laptop bin ich mir nicht sicher - ich glaube, das passt noch nicht, da ich einige Male im cmd-File "access denied" bekommen habe. ACHTUNG: nach eurem letzten LOG (Gmer) kann ich Avira Antivir nicht mehr einschalten! Ich habe zwei Fotos gemacht, eines vom Aussehen des Explorers mit seinen Shortcuts und eines von der Fehlermeldung beim Einschalten von Avira Antivier: https://plus.google.com/photos/115128392581057048821/albums/6152550836645109201?banner=pwa Hier nun meine Logs, die ich nach eurer Anleitung erstellt habe - vielen Dank für etwaige Hilfe und Entschuldigung, falls ich nicht immer gleich reagiere - ich lebe momentan in Guatemala = 8 Stunden Zeitverschiebung. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:21 on 24/05/2015 (eva)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
Ran by eva (administrator) on ULLI-PC on 24-05-2015 14:25:05
Running from C:\Users\eva\Desktop
Loaded Profiles: eva & (Available Profiles: eva)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\DptfParticipantProcessorService.exe
() C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
() C:\Users\eva\Desktop\HFV.exe
() C:\Users\eva\Desktop\HFV.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-27] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2013-09-09] (Research In Motion Limited)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1533728 2015-02-13] (Seagate Technology LLC)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EPSON_UD_START] => C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UD.exe [536168 2013-05-31] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\Run: [B497FBE558A0E8CF98F7051B1D4699A80CF8D4D0._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-13] (Google Inc.)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-02-13] (Seagate Technology LLC)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\CurrentVersion\Windows: [Load] C:\ProgramData\msqcmfnsm.exe <===== ATTENTION
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\MountPoints2: {9fb8d0ea-fb3a-11e4-bed1-c4850836bb94} - "E:\EMP_UDSe.exe" /autorun
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [B497FBE558A0E8CF98F7051B1D4699A80CF8D4D0._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-13] (Google Inc.)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-02-13] (Seagate Technology LLC)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\CurrentVersion\Windows: [Load] C:\ProgramData\msqcmfnsm.exe <===== ATTENTION
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {9fb8d0ea-fb3a-11e4-bed1-c4850836bb94} - "E:\EMP_UDSe.exe" /autorun
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File not found
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2015-04-08] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [175880 2015-04-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [154256 2015-04-08] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2012-10-08]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-12-30]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2014-03-24]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\S-1-5-21-964893997-1847190727-3478051664-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-05-06] (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2012-11-04] (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553571000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
FireFox:
========
FF ProfilePath: C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\4qvbq2lp.default
FF SelectedSearchEngine:
FF Homepage: hxxp://www.portal.at/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2014-12-12] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll [2014-12-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-05-06] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2013-11-06] ()
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2012-12-03] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\4qvbq2lp.default\user.js [2014-01-16]
FF Extension: anonymoX - C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\4qvbq2lp.default\Extensions\client@anonymox.net.xpi [2013-06-25]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-12-30]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-06-24]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
Chrome:
=======
CHR Profile: C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-24]
CHR Extension: (Google Drive) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-24]
CHR Extension: (YouTube) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-24]
CHR Extension: (GeoGebra) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2015-04-08]
CHR Extension: (Google Search) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-24]
CHR Extension: (Logitech SetPoint) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2014-08-24]
CHR Extension: (Bookmark Manager) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-24]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-08-24]
CHR Extension: (Bitdefender QuickScan) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-12-11]
CHR Extension: (Gmail) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-24]
CHR HKU\S-1-5-21-964893997-1847190727-3478051664-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-12-30]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-19] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-09-09] (Research In Motion Limited) []
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [29056 2012-07-30] ()
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [30592 2012-07-30] ()
R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe [157696 2013-05-31] (SEIKO EPSON CORPORATION) []
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) []
R2 HPSIService; C:\Windows\system32\HPSIsvc.exe [120832 2011-08-04] (HP) []
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) []
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) []
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) []
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-13] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-02-13] (Seagate Technology LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-10] (Avira Operations GmbH & Co. KG)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [111104 2015-01-15] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
R3 eppvad_simple; C:\Windows\system32\drivers\EMP_UDAU.sys [23040 2013-05-31] (SEIKO EPSON CORPORATION)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-06-27] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-24 14:25 - 2015-05-24 14:25 - 00031619 _____ () C:\Users\eva\Desktop\FRST.txt
2015-05-24 14:24 - 2015-05-24 14:25 - 00000000 ____D () C:\FRST
2015-05-24 14:23 - 2015-05-24 14:23 - 02108416 _____ (Farbar) C:\Users\eva\Desktop\FRST64.exe
2015-05-24 14:21 - 2015-05-24 14:21 - 00000468 _____ () C:\Users\eva\Desktop\defogger_disable.log
2015-05-24 14:21 - 2015-05-24 14:21 - 00000000 _____ () C:\Users\eva\defogger_reenable
2015-05-24 14:19 - 2015-05-24 14:19 - 00050477 _____ () C:\Users\eva\Desktop\Defogger.exe
2015-05-24 13:14 - 2015-05-24 13:15 - 00003342 ____N () C:\Users\eva\Desktop\ShortcutVirusRemover.bat
2015-05-24 13:01 - 2015-05-24 13:25 - 00000094 ____N () C:\Users\eva\Desktop\removevirus.bat
2015-05-24 09:08 - 2015-05-24 09:08 - 00000320 _____ () C:\WINDOWS\SysWOW64\win_hcleaner.ini
2015-05-24 09:07 - 2015-05-24 09:07 - 00706893 ____N () C:\Users\eva\Desktop\HFV.exe
2015-05-24 06:25 - 2015-05-24 06:25 - 00000000 ____D () C:\Users\eva\Desktop\Heuriger 2015
2015-05-23 23:09 - 2015-05-23 23:09 - 00003700 ____N () C:\WINDOWS\System32\Tasks\eva Merge
2015-05-23 23:09 - 2015-05-23 23:09 - 00003684 ____N () C:\WINDOWS\System32\Tasks\eva
2015-05-23 23:06 - 2015-05-23 23:06 - 00000000 ____D () C:\WINDOWS\LastGood
2015-05-22 07:03 - 2015-05-22 07:03 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard
2015-05-22 07:01 - 2015-05-22 07:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Projector
2015-05-22 07:01 - 2015-05-22 07:01 - 00000000 ____D () C:\Program Files (x86)\EPSON Projector
2015-05-22 07:01 - 2013-05-31 16:33 - 00023040 ____N (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\Drivers\EMP_UDAU.sys
2015-05-22 06:55 - 2015-05-22 06:55 - 00000000 ____N () C:\WINDOWS\system32\Drivers\Msft_Kernel_ax88772_01011.Wdf
2015-05-18 17:43 - 2015-05-18 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia
2015-05-18 17:43 - 2015-05-18 17:43 - 00000000 ____D () C:\ProgramData\Macromedia
2015-05-18 17:43 - 2015-05-18 17:43 - 00000000 ____D () C:\Program Files (x86)\Macromedia
2015-05-18 17:41 - 2015-05-18 17:41 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2015-05-18 17:39 - 2015-05-18 17:56 - 00000000 ____D () C:\Users\eva\Desktop\Macromedia 8
2015-05-16 19:05 - 2015-05-16 19:05 - 00000000 ____D () C:\Users\eva\Documents\ASUS
2015-05-16 19:05 - 2015-05-16 19:05 - 00000000 ____D () C:\ProgramData\ASUS
2015-05-09 13:08 - 2015-05-09 13:08 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2015-05-09 13:08 - 2015-05-09 13:08 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-24 14:21 - 2014-01-14 01:48 - 00000000 ____D () C:\Users\eva
2015-05-24 14:12 - 2013-05-28 20:06 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-24 14:02 - 2012-12-30 13:46 - 00000350 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2015-05-24 14:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-24 13:01 - 2013-11-14 01:28 - 00863592 ____N () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-24 11:46 - 2012-12-15 19:29 - 00003598 ____N () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-964893997-1847190727-3478051664-1002
2015-05-24 10:57 - 2014-01-14 01:43 - 01553697 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-24 10:16 - 2014-08-26 06:54 - 00136408 ____N (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-24 06:20 - 2013-08-22 08:46 - 00388858 _____ () C:\WINDOWS\setupact.log
2015-05-24 06:19 - 2015-02-10 19:43 - 00000000 ____D () C:\Users\eva\Desktop\div_sticks
2015-05-23 23:08 - 2015-01-16 14:49 - 00003480 ____N () C:\WINDOWS\System32\Tasks\eva DBAgent 2 0
2015-05-23 23:07 - 2015-04-08 18:41 - 00000000 ____D () C:\Users\eva\Google Drive
2015-05-23 23:07 - 2014-01-14 05:26 - 00000000 ___DO () C:\Users\eva\SkyDrive
2015-05-23 23:07 - 2013-05-28 20:06 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-23 23:05 - 2015-04-19 08:47 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-05-23 23:05 - 2015-04-19 08:47 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-05-23 23:05 - 2013-11-14 01:20 - 00236396 _____ () C:\WINDOWS\PFRO.log
2015-05-23 23:05 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-23 23:05 - 2013-08-22 08:44 - 00492528 ____N () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-23 23:04 - 2013-08-22 07:25 - 01048576 _____ () C:\WINDOWS\system32\config\BBI
2015-05-23 20:50 - 2014-08-26 06:54 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-23 20:50 - 2014-08-26 06:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-23 20:50 - 2014-08-26 06:53 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-05-23 19:47 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-23 17:10 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-05-22 06:54 - 2015-04-19 08:45 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2015-05-21 20:34 - 2012-08-04 19:42 - 03497316 _____ () C:\WINDOWS\AsDebug.log
2015-05-21 20:34 - 2012-08-04 19:42 - 00573596 _____ () C:\WINDOWS\AsCDProc.log
2015-05-21 19:47 - 2013-01-07 21:43 - 00123256 ____N () C:\Users\eva\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-20 18:40 - 2013-05-15 06:40 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-19 15:49 - 2014-04-01 07:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-19 15:47 - 2013-03-31 10:07 - 00152744 ____N (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-05-19 15:47 - 2013-03-31 10:07 - 00132120 ____N (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-05-18 17:50 - 2012-12-15 20:00 - 00000000 ____D () C:\Users\eva\AppData\Roaming\Macromedia
2015-05-17 20:07 - 2013-05-28 20:06 - 00003894 ____N () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 20:07 - 2013-05-28 20:06 - 00003658 ____N () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-17 17:32 - 2013-01-09 20:43 - 00000000 ____D () C:\Users\Public\Documents\Personalvertretung
2015-05-16 19:05 - 2012-12-15 19:19 - 00000000 ____D () C:\Users\eva\AppData\Local\ASUS
2015-05-09 13:09 - 2015-04-08 18:39 - 00002060 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-05-09 13:09 - 2015-04-08 18:39 - 00002058 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-05-09 13:09 - 2015-04-08 18:39 - 00002048 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-05-09 13:09 - 2015-04-08 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-06 14:07 - 2015-02-02 14:07 - 00000338 _____ () C:\WINDOWS\Tasks\SuperEasyDriverUpdater_UPDATES.job
2015-05-03 19:39 - 2012-12-30 11:25 - 00000000 ____D () C:\Users\eva\AppData\Roaming\HpUpdate
==================== Files in the root of some directories =======
2013-01-02 20:14 - 2013-01-02 20:14 - 0000021 ____N () C:\Users\eva\AppData\Roaming\my_intel.sys
2013-09-06 20:07 - 2014-06-02 11:21 - 0001001 ____N () C:\Users\eva\AppData\Roaming\Rim.Desktop.Exception.log
2013-09-06 20:06 - 2013-09-06 20:06 - 0001092 ____N () C:\Users\eva\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-09-06 20:07 - 2014-06-02 11:21 - 0001001 ____N () C:\Users\eva\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-12-15 19:22 - 2015-04-05 15:20 - 0000401 ____N () C:\Users\eva\AppData\Roaming\sp_data.sys
2014-10-04 23:41 - 2014-10-04 23:41 - 0004634 ____N () C:\Users\eva\AppData\Local\recently-used.xbel
2012-12-30 13:37 - 2014-09-23 20:10 - 0005807 _____ () C:\ProgramData\hpzinstall.log
2014-12-26 10:17 - 2014-10-28 19:52 - 98635776 ____N (Linoma Software) C:\ProgramData\msqcmfnsm.exe
2012-08-04 19:42 - 2012-07-30 00:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-04 19:42 - 2009-07-22 04:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
Files to move or delete:
====================
C:\ProgramData\msqcmfnsm.exe
C:\ProgramData\SetStretch.exe
Some files in TEMP:
====================
C:\Users\eva\AppData\Local\Temp\5e015ba4-1ce8-44f6-aa10-3710366e46ae.setup.exe
C:\Users\eva\AppData\Local\Temp\avgnt.exe
C:\Users\eva\AppData\Local\Temp\cdo3012836724.dll
C:\Users\eva\AppData\Local\Temp\cdo3469322610.dll
C:\Users\eva\AppData\Local\Temp\cdo3566297938.dll
C:\Users\eva\AppData\Local\Temp\cdo397585490.dll
C:\Users\eva\AppData\Local\Temp\FileSystemView.dll
C:\Users\eva\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\eva\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\eva\AppData\Local\Temp\setup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-23 23:56
==================== End of log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
Ran by eva at 2015-05-24 14:25:54
Running from C:\Users\eva\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-964893997-1847190727-3478051664-500 - Administrator - Disabled)
eva (S-1-5-21-964893997-1847190727-3478051664-1002 - Administrator - Enabled) => C:\Users\eva
Guest (S-1-5-21-964893997-1847190727-3478051664-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research in Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research in Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM-x32\...\{334147DC-B3C8-4626-A985-4AEA8A36DAB6}) (Version: 8.0.0.41 - Research In Motion Ltd)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CoffeeCup Free HTML Editor (HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\CoffeeCup Free HTML Editor) (Version: - )
CoffeeCup Free HTML Editor (HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\CoffeeCup Free HTML Editor) (Version: - )
D110 (x32 Version: 140.0.353.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
Epson USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.62.000 - SEIKO EPSON CORPORATION)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GeoGebra (HKLM-x32\...\GeoGebra) (Version: 4.0.30.0 - International GeoGebra Institute)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP LaserJet Professional CP1020 Series (HKLM-x32\...\{F2918DE9-8F79-44c8-85D8-CAD1245B95D3}) (Version: - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP Photo Creations Powered by RocketLife)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{A5E2418D-B360-419D-AAAD-0D8F2E98FBF6}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPLaserJetHelp_LearnCenter (HKLM-x32\...\{66012C7F-D4FD-4C8D-8FBA-D0A680B1C149}) (Version: 1.02.0000 - Hewlett-Packard)
HPLJUT (x32 Version: 1.00.0012 - HP) Hidden
hppCP1020LaserJetService (x32 Version: 001.008.00477 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 002.015.00599 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: - )
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Logitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech)
Macromedia Dreamweaver 8 (HKLM-x32\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (Version: 8.0.0.2734 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.365.000 - Hewlett-Packard) Hidden
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6710 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.0.1902.0 - Seagate)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - )
SUPER © Version 2010.bld.37 (Jan 2, 2010) (HKLM-x32\...\SUPER ©) (Version: Version 2010.bld.37 (Jan 2, 2010) - eRightSoft)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
04-05-2015 20:11:22 Scheduled Checkpoint
13-05-2015 17:43:42 Scheduled Checkpoint
18-05-2015 17:43:07 Installed Macromedia Dreamweaver 8
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {023417BE-10B3-4661-BD22-B8CF42195E3C} - System32\Tasks\{AB276CEB-C1A2-4370-99E9-903C8E7626F1} => Chrome.exe hxxp://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsMain
Task: {036BBF42-E7E6-4608-A51C-2BFD0973F31F} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-02-13] (Seagate Technology LLC)
Task: {04D3D92E-0BDE-45CB-9121-030F9E2A28F6} - System32\Tasks\{0E7401C2-FC9C-41EB-8F4D-27299929021B} => pcalua.exe -a C:\Users\eva\AppData\Local\BeamriseUninstall\Bootstrapper{1.4BR2gpTP.100}.exe -c uninstall –slot=1 –bagKey=yikAakHwZJ8U
Task: {11F247F4-96AE-42BC-AC9C-D0EA67929A1C} - System32\Tasks\SuperEasyDriverUpdaterRunAtStartup => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe
Task: {18E683ED-5BC5-4276-AB05-6D1EB05A0B5F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1D189FBA-F98A-4916-B000-CCE4E9337DCA} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {23131080-1C79-41EA-8A08-0CDFFDB01746} - System32\Tasks\eva Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-02-13] (Seagate Technology LLC)
Task: {245749BD-F7E4-4E88-9E8F-F8AD903DCEDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28] (Google Inc.)
Task: {35656B35-E85E-4C6A-9B8D-5EC52D675717} - System32\Tasks\eva => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-02-13] (Seagate Technology LLC)
Task: {42DBDD1E-4E71-4A40-B3E9-EA0FE0E7E87C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {5634D503-D8D5-4A9F-8C32-6B892A801A72} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {5AE3412E-FE4F-4321-9757-2564CB7BB64B} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22] (Hewlett Packard)
Task: {60F4703E-DEC6-415F-9332-D7F342331CE8} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {66ECB3A6-E689-424E-8C2A-A59EAADE18C6} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {706EF7A2-97FB-416C-A1DC-4FAB69D9C5CE} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2012-12-30] ()
Task: {8876534E-C15B-4F96-991D-8D05A6ADDF35} - System32\Tasks\eva DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2015-02-13] (Seagate Technology LLC)
Task: {8B2368B4-6ABD-4F21-909D-A0996E083497} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28] (Google Inc.)
Task: {8BCE6D0F-FFC3-4D84-87B2-DB3B19E62F7E} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {8FFF57FB-7441-4151-9599-D9BB58C58C95} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {98594AE4-B71D-45C6-9755-4CA12EFD2519} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {9BDDAB86-5729-4122-AE5B-209977814EDD} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {A72EB1D4-0D6B-497D-B8C7-A8C125929275} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {BC3C2220-EDBD-4A5F-814B-F6D3753B57DE} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {C41A826B-0CD1-4A6E-A06F-E8CE4A1D08E7} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {CA563CBE-3913-4085-B26B-F7E803503895} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {CDC0FE9F-6CB9-4A2E-B92A-23840B25F391} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {E419F02F-4791-4CFC-8C44-8E3B2236F936} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {E6BD8F1F-8383-4A8D-BF0A-FAE5F031BA8B} - System32\Tasks\SuperEasyDriverUpdater_UPDATES => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\WINDOWS\Tasks\SuperEasyDriverUpdater_UPDATES.job => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe
==================== Loaded Modules (Whitelisted) ==============
2014-01-14 01:43 - 2015-04-08 15:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-12-24 06:53 - 2012-12-24 06:53 - 00129024 ____N () C:\WINDOWS\System32\HPCP1020LM.DLL
2012-08-30 01:35 - 2012-07-30 05:26 - 00029056 ____N () C:\WINDOWS\system32\DptfParticipantProcessorService.exe
2012-08-30 01:35 - 2012-07-30 05:27 - 00030592 ____N () C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe
2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-11-04 11:42 - 2012-11-04 11:42 - 00071992 _____ () C:\Program Files\Logitech\SetPointP\WinRTProxy.DLL
2012-08-30 01:33 - 2012-08-15 11:52 - 00094208 ____N () C:\Windows\System32\IccLibDll_x64.dll
2015-05-24 09:07 - 2015-05-24 09:07 - 00706893 ____N () C:\Users\eva\Desktop\HFV.exe
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-08 04:34 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-05-22 12:14 - 2015-05-13 10:48 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libglesv2.dll
2015-05-22 12:14 - 2015-05-13 10:48 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libegl.dll
2015-05-22 12:14 - 2015-05-13 10:48 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\eva\SkyDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\eva\Pictures\2013\Hawaii 0613\DSCN4234.JPG
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\eva\Pictures\2013\Hawaii 0613\DSCN4234.JPG
DNS Servers: 172.20.10.1
==================== MSCONFIG/TASK MANAGER Error getting ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "AsusVibeLauncher.lnk"
HKLM\...\StartupApproved\Run: => "ACMON"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "DBAgent"
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\StartupApproved\Run: => "Uploader"
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Uploader"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D8DAD5D1-1F06-4852-BB73-7B4278961884}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{3EACD543-70F3-4831-8C2A-A380D71DDC7E}] => (Allow) LPort=4482
FirewallRules: [{9D23796F-42F7-4D51-A623-9ADB51FD7F94}] => (Allow) LPort=4482
FirewallRules: [{B50E7D48-D4A5-430C-BAA2-EA6E3548AEEE}] => (Allow) LPort=4481
FirewallRules: [{4EFF1B9B-0D5A-4DA5-9858-15F30BDECB06}] => (Allow) LPort=4481
FirewallRules: [{D1D4F05A-9B5E-4254-A67A-9EDBA99DD92B}] => (Allow) C:\Program Files (x86)\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{B3275FE2-402E-4974-9F15-DF7FBD9392C8}] => (Allow) C:\Program Files (x86)\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{EF2F7E10-DC3E-44DD-AC06-962107218977}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{7FB06B69-0145-457B-8515-95E4D7928483}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{8379195E-12BE-415A-9270-E058B0D1855C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{B160BA9B-350A-4FC2-8466-A11CC0A637C9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{4E9632B1-8A9F-47E6-A4B7-022DC04B15B2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{9762F22F-037D-4546-8872-0D88C5F935CE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{D1D5CEDE-3A4C-45BA-AD94-52077F44A01D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{33A33B8C-30EF-4177-9261-35E4042FE61E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{EE3DB352-4315-4A5C-A829-00F796B30733}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{4331D622-2D3A-4EC7-B751-7331269EEEE8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{57A47C89-72FC-46BD-BFDB-5A8564569EBB}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\services\windows-x86-skypekit.exe
FirewallRules: [{4CD96E01-16D9-4C23-87A8-B670171E6A56}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\services\windows-x86-skypekit.exe
FirewallRules: [{291BA644-B436-4523-AF44-22CB31EC0BAC}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\windows-x86-skypekit.exe
FirewallRules: [{5762DD5A-3C03-4DB4-B103-661F078C9601}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\windows-x86-skypekit.exe
FirewallRules: [{8065A733-1D14-4A1B-B773-C3DD2B511F97}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3BEFD9F0-1099-47BC-A19D-4199F29A289A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CDF323BF-A11E-4503-A2B8-ED5296601115}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{6662D437-18BE-4DCA-96DF-5DAB086DD99A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E2B64105-2A35-44FC-9946-5DEC1FB95B60}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{51EF41A7-BAB2-4ACE-80F3-7DDD43199D4E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7A1A014E-F774-4294-8F84-CD9F4E21ACA4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CDA3D6A8-9DC3-459D-AB67-F629FA6B2862}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{68685F20-7A9E-455A-9E43-07C7E29E042D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F82D61C3-001D-4360-85AF-AF4AA8FE604B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D2DA6547-A1CB-4607-A8D7-B23ABF94D077}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{14DF9E15-01E9-4FEE-8070-5970F2696559}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{7FDE5B33-7032-495B-B7B5-CDC1706EC7D3}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{699861EE-6C4D-40DE-997F-F6C10787E2E0}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{953C0655-4803-4F56-BD0E-6C3C913A0C80}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{1A6AED7F-F488-410A-8F4D-FA4A6FDBAC8C}] => (Allow) E:\Installer\hpbcsiInstaller.exe
FirewallRules: [{B361681B-84A6-4C81-9CC7-34AB4833A203}] => (Allow) E:\Installer\hpbcsiInstaller.exe
FirewallRules: [TCP Query User{396CA64A-FEE5-4575-B62D-39F8D5FFBBFF}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{2077040E-1322-4757-AA02-686BCE692B81}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{14E60836-010F-4724-88AD-13634D3F1C52}] => (Allow) LPort=8888
FirewallRules: [{445249C1-BBAC-4BA9-ACFA-3ADF41817C57}] => (Allow) LPort=8888
FirewallRules: [{42CA0C55-D77A-4BFA-9A3F-865326466217}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP Color LaserJet CM2320nf MFP
Description: HP Color LaserJet CM2320nf MFP
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: HP LaserJet P3010 Series
Description: HP LaserJet P3010 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP LaserJet P3010 Series
Description: HP LaserJet P3010 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP LaserJet P3010 Series
Description: HP LaserJet P3010 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP LaserJet P3010 Series
Description: HP LaserJet P3010 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP LaserJet P3010 Series
Description: HP LaserJet P3010 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP LaserJet P3010 Series
Description: HP LaserJet P3010 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP LaserJet P4014
Description: HP LaserJet P4014
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP Color LaserJet CM2320nf MFP
Description: HP Color LaserJet CM2320nf MFP
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP LaserJet P4014
Description: HP LaserJet P4014
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP LaserJet P4014
Description: HP LaserJet P4014
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP LaserJet P3010 Series
Description: HP LaserJet P3010 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP LaserJet P3010 Series
Description: HP LaserJet P3010 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP LaserJet P3010 Series
Description: HP LaserJet P3010 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/24/2015 08:55:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: googledrivesync.exe, version: 1.21.9226.6034, time stamp: 0x509418e4
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c846bb
Exception code: 0xc0000005
Fault offset: 0x00041eee
Faulting process id: 0x1a6c
Faulting application start time: 0xgoogledrivesync.exe0
Faulting application path: googledrivesync.exe1
Faulting module path: googledrivesync.exe2
Report Id: googledrivesync.exe3
Faulting package full name: googledrivesync.exe4
Faulting package-relative application ID: googledrivesync.exe5
Error: (05/24/2015 08:55:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6500
Error: (05/24/2015 08:55:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6500
Error: (05/24/2015 08:55:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/24/2015 07:51:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.3.9600.17415, time stamp: 0x545045a2
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c846bb
Exception code: 0xc0000005
Fault offset: 0x00027fb3
Faulting process id: 0x1284
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5
Error: (05/24/2015 05:39:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.3.9600.17415, time stamp: 0x545045a2
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c846bb
Exception code: 0xc0000005
Fault offset: 0x00027fb3
Faulting process id: 0x104c
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5
Error: (05/24/2015 00:33:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3437
Error: (05/24/2015 00:33:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3437
Error: (05/24/2015 00:33:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/24/2015 00:33:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2328
System errors:
=============
Error: (05/24/2015 10:20:15 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: ULLI-PC)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \S-1-5-21-964893997-1847190727-3478051664-1002-1-ntuser.dat
Error: (05/24/2015 10:19:23 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: ULLI-PC)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \S-1-5-21-964893997-1847190727-3478051664-1002-0-ntuser.dat
Error: (05/23/2015 11:04:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062
Error: (05/23/2015 08:52:20 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: ULLI-PC)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \S-1-5-21-964893997-1847190727-3478051664-1002-1-ntuser.dat
Error: (05/23/2015 08:51:32 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: ULLI-PC)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \S-1-5-21-964893997-1847190727-3478051664-1002-0-ntuser.dat
Error: (05/22/2015 07:01:12 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The EMP_UDSA service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (05/21/2015 09:06:00 PM) (Source: DCOM) (EventID: 10010) (User: ULLI-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (05/21/2015 09:06:00 PM) (Source: DCOM) (EventID: 10010) (User: ULLI-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (05/17/2015 08:54:09 PM) (Source: DCOM) (EventID: 10010) (User: ULLI-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (05/17/2015 08:54:09 PM) (Source: DCOM) (EventID: 10010) (User: ULLI-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Microsoft Office:
=========================
Error: (09/07/2014 00:21:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3887 seconds with 3360 seconds of active time. This session ended with a crash.
Error: (08/06/2014 06:52:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5469 seconds with 2760 seconds of active time. This session ended with a crash.
Error: (07/02/2014 07:05:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1546 seconds with 1320 seconds of active time. This session ended with a crash.
Error: (01/27/2014 05:12:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 679 seconds with 660 seconds of active time. This session ended with a crash.
Error: (08/25/2013 00:34:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 563 seconds with 420 seconds of active time. This session ended with a crash.
Error: (05/20/2013 04:14:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1123 seconds with 360 seconds of active time. This session ended with a crash.
Error: (04/19/2013 03:13:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 34 seconds with 0 seconds of active time. This session ended with a crash.
Error: (04/19/2013 03:12:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2672 seconds with 1200 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3517U CPU @ 1.90GHz
Percentage of memory in use: 58%
Total physical RAM: 6029.56 MB
Available physical RAM: 2524.17 MB
Total Pagefile: 7181.56 MB
Available Pagefile: 3015.77 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:76.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:258.45 GB) (Free:258.33 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4F359092)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: 41B54F21)
Partition: GPT Partition Type.
==================== End of log ============================
GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-24 14:43:27
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000052 Hitachi_HTS545050A7E380 rev.GG2OA6C0 465.76GB
Running: Gmer-19357.exe; Driver: C:\Users\eva\AppData\Local\Temp\pxldapod.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff9600010fa00 15 bytes [00, 2E, F4, 01, 80, A0, 6E, ...]
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 17 fffff9600010fa11 10 bytes [5E, FC, FF, 00, BB, C7, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[628] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffde1e33e10 7 bytes JMP 00007ffee01b0260
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[628] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffde1e33e20 7 bytes JMP 00007ffee01b0298
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[628] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffde1ee39b0 7 bytes JMP 00007ffee01b0340
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[628] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffde1ee3ef0 7 bytes JMP 00007ffee01b02d0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[628] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffde1ee3fe0 7 bytes JMP 00007ffee01b0308
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[628] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffde1f106c0 7 bytes JMP 00007ffee01b01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[628] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffde1f10730 7 bytes JMP 00007ffee01b0228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[628] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffde28dd050 7 bytes JMP 00007ffee01b0500
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[628] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffde290b170 5 bytes JMP 00007ffee01b0538
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffde1e33e10 7 bytes JMP 00007ffee01b0260
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffde1e33e20 7 bytes JMP 00007ffee01b0298
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffde1ee39b0 7 bytes JMP 00007ffee01b0340
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffde1ee3ef0 7 bytes JMP 00007ffee01b02d0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffde1ee3fe0 7 bytes JMP 00007ffee01b0308
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffde1f106c0 7 bytes JMP 00007ffee01b01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffde1f10730 7 bytes JMP 00007ffee01b0228
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffde01c21d0 5 bytes JMP 00007ffee01b0180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffde01c29d0 7 bytes JMP 00007ffee01b00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffde01c4310 5 bytes JMP 00007ffee01b0110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffde01c8d80 5 bytes JMP 00007ffee01b0148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffde023f0b0 5 bytes JMP 00007ffee01b01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffde2676d90 1 byte JMP 00007ffee01b0420
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffde2676d92 8 bytes {JMP 0xfffffffffdb39690}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffde26874a0 5 bytes JMP 00007ffee01b03e8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffde2687560 9 bytes JMP 00007ffee01b0378
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffde2687730 5 bytes JMP 00007ffee01b0458
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffde2696b10 5 bytes JMP 00007ffee01b03b0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffde1f71500 1 byte JMP 00007ffee01b0490
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffde1f71502 6 bytes {JMP 0xfffffffffe23ef90}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5820] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffde1f71750 8 bytes JMP 00007ffee01b04c8
.text C:\Windows\System32\igfxpers.exe[3560] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffde1e33e10 7 bytes JMP 00007ffee01b0260
.text C:\Windows\System32\igfxpers.exe[3560] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffde1e33e20 7 bytes JMP 00007ffee01b0298
.text C:\Windows\System32\igfxpers.exe[3560] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffde1ee39b0 7 bytes JMP 00007ffee01b0340
.text C:\Windows\System32\igfxpers.exe[3560] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffde1ee3ef0 7 bytes JMP 00007ffee01b02d0
.text C:\Windows\System32\igfxpers.exe[3560] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffde1ee3fe0 7 bytes JMP 00007ffee01b0308
.text C:\Windows\System32\igfxpers.exe[3560] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffde1f106c0 7 bytes JMP 00007ffee01b01f0
.text C:\Windows\System32\igfxpers.exe[3560] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffde1f10730 7 bytes JMP 00007ffee01b0228
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [732:764] fffff9600099f2d0
Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [5116:6824] 00007ffdd0fc3e0c
Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [5116:7096] 00007ffdcec9f5f8
Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [5116:5024] 00007ffdd0fc3e0c
Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [5116:7408] 00007ffdceb3bc60
Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [5116:5648] 00007ffdd0fc3e0c
Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [5116:7456] 00007ffdcec2cfb8
Thread C:\WINDOWS\SysWOW64\msiexec.exe [6872:7108] 000000007e94392e
Thread C:\WINDOWS\syswow64\wwahost.exe [4780:7384] 000000005fe250e0
Thread C:\WINDOWS\syswow64\wwahost.exe [4780:7748] 00000000747e4ad0
Thread C:\WINDOWS\syswow64\wwahost.exe [4780:496] 00000000747e5850
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Geändert von eva_mariee (24.05.2015 um 22:28 Uhr) |
|
24.05.2015, 23:06
| #2 |
| /// TB-Ausbilder   | Windows 8: Ordner werden als shortcut angezeigt, tlw. auch USB-Sticks Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\CurrentVersion\Windows: [Load] C:\ProgramData\msqcmfnsm.exe <===== ATTENTION
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\CurrentVersion\Windows: [Load] C:\ProgramData\msqcmfnsm.exe <===== ATTENTION
C:\ProgramData\msqcmfnsm.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF user.js: detected! => C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\4qvbq2lp.default\user.js [2014-01-16]
RemoveProxy:
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2
Bitte poste mit deiner nächsten Antwort
|
|
24.05.2015, 23:35
| #3 |
| | Log-files Hier die gewünschten Files - nach dem 1. Schritt musste ich den PC neu starten und es kam mit dem Logfile noch eine andere Notepad-Meldung - ich werde sie auch posten:
__________________Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
Ran by eva at 2015-05-24 16:18:18 Run:1
Running from C:\Users\eva\Desktop
Loaded Profiles: eva & (Available Profiles: eva)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CloseProcesses:
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\CurrentVersion\Windows: [Load] C:\ProgramData\msqcmfnsm.exe <===== ATTENTION
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\CurrentVersion\Windows: [Load] C:\ProgramData\msqcmfnsm.exe <===== ATTENTION
C:\ProgramData\msqcmfnsm.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF user.js: detected! => C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\4qvbq2lp.default\user.js [2014-01-16]
RemoveProxy:
EmptyTemp:
end
*****************
Processes closed successfully.
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => value restored successfully
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => value restored successfully
Could not move "C:\ProgramData\msqcmfnsm.exe" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully
C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\4qvbq2lp.default\user.js => Moved successfully.
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
========= End of RemoveProxy: =========
EmptyTemp: => Removed 1.8 GB temporary data.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-05-24 16:21:50)<=
C:\ProgramData\msqcmfnsm.exe => Is moved successfully
==== End of Fixlog 16:21:50 ====
Code:
ATTFilter
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
Ran by eva (administrator) on ULLI-PC on 24-05-2015 16:26:38
Running from C:\Users\eva\Desktop
Loaded Profiles: eva (Available Profiles: eva)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\System32\DptfPolicyConfigTDPService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-27] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2013-09-09] (Research In Motion Limited)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1533728 2015-02-13] (Seagate Technology LLC)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EPSON_UD_START] => C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UD.exe [536168 2013-05-31] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\Run: [B497FBE558A0E8CF98F7051B1D4699A80CF8D4D0._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-13] (Google Inc.)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-02-13] (Seagate Technology LLC)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\MountPoints2: {9fb8d0ea-fb3a-11e4-bed1-c4850836bb94} - "E:\EMP_UDSe.exe" /autorun
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File not found
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2015-04-08] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [175880 2015-04-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [154256 2015-04-08] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2012-10-08]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-12-30]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2014-03-24]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\S-1-5-21-964893997-1847190727-3478051664-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-05-06] (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2012-11-04] (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553571000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 216.230.147.90 216.230.128.3
FireFox:
========
FF ProfilePath: C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\4qvbq2lp.default
FF SelectedSearchEngine:
FF Homepage: hxxp://www.portal.at/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2014-12-12] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll [2014-12-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-05-06] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2013-11-06] ()
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2012-12-03] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: anonymoX - C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\4qvbq2lp.default\Extensions\client@anonymox.net.xpi [2013-06-25]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-12-30]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-06-24]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
Chrome:
=======
CHR Profile: C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-24]
CHR Extension: (Google Drive) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-24]
CHR Extension: (YouTube) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-24]
CHR Extension: (GeoGebra) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2015-04-08]
CHR Extension: (Google Search) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-24]
CHR Extension: (Logitech SetPoint) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2014-08-24]
CHR Extension: (Bookmark Manager) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-24]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-08-24]
CHR Extension: (Bitdefender QuickScan) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-12-11]
CHR Extension: (Gmail) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-24]
CHR HKU\S-1-5-21-964893997-1847190727-3478051664-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-12-30]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-19] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-09-09] (Research In Motion Limited) []
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [29056 2012-07-30] ()
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [30592 2012-07-30] ()
R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe [157696 2013-05-31] (SEIKO EPSON CORPORATION) []
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) []
R2 HPSIService; C:\Windows\system32\HPSIsvc.exe [120832 2011-08-04] (HP) []
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) []
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) []
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) []
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-13] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-02-13] (Seagate Technology LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-10] (Avira Operations GmbH & Co. KG)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [111104 2015-01-15] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
R3 eppvad_simple; C:\Windows\system32\drivers\EMP_UDAU.sys [23040 2013-05-31] (SEIKO EPSON CORPORATION)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-06-27] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-24 14:43 - 2015-05-24 14:43 - 00009119 _____ () C:\Users\eva\Desktop\Gmer.txt
2015-05-24 14:36 - 2015-05-24 14:36 - 00380416 _____ () C:\Users\eva\Desktop\Gmer-19357.exe
2015-05-24 14:25 - 2015-05-24 16:26 - 00029316 _____ () C:\Users\eva\Desktop\FRST.txt
2015-05-24 14:25 - 2015-05-24 14:26 - 00046604 _____ () C:\Users\eva\Desktop\Addition.txt
2015-05-24 14:24 - 2015-05-24 16:26 - 00000000 ____D () C:\FRST
2015-05-24 14:23 - 2015-05-24 14:23 - 02108416 _____ (Farbar) C:\Users\eva\Desktop\FRST64.exe
2015-05-24 14:21 - 2015-05-24 14:21 - 00000468 _____ () C:\Users\eva\Desktop\defogger_disable.log
2015-05-24 14:21 - 2015-05-24 14:21 - 00000000 _____ () C:\Users\eva\defogger_reenable
2015-05-24 14:19 - 2015-05-24 14:19 - 00050477 _____ () C:\Users\eva\Desktop\Defogger.exe
2015-05-24 13:14 - 2015-05-24 13:15 - 00003342 ____N () C:\Users\eva\Desktop\ShortcutVirusRemover.bat
2015-05-24 13:01 - 2015-05-24 13:25 - 00000094 ____N () C:\Users\eva\Desktop\removevirus.bat
2015-05-24 09:08 - 2015-05-24 09:08 - 00000320 _____ () C:\WINDOWS\SysWOW64\win_hcleaner.ini
2015-05-24 09:07 - 2015-05-24 09:07 - 00706893 ____N () C:\Users\eva\Desktop\HFV.exe
2015-05-23 23:09 - 2015-05-23 23:09 - 00003700 ____N () C:\WINDOWS\System32\Tasks\eva Merge
2015-05-23 23:09 - 2015-05-23 23:09 - 00003684 ____N () C:\WINDOWS\System32\Tasks\eva
2015-05-23 23:06 - 2015-05-23 23:06 - 00000000 ____D () C:\WINDOWS\LastGood
2015-05-22 07:03 - 2015-05-22 07:03 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard
2015-05-22 07:01 - 2015-05-22 07:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Projector
2015-05-22 07:01 - 2015-05-22 07:01 - 00000000 ____D () C:\Program Files (x86)\EPSON Projector
2015-05-22 07:01 - 2013-05-31 16:33 - 00023040 ____N (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\Drivers\EMP_UDAU.sys
2015-05-22 06:55 - 2015-05-22 06:55 - 00000000 ____N () C:\WINDOWS\system32\Drivers\Msft_Kernel_ax88772_01011.Wdf
2015-05-18 17:43 - 2015-05-18 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia
2015-05-18 17:43 - 2015-05-18 17:43 - 00000000 ____D () C:\ProgramData\Macromedia
2015-05-18 17:43 - 2015-05-18 17:43 - 00000000 ____D () C:\Program Files (x86)\Macromedia
2015-05-18 17:41 - 2015-05-18 17:41 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2015-05-18 17:39 - 2015-05-18 17:56 - 00000000 ____D () C:\Users\eva\Desktop\Macromedia 8
2015-05-16 19:05 - 2015-05-16 19:05 - 00000000 ____D () C:\Users\eva\Documents\ASUS
2015-05-16 19:05 - 2015-05-16 19:05 - 00000000 ____D () C:\ProgramData\ASUS
2015-05-09 13:08 - 2015-05-09 13:08 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2015-05-09 13:08 - 2015-05-09 13:08 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-24 16:24 - 2015-04-08 18:41 - 00000000 ___RD () C:\Users\eva\Google Drive
2015-05-24 16:22 - 2014-01-14 05:26 - 00000000 ___DO () C:\Users\eva\SkyDrive
2015-05-24 16:21 - 2013-05-28 20:06 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-24 16:20 - 2013-08-22 08:46 - 00389089 _____ () C:\WINDOWS\setupact.log
2015-05-24 16:19 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-24 16:19 - 2013-08-22 07:25 - 01048576 _____ () C:\WINDOWS\system32\config\BBI
2015-05-24 16:12 - 2013-05-28 20:06 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-24 16:02 - 2012-12-30 13:46 - 00000350 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2015-05-24 16:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-24 15:58 - 2014-01-14 01:43 - 01606609 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-24 15:37 - 2013-11-14 01:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-24 15:13 - 2013-02-27 17:18 - 00000000 ____D () C:\Users\eva\AppData\Local\Paint.NET
2015-05-24 15:11 - 2015-02-10 19:43 - 00000000 ____D () C:\Users\eva\Desktop\div_sticks
2015-05-24 14:21 - 2014-01-14 01:48 - 00000000 ____D () C:\Users\eva
2015-05-24 11:46 - 2012-12-15 19:29 - 00003598 ____N () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-964893997-1847190727-3478051664-1002
2015-05-24 10:16 - 2014-08-26 06:54 - 00136408 ____N (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 23:08 - 2015-01-16 14:49 - 00003480 ____N () C:\WINDOWS\System32\Tasks\eva DBAgent 2 0
2015-05-23 23:05 - 2015-04-19 08:47 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-05-23 23:05 - 2015-04-19 08:47 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-05-23 23:05 - 2013-11-14 01:20 - 00236396 _____ () C:\WINDOWS\PFRO.log
2015-05-23 23:05 - 2013-08-22 08:44 - 00492528 ____N () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-23 20:50 - 2014-08-26 06:54 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-23 20:50 - 2014-08-26 06:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-23 20:50 - 2014-08-26 06:53 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-05-23 19:47 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-23 17:10 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-05-22 06:54 - 2015-04-19 08:45 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2015-05-21 20:34 - 2012-08-04 19:42 - 03497316 _____ () C:\WINDOWS\AsDebug.log
2015-05-21 20:34 - 2012-08-04 19:42 - 00573596 _____ () C:\WINDOWS\AsCDProc.log
2015-05-21 19:47 - 2013-01-07 21:43 - 00123256 ____N () C:\Users\eva\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-20 18:40 - 2013-05-15 06:40 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-19 15:49 - 2014-04-01 07:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-19 15:47 - 2013-03-31 10:07 - 00152744 ____N (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-05-19 15:47 - 2013-03-31 10:07 - 00132120 ____N (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-05-18 17:50 - 2012-12-15 20:00 - 00000000 ____D () C:\Users\eva\AppData\Roaming\Macromedia
2015-05-17 20:07 - 2013-05-28 20:06 - 00003894 ____N () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 20:07 - 2013-05-28 20:06 - 00003658 ____N () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-17 17:32 - 2013-01-09 20:43 - 00000000 ____D () C:\Users\Public\Documents\Personalvertretung
2015-05-16 19:05 - 2012-12-15 19:19 - 00000000 ____D () C:\Users\eva\AppData\Local\ASUS
2015-05-09 13:09 - 2015-04-08 18:39 - 00002060 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-05-09 13:09 - 2015-04-08 18:39 - 00002058 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-05-09 13:09 - 2015-04-08 18:39 - 00002048 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-05-09 13:09 - 2015-04-08 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-06 14:07 - 2015-02-02 14:07 - 00000338 _____ () C:\WINDOWS\Tasks\SuperEasyDriverUpdater_UPDATES.job
2015-05-03 19:39 - 2012-12-30 11:25 - 00000000 ____D () C:\Users\eva\AppData\Roaming\HpUpdate
==================== Files in the root of some directories =======
2013-01-02 20:14 - 2013-01-02 20:14 - 0000021 ____N () C:\Users\eva\AppData\Roaming\my_intel.sys
2013-09-06 20:07 - 2014-06-02 11:21 - 0001001 ____N () C:\Users\eva\AppData\Roaming\Rim.Desktop.Exception.log
2013-09-06 20:06 - 2013-09-06 20:06 - 0001092 ____N () C:\Users\eva\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-09-06 20:07 - 2014-06-02 11:21 - 0001001 ____N () C:\Users\eva\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-12-15 19:22 - 2015-04-05 15:20 - 0000401 ____N () C:\Users\eva\AppData\Roaming\sp_data.sys
2014-10-04 23:41 - 2014-10-04 23:41 - 0004634 ____N () C:\Users\eva\AppData\Local\recently-used.xbel
2012-12-30 13:37 - 2014-09-23 20:10 - 0005807 _____ () C:\ProgramData\hpzinstall.log
2012-08-04 19:42 - 2012-07-30 00:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-04 19:42 - 2009-07-22 04:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
Some files in TEMP:
====================
C:\Users\eva\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-23 23:56
==================== End of log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
Ran by eva at 2015-05-24 16:27:17
Running from C:\Users\eva\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-964893997-1847190727-3478051664-500 - Administrator - Disabled)
eva (S-1-5-21-964893997-1847190727-3478051664-1002 - Administrator - Enabled) => C:\Users\eva
Guest (S-1-5-21-964893997-1847190727-3478051664-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research in Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research in Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM-x32\...\{334147DC-B3C8-4626-A985-4AEA8A36DAB6}) (Version: 8.0.0.41 - Research In Motion Ltd)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CoffeeCup Free HTML Editor (HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\CoffeeCup Free HTML Editor) (Version: - )
D110 (x32 Version: 140.0.353.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
Epson USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.62.000 - SEIKO EPSON CORPORATION)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GeoGebra (HKLM-x32\...\GeoGebra) (Version: 4.0.30.0 - International GeoGebra Institute)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP LaserJet Professional CP1020 Series (HKLM-x32\...\{F2918DE9-8F79-44c8-85D8-CAD1245B95D3}) (Version: - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP Photo Creations Powered by RocketLife)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{A5E2418D-B360-419D-AAAD-0D8F2E98FBF6}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPLaserJetHelp_LearnCenter (HKLM-x32\...\{66012C7F-D4FD-4C8D-8FBA-D0A680B1C149}) (Version: 1.02.0000 - Hewlett-Packard)
HPLJUT (x32 Version: 1.00.0012 - HP) Hidden
hppCP1020LaserJetService (x32 Version: 001.008.00477 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 002.015.00599 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: - )
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Logitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech)
Macromedia Dreamweaver 8 (HKLM-x32\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (Version: 8.0.0.2734 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.365.000 - Hewlett-Packard) Hidden
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6710 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.0.1902.0 - Seagate)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - )
SUPER © Version 2010.bld.37 (Jan 2, 2010) (HKLM-x32\...\SUPER ©) (Version: Version 2010.bld.37 (Jan 2, 2010) - eRightSoft)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
04-05-2015 20:11:22 Scheduled Checkpoint
13-05-2015 17:43:42 Scheduled Checkpoint
18-05-2015 17:43:07 Installed Macromedia Dreamweaver 8
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {023417BE-10B3-4661-BD22-B8CF42195E3C} - System32\Tasks\{AB276CEB-C1A2-4370-99E9-903C8E7626F1} => Chrome.exe hxxp://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsMain
Task: {036BBF42-E7E6-4608-A51C-2BFD0973F31F} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-02-13] (Seagate Technology LLC)
Task: {04D3D92E-0BDE-45CB-9121-030F9E2A28F6} - System32\Tasks\{0E7401C2-FC9C-41EB-8F4D-27299929021B} => pcalua.exe -a C:\Users\eva\AppData\Local\BeamriseUninstall\Bootstrapper{1.4BR2gpTP.100}.exe -c uninstall –slot=1 –bagKey=yikAakHwZJ8U
Task: {11F247F4-96AE-42BC-AC9C-D0EA67929A1C} - System32\Tasks\SuperEasyDriverUpdaterRunAtStartup => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe
Task: {18E683ED-5BC5-4276-AB05-6D1EB05A0B5F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1D189FBA-F98A-4916-B000-CCE4E9337DCA} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {23131080-1C79-41EA-8A08-0CDFFDB01746} - System32\Tasks\eva Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-02-13] (Seagate Technology LLC)
Task: {245749BD-F7E4-4E88-9E8F-F8AD903DCEDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28] (Google Inc.)
Task: {35656B35-E85E-4C6A-9B8D-5EC52D675717} - System32\Tasks\eva => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-02-13] (Seagate Technology LLC)
Task: {42DBDD1E-4E71-4A40-B3E9-EA0FE0E7E87C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {5634D503-D8D5-4A9F-8C32-6B892A801A72} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {5AE3412E-FE4F-4321-9757-2564CB7BB64B} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22] (Hewlett Packard)
Task: {60F4703E-DEC6-415F-9332-D7F342331CE8} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {66ECB3A6-E689-424E-8C2A-A59EAADE18C6} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {706EF7A2-97FB-416C-A1DC-4FAB69D9C5CE} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2012-12-30] ()
Task: {8876534E-C15B-4F96-991D-8D05A6ADDF35} - System32\Tasks\eva DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2015-02-13] (Seagate Technology LLC)
Task: {8B2368B4-6ABD-4F21-909D-A0996E083497} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28] (Google Inc.)
Task: {8BCE6D0F-FFC3-4D84-87B2-DB3B19E62F7E} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {8FFF57FB-7441-4151-9599-D9BB58C58C95} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {98594AE4-B71D-45C6-9755-4CA12EFD2519} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {9BDDAB86-5729-4122-AE5B-209977814EDD} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {A72EB1D4-0D6B-497D-B8C7-A8C125929275} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {BC3C2220-EDBD-4A5F-814B-F6D3753B57DE} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {C41A826B-0CD1-4A6E-A06F-E8CE4A1D08E7} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {CA563CBE-3913-4085-B26B-F7E803503895} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {CDC0FE9F-6CB9-4A2E-B92A-23840B25F391} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {E419F02F-4791-4CFC-8C44-8E3B2236F936} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {E6BD8F1F-8383-4A8D-BF0A-FAE5F031BA8B} - System32\Tasks\SuperEasyDriverUpdater_UPDATES => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\WINDOWS\Tasks\SuperEasyDriverUpdater_UPDATES.job => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe
==================== Loaded Modules (Whitelisted) ==============
2014-01-14 01:43 - 2015-04-08 15:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-12-24 06:53 - 2012-12-24 06:53 - 00129024 ____N () C:\WINDOWS\System32\HPCP1020LM.DLL
2012-08-30 01:35 - 2012-07-30 05:26 - 00029056 ____N () C:\WINDOWS\system32\DptfParticipantProcessorService.exe
2012-08-30 01:35 - 2012-07-30 05:27 - 00030592 ____N () C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe
2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-11-04 11:42 - 2012-11-04 11:42 - 00071992 _____ () C:\Program Files\Logitech\SetPointP\WinRTProxy.DLL
2012-08-30 01:33 - 2012-08-15 11:52 - 00094208 ____N () C:\Windows\System32\IccLibDll_x64.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-24 16:22 - 2015-05-24 16:22 - 00098816 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\win32api.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00110080 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\pywintypes27.dll
2015-05-24 16:22 - 2015-05-24 16:22 - 00364544 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\pythoncom27.dll
2015-05-24 16:22 - 2015-05-24 16:22 - 00045568 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\_socket.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 01161216 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\_ssl.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00320512 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\win32com.shell.shell.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00713216 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\_hashlib.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 01175040 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\wx._core_.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00805888 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\wx._gdi_.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00811008 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\wx._windows_.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 01062400 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\wx._controls_.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00735232 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\wx._misc_.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00682496 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\pysqlite2._sqlite.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00128512 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\_elementtree.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00127488 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\pyexpat.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00087552 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\_ctypes.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00119808 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\win32file.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00108544 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\win32security.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00007168 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\hashobjs_ext.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00017408 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\usb_ext.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00167936 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\win32gui.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00018432 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\win32event.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00013824 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\common.time34.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00036864 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\_psutil_windows.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00038912 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\win32inet.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00011264 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\win32crypt.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00070656 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\wx._html2.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00027136 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\_multiprocessing.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00020480 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\_yappi.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00035840 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\win32process.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00686080 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\unicodedata.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00122368 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\wx._wizard.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00024064 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\win32pipe.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00010240 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\select.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00025600 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\win32pdh.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00525640 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\windows._lib_cacheinvalidation.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00017408 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\win32profile.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00022528 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\win32ts.pyd
2015-05-24 16:22 - 2015-05-24 16:22 - 00078336 _____ () C:\Users\eva\AppData\Local\Temp\_MEI51562\wx._animate.pyd
2012-10-08 04:34 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-05-22 12:14 - 2015-05-13 10:48 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libglesv2.dll
2015-05-22 12:14 - 2015-05-13 10:48 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libegl.dll
2015-05-22 12:14 - 2015-05-13 10:48 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\eva\SkyDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\eva\Pictures\2013\Hawaii 0613\DSCN4234.JPG
DNS Servers: 216.230.147.90 - 216.230.128.3
==================== MSCONFIG/TASK MANAGER Error getting ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "AsusVibeLauncher.lnk"
HKLM\...\StartupApproved\Run: => "ACMON"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "DBAgent"
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\StartupApproved\Run: => "Uploader"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D8DAD5D1-1F06-4852-BB73-7B4278961884}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{3EACD543-70F3-4831-8C2A-A380D71DDC7E}] => (Allow) LPort=4482
FirewallRules: [{9D23796F-42F7-4D51-A623-9ADB51FD7F94}] => (Allow) LPort=4482
FirewallRules: [{B50E7D48-D4A5-430C-BAA2-EA6E3548AEEE}] => (Allow) LPort=4481
FirewallRules: [{4EFF1B9B-0D5A-4DA5-9858-15F30BDECB06}] => (Allow) LPort=4481
FirewallRules: [{D1D4F05A-9B5E-4254-A67A-9EDBA99DD92B}] => (Allow) C:\Program Files (x86)\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{B3275FE2-402E-4974-9F15-DF7FBD9392C8}] => (Allow) C:\Program Files (x86)\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{EF2F7E10-DC3E-44DD-AC06-962107218977}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{7FB06B69-0145-457B-8515-95E4D7928483}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{8379195E-12BE-415A-9270-E058B0D1855C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{B160BA9B-350A-4FC2-8466-A11CC0A637C9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{4E9632B1-8A9F-47E6-A4B7-022DC04B15B2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{9762F22F-037D-4546-8872-0D88C5F935CE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{D1D5CEDE-3A4C-45BA-AD94-52077F44A01D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{33A33B8C-30EF-4177-9261-35E4042FE61E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{EE3DB352-4315-4A5C-A829-00F796B30733}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{4331D622-2D3A-4EC7-B751-7331269EEEE8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{57A47C89-72FC-46BD-BFDB-5A8564569EBB}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\services\windows-x86-skypekit.exe
FirewallRules: [{4CD96E01-16D9-4C23-87A8-B670171E6A56}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\services\windows-x86-skypekit.exe
FirewallRules: [{291BA644-B436-4523-AF44-22CB31EC0BAC}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\windows-x86-skypekit.exe
FirewallRules: [{5762DD5A-3C03-4DB4-B103-661F078C9601}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\windows-x86-skypekit.exe
FirewallRules: [{8065A733-1D14-4A1B-B773-C3DD2B511F97}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3BEFD9F0-1099-47BC-A19D-4199F29A289A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CDF323BF-A11E-4503-A2B8-ED5296601115}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{6662D437-18BE-4DCA-96DF-5DAB086DD99A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E2B64105-2A35-44FC-9946-5DEC1FB95B60}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{51EF41A7-BAB2-4ACE-80F3-7DDD43199D4E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7A1A014E-F774-4294-8F84-CD9F4E21ACA4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CDA3D6A8-9DC3-459D-AB67-F629FA6B2862}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{68685F20-7A9E-455A-9E43-07C7E29E042D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F82D61C3-001D-4360-85AF-AF4AA8FE604B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D2DA6547-A1CB-4607-A8D7-B23ABF94D077}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{14DF9E15-01E9-4FEE-8070-5970F2696559}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{7FDE5B33-7032-495B-B7B5-CDC1706EC7D3}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{699861EE-6C4D-40DE-997F-F6C10787E2E0}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{953C0655-4803-4F56-BD0E-6C3C913A0C80}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{1A6AED7F-F488-410A-8F4D-FA4A6FDBAC8C}] => (Allow) E:\Installer\hpbcsiInstaller.exe
FirewallRules: [{B361681B-84A6-4C81-9CC7-34AB4833A203}] => (Allow) E:\Installer\hpbcsiInstaller.exe
FirewallRules: [TCP Query User{396CA64A-FEE5-4575-B62D-39F8D5FFBBFF}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{2077040E-1322-4757-AA02-686BCE692B81}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{14E60836-010F-4724-88AD-13634D3F1C52}] => (Allow) LPort=8888
FirewallRules: [{445249C1-BBAC-4BA9-ACFA-3ADF41817C57}] => (Allow) LPort=8888
FirewallRules: [{42CA0C55-D77A-4BFA-9A3F-865326466217}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP Color LaserJet CM2320nf MFP
Description: HP Color LaserJet CM2320nf MFP
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/24/2015 08:55:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: googledrivesync.exe, version: 1.21.9226.6034, time stamp: 0x509418e4
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c846bb
Exception code: 0xc0000005
Fault offset: 0x00041eee
Faulting process id: 0x1a6c
Faulting application start time: 0xgoogledrivesync.exe0
Faulting application path: googledrivesync.exe1
Faulting module path: googledrivesync.exe2
Report Id: googledrivesync.exe3
Faulting package full name: googledrivesync.exe4
Faulting package-relative application ID: googledrivesync.exe5
Error: (05/24/2015 08:55:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6500
Error: (05/24/2015 08:55:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6500
Error: (05/24/2015 08:55:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/24/2015 07:51:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.3.9600.17415, time stamp: 0x545045a2
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c846bb
Exception code: 0xc0000005
Fault offset: 0x00027fb3
Faulting process id: 0x1284
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5
Error: (05/24/2015 05:39:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.3.9600.17415, time stamp: 0x545045a2
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c846bb
Exception code: 0xc0000005
Fault offset: 0x00027fb3
Faulting process id: 0x104c
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5
Error: (05/24/2015 00:33:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3437
Error: (05/24/2015 00:33:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3437
Error: (05/24/2015 00:33:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/24/2015 00:33:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2328
System errors:
=============
Error: (05/24/2015 04:18:57 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\WINDOWS\System32\IWMSSvc.dll
Error: (05/24/2015 04:18:57 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\WINDOWS\System32\IWMSSvc.dll
Error: (05/24/2015 04:18:54 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\WINDOWS\System32\IWMSSvc.dll
Error: (05/24/2015 04:18:53 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056
Error: (05/24/2015 04:18:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Seagate MobileBackup Service service terminated unexpectedly. It has done this 1 time(s).
Error: (05/24/2015 04:18:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP LaserJet Service service terminated unexpectedly. It has done this 1 time(s).
Error: (05/24/2015 04:18:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
Error: (05/24/2015 04:18:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlackBerry Device Manager service terminated unexpectedly. It has done this 1 time(s).
Error: (05/24/2015 04:18:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (05/24/2015 04:18:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) PROSet/Wireless Zero Configuration Service service terminated unexpectedly. It has done this 1 time(s).
Microsoft Office:
=========================
Error: (09/07/2014 00:21:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3887 seconds with 3360 seconds of active time. This session ended with a crash.
Error: (08/06/2014 06:52:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5469 seconds with 2760 seconds of active time. This session ended with a crash.
Error: (07/02/2014 07:05:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1546 seconds with 1320 seconds of active time. This session ended with a crash.
Error: (01/27/2014 05:12:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 679 seconds with 660 seconds of active time. This session ended with a crash.
Error: (08/25/2013 00:34:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 563 seconds with 420 seconds of active time. This session ended with a crash.
Error: (05/20/2013 04:14:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1123 seconds with 360 seconds of active time. This session ended with a crash.
Error: (04/19/2013 03:13:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 34 seconds with 0 seconds of active time. This session ended with a crash.
Error: (04/19/2013 03:12:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2672 seconds with 1200 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3517U CPU @ 1.90GHz
Percentage of memory in use: 49%
Total physical RAM: 6029.56 MB
Available physical RAM: 3061.96 MB
Total Pagefile: 7181.56 MB
Available Pagefile: 3878.09 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:78.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:258.45 GB) (Free:258.33 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4F359092)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: 41B54F21)
Partition: GPT Partition Type.
==================== End of log ============================
Ich hoffe, ich konnte die Schritte wie gewünscht umsetzten - und danke für die rasche Antwort! |
|
24.05.2015, 23:37
| #4 |
| /// TB-Ausbilder | Windows 8: Ordner werden als shortcut angezeigt, tlw. auch USB-Sticks Servus, werden Ordner immer noch als Shortcut angezeigt? Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
25.05.2015, 00:55
| #5 |
| | Windows 8: Ordner werden als shortcut angezeigt, tlw. auch USB-Sticks Hallo, ja, die Ordner werden immer noch so wie im untenstehenden Fotolink dargestellt: https://plus.google.com/photos/115128392581057048821/albums/6152550836645109201 Nach einem der scans hat sich auch wieder avira antivirus selbst eingeschalten. Hier die Logs: Schritt 1: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.205 - Logfile created 24/05/2015 at 16:52:23
# Updated 21/05/2015 by Xplode
# Database : 2015-05-24.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : eva - ULLI-PC
# Running from : C:\Users\eva\Desktop\AdwCleaner_4.205.exe
# Option : Cleaning
***** [ Services ] *****
[#] Service Deleted : DptfParticipantProcessorService
[#] Service Deleted : DptfPolicyConfigTDPService
***** [ Files / Folders ] *****
Folder Deleted : C:\rei
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Users\eva\AppData\Local\Beamrise
Folder Deleted : C:\Users\eva\AppData\Local\BeamriseUninstall
Folder Deleted : C:\Users\eva\AppData\Local\cool_mirage
Folder Deleted : C:\Users\eva\AppData\Local\genienext
Folder Deleted : C:\Users\eva\AppData\Local\Mobogenie
Folder Deleted : C:\Users\eva\AppData\LocalLow\Delta
Folder Deleted : C:\Users\eva\AppData\LocalLow\IminentToolbar
Folder Deleted : C:\Users\eva\AppData\Roaming\Babylon
Folder Deleted : C:\Users\eva\AppData\Roaming\SuperEasy Software
Folder Deleted : C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd
File Deleted : C:\END
File Deleted : C:\WINDOWS\Reimage.ini
File Deleted : C:\WINDOWS\System32\DptfParticipantProcessorService.exe
File Deleted : C:\WINDOWS\System32\DptfPolicyConfigTDPService.exe
File Deleted : C:\Users\eva\daemonprocess.txt
File Deleted : C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\4qvbq2lp.default\invalidprefs.js
***** [ Scheduled tasks ] *****
Task Deleted : SuperEasyDriverUpdater_UPDATES
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\5b55d888e769b845
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\SuperEasy Software
Key Deleted : HKCU\Software\Appscion
Key Deleted : HKLM\SOFTWARE\SuperEasy Software
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : [x64] HKLM\SOFTWARE\Reimage
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\en.softonic.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.de
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.softonic.de
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v34.0.5 (x86 de)
[4qvbq2lp.default\prefs.js] - Line Deleted : user_pref("iminent.enabledAds", "false");
-\\ Google Chrome v43.0.2357.65
*************************
AdwCleaner[R0].txt - [12090 bytes] - [24/05/2015 16:50:27]
AdwCleaner[S0].txt - [11886 bytes] - [24/05/2015 16:52:23]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11946 bytes] ##########
Schritt 2: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 24-May-15 Suchlauf-Zeit: 4:59:52 PM Logdatei: mbam.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.05.24.03 Rootkit Datenbank: v2015.05.16.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: eva Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 380624 Verstrichene Zeit: 26 Min, 42 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.9 (05.24.2015:1)
OS: Windows 8.1 x64
Ran by eva on 24-May-15 at 17:33:30.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-964893997-1847190727-3478051664-1002
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\SuperEasyDriverUpdaterRunAtStartup
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24-May-15 at 17:35:52.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
Ran by eva (administrator) on ULLI-PC on 24-05-2015 17:37:09
Running from C:\Users\eva\Desktop
Loaded Profiles: eva & (Available Profiles: eva)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-27] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2013-09-09] (Research In Motion Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1533728 2015-02-13] (Seagate Technology LLC)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EPSON_UD_START] => C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UD.exe [536168 2013-05-31] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\Run: [B497FBE558A0E8CF98F7051B1D4699A80CF8D4D0._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-13] (Google Inc.)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-02-13] (Seagate Technology LLC)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\MountPoints2: {9fb8d0ea-fb3a-11e4-bed1-c4850836bb94} - "E:\EMP_UDSe.exe" /autorun
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [B497FBE558A0E8CF98F7051B1D4699A80CF8D4D0._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-13] (Google Inc.)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-02-13] (Seagate Technology LLC)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {9fb8d0ea-fb3a-11e4-bed1-c4850836bb94} - "E:\EMP_UDSe.exe" /autorun
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File not found
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2015-04-08] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [175880 2015-04-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [154256 2015-04-08] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2012-10-08]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-12-30]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2014-03-24]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-05-06] (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2012-11-04] (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553571000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 216.230.147.90 216.230.128.3
FireFox:
========
FF ProfilePath: C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\4qvbq2lp.default
FF SelectedSearchEngine:
FF Homepage: hxxp://www.portal.at/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2014-12-12] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll [2014-12-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-05-06] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2013-11-06] ()
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2012-12-03] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: anonymoX - C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\4qvbq2lp.default\Extensions\client@anonymox.net.xpi [2013-06-25]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-12-30]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-06-24]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
Chrome:
=======
CHR Profile: C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-24]
CHR Extension: (Google Drive) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-24]
CHR Extension: (YouTube) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-24]
CHR Extension: (GeoGebra) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2015-04-08]
CHR Extension: (Google Search) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-24]
CHR Extension: (Bookmark Manager) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-24]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-08-24]
CHR Extension: (Bitdefender QuickScan) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-12-11]
CHR Extension: (Gmail) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-24]
CHR HKU\S-1-5-21-964893997-1847190727-3478051664-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-19] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-19] (Avira Operations GmbH & Co. KG)
S2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-09-09] (Research In Motion Limited) []
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe [157696 2013-05-31] (SEIKO EPSON CORPORATION) []
S2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) []
R2 HPSIService; C:\Windows\system32\HPSIsvc.exe [120832 2011-08-04] (HP) []
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) []
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
S2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) []
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) []
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-13] (Seagate Technology LLC)
S2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-02-13] (Seagate Technology LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-10] (Avira Operations GmbH & Co. KG)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [111104 2015-01-15] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
R3 eppvad_simple; C:\Windows\system32\drivers\EMP_UDAU.sys [23040 2013-05-31] (SEIKO EPSON CORPORATION)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-06-27] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-24 17:35 - 2015-05-24 17:35 - 00000812 _____ () C:\Users\eva\Desktop\JRT.txt
2015-05-24 17:33 - 2015-05-24 17:33 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-ULLI-PC-Windows-8.1-(64-bit).dat
2015-05-24 17:33 - 2015-05-24 17:33 - 00000000 ____D () C:\RegBackup
2015-05-24 17:32 - 2015-05-24 17:32 - 00001197 _____ () C:\Users\eva\Desktop\mbam.txt
2015-05-24 16:49 - 2015-05-24 16:52 - 00000000 ____D () C:\AdwCleaner
2015-05-24 16:46 - 2015-05-24 16:47 - 02945770 _____ (Thisisu) C:\Users\eva\Desktop\JRT.exe
2015-05-24 16:40 - 2015-05-24 16:41 - 02222592 _____ () C:\Users\eva\Desktop\AdwCleaner_4.205.exe
2015-05-24 14:43 - 2015-05-24 14:43 - 00009119 _____ () C:\Users\eva\Desktop\Gmer.txt
2015-05-24 14:36 - 2015-05-24 14:36 - 00380416 _____ () C:\Users\eva\Desktop\Gmer-19357.exe
2015-05-24 14:25 - 2015-05-24 17:37 - 00025605 _____ () C:\Users\eva\Desktop\FRST.txt
2015-05-24 14:25 - 2015-05-24 16:27 - 00045522 _____ () C:\Users\eva\Desktop\Addition.txt
2015-05-24 14:24 - 2015-05-24 17:37 - 00000000 ____D () C:\FRST
2015-05-24 14:23 - 2015-05-24 14:23 - 02108416 _____ (Farbar) C:\Users\eva\Desktop\FRST64.exe
2015-05-24 14:21 - 2015-05-24 14:21 - 00000468 _____ () C:\Users\eva\Desktop\defogger_disable.log
2015-05-24 14:21 - 2015-05-24 14:21 - 00000000 _____ () C:\Users\eva\defogger_reenable
2015-05-24 14:19 - 2015-05-24 14:19 - 00050477 _____ () C:\Users\eva\Desktop\Defogger.exe
2015-05-24 13:14 - 2015-05-24 13:15 - 00003342 ____N () C:\Users\eva\Desktop\ShortcutVirusRemover.bat
2015-05-24 13:01 - 2015-05-24 13:25 - 00000094 ____N () C:\Users\eva\Desktop\removevirus.bat
2015-05-24 09:08 - 2015-05-24 09:08 - 00000320 _____ () C:\WINDOWS\SysWOW64\win_hcleaner.ini
2015-05-24 09:07 - 2015-05-24 09:07 - 00706893 ____N () C:\Users\eva\Desktop\HFV.exe
2015-05-23 23:09 - 2015-05-23 23:09 - 00003700 ____N () C:\WINDOWS\System32\Tasks\eva Merge
2015-05-23 23:09 - 2015-05-23 23:09 - 00003684 ____N () C:\WINDOWS\System32\Tasks\eva
2015-05-23 23:06 - 2015-05-23 23:06 - 00000000 ____D () C:\WINDOWS\LastGood
2015-05-22 07:03 - 2015-05-22 07:03 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard
2015-05-22 07:01 - 2015-05-22 07:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Projector
2015-05-22 07:01 - 2015-05-22 07:01 - 00000000 ____D () C:\Program Files (x86)\EPSON Projector
2015-05-22 07:01 - 2013-05-31 16:33 - 00023040 ____N (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\Drivers\EMP_UDAU.sys
2015-05-22 06:55 - 2015-05-22 06:55 - 00000000 ____N () C:\WINDOWS\system32\Drivers\Msft_Kernel_ax88772_01011.Wdf
2015-05-18 17:43 - 2015-05-18 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia
2015-05-18 17:43 - 2015-05-18 17:43 - 00000000 ____D () C:\ProgramData\Macromedia
2015-05-18 17:43 - 2015-05-18 17:43 - 00000000 ____D () C:\Program Files (x86)\Macromedia
2015-05-18 17:41 - 2015-05-18 17:41 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2015-05-18 17:39 - 2015-05-18 17:56 - 00000000 ____D () C:\Users\eva\Desktop\Macromedia 8
2015-05-16 19:05 - 2015-05-16 19:05 - 00000000 ____D () C:\Users\eva\Documents\ASUS
2015-05-16 19:05 - 2015-05-16 19:05 - 00000000 ____D () C:\ProgramData\ASUS
2015-05-09 13:08 - 2015-05-09 13:08 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2015-05-09 13:08 - 2015-05-09 13:08 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-24 17:12 - 2013-05-28 20:06 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-24 17:02 - 2012-12-30 13:46 - 00000350 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2015-05-24 17:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-24 16:59 - 2014-08-26 06:54 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-24 16:57 - 2014-08-26 06:54 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-24 16:57 - 2014-08-26 06:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-24 16:57 - 2014-08-26 06:53 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-05-24 16:56 - 2015-04-08 18:41 - 00000000 ___RD () C:\Users\eva\Google Drive
2015-05-24 16:56 - 2014-01-14 05:26 - 00000000 ___DO () C:\Users\eva\SkyDrive
2015-05-24 16:54 - 2013-08-22 08:46 - 00389320 _____ () C:\WINDOWS\setupact.log
2015-05-24 16:54 - 2013-05-28 20:06 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-24 16:53 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-24 16:53 - 2013-08-22 07:25 - 01048576 _____ () C:\WINDOWS\system32\config\BBI
2015-05-24 16:52 - 2014-01-14 01:48 - 00000000 ____D () C:\Users\eva
2015-05-24 16:39 - 2014-01-14 01:43 - 01637023 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-24 15:37 - 2013-11-14 01:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-24 15:13 - 2013-02-27 17:18 - 00000000 ____D () C:\Users\eva\AppData\Local\Paint.NET
2015-05-24 15:11 - 2015-02-10 19:43 - 00000000 ____D () C:\Users\eva\Desktop\div_sticks
2015-05-23 23:08 - 2015-01-16 14:49 - 00003480 ____N () C:\WINDOWS\System32\Tasks\eva DBAgent 2 0
2015-05-23 23:05 - 2015-04-19 08:47 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-05-23 23:05 - 2015-04-19 08:47 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-05-23 23:05 - 2013-11-14 01:20 - 00236396 _____ () C:\WINDOWS\PFRO.log
2015-05-23 23:05 - 2013-08-22 08:44 - 00492528 ____N () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-23 19:47 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-23 17:10 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-05-22 06:54 - 2015-04-19 08:45 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2015-05-21 20:34 - 2012-08-04 19:42 - 03497316 _____ () C:\WINDOWS\AsDebug.log
2015-05-21 20:34 - 2012-08-04 19:42 - 00573596 _____ () C:\WINDOWS\AsCDProc.log
2015-05-21 19:47 - 2013-01-07 21:43 - 00123256 ____N () C:\Users\eva\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-20 18:40 - 2013-05-15 06:40 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-19 15:49 - 2014-04-01 07:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-19 15:47 - 2013-03-31 10:07 - 00152744 ____N (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-05-19 15:47 - 2013-03-31 10:07 - 00132120 ____N (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-05-18 17:50 - 2012-12-15 20:00 - 00000000 ____D () C:\Users\eva\AppData\Roaming\Macromedia
2015-05-17 20:07 - 2013-05-28 20:06 - 00003894 ____N () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 20:07 - 2013-05-28 20:06 - 00003658 ____N () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-17 17:32 - 2013-01-09 20:43 - 00000000 ____D () C:\Users\Public\Documents\Personalvertretung
2015-05-16 19:05 - 2012-12-15 19:19 - 00000000 ____D () C:\Users\eva\AppData\Local\ASUS
2015-05-09 13:09 - 2015-04-08 18:39 - 00002060 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-05-09 13:09 - 2015-04-08 18:39 - 00002058 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-05-09 13:09 - 2015-04-08 18:39 - 00002048 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-05-09 13:09 - 2015-04-08 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-03 19:39 - 2012-12-30 11:25 - 00000000 ____D () C:\Users\eva\AppData\Roaming\HpUpdate
==================== Files in the root of some directories =======
2013-01-02 20:14 - 2013-01-02 20:14 - 0000021 ____N () C:\Users\eva\AppData\Roaming\my_intel.sys
2013-09-06 20:07 - 2014-06-02 11:21 - 0001001 ____N () C:\Users\eva\AppData\Roaming\Rim.Desktop.Exception.log
2013-09-06 20:06 - 2013-09-06 20:06 - 0001092 ____N () C:\Users\eva\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-09-06 20:07 - 2014-06-02 11:21 - 0001001 ____N () C:\Users\eva\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-12-15 19:22 - 2015-04-05 15:20 - 0000401 ____N () C:\Users\eva\AppData\Roaming\sp_data.sys
2014-10-04 23:41 - 2014-10-04 23:41 - 0004634 ____N () C:\Users\eva\AppData\Local\recently-used.xbel
2012-12-30 13:37 - 2014-09-23 20:10 - 0005807 _____ () C:\ProgramData\hpzinstall.log
2012-08-04 19:42 - 2012-07-30 00:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-04 19:42 - 2009-07-22 04:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
Some files in TEMP:
====================
C:\Users\eva\AppData\Local\Temp\avgnt.exe
C:\Users\eva\AppData\Local\Temp\Quarantine.exe
C:\Users\eva\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-23 23:56
==================== End of log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
Ran by eva at 2015-05-24 17:37:44
Running from C:\Users\eva\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-964893997-1847190727-3478051664-500 - Administrator - Disabled)
eva (S-1-5-21-964893997-1847190727-3478051664-1002 - Administrator - Enabled) => C:\Users\eva
Guest (S-1-5-21-964893997-1847190727-3478051664-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research in Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research in Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM-x32\...\{334147DC-B3C8-4626-A985-4AEA8A36DAB6}) (Version: 8.0.0.41 - Research In Motion Ltd)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CoffeeCup Free HTML Editor (HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\CoffeeCup Free HTML Editor) (Version: - )
CoffeeCup Free HTML Editor (HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\CoffeeCup Free HTML Editor) (Version: - )
D110 (x32 Version: 140.0.353.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
Epson USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.62.000 - SEIKO EPSON CORPORATION)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GeoGebra (HKLM-x32\...\GeoGebra) (Version: 4.0.30.0 - International GeoGebra Institute)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP LaserJet Professional CP1020 Series (HKLM-x32\...\{F2918DE9-8F79-44c8-85D8-CAD1245B95D3}) (Version: - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP Photo Creations Powered by RocketLife)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{A5E2418D-B360-419D-AAAD-0D8F2E98FBF6}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPLaserJetHelp_LearnCenter (HKLM-x32\...\{66012C7F-D4FD-4C8D-8FBA-D0A680B1C149}) (Version: 1.02.0000 - Hewlett-Packard)
HPLJUT (x32 Version: 1.00.0012 - HP) Hidden
hppCP1020LaserJetService (x32 Version: 001.008.00477 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 002.015.00599 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: - )
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Logitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech)
Macromedia Dreamweaver 8 (HKLM-x32\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (Version: 8.0.0.2734 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.365.000 - Hewlett-Packard) Hidden
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6710 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.0.1902.0 - Seagate)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - )
SUPER © Version 2010.bld.37 (Jan 2, 2010) (HKLM-x32\...\SUPER ©) (Version: Version 2010.bld.37 (Jan 2, 2010) - eRightSoft)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
04-05-2015 20:11:22 Scheduled Checkpoint
13-05-2015 17:43:42 Scheduled Checkpoint
18-05-2015 17:43:07 Installed Macromedia Dreamweaver 8
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {023417BE-10B3-4661-BD22-B8CF42195E3C} - System32\Tasks\{AB276CEB-C1A2-4370-99E9-903C8E7626F1} => Chrome.exe hxxp://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsMain
Task: {036BBF42-E7E6-4608-A51C-2BFD0973F31F} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-02-13] (Seagate Technology LLC)
Task: {04D3D92E-0BDE-45CB-9121-030F9E2A28F6} - System32\Tasks\{0E7401C2-FC9C-41EB-8F4D-27299929021B} => pcalua.exe -a C:\Users\eva\AppData\Local\BeamriseUninstall\Bootstrapper{1.4BR2gpTP.100}.exe -c uninstall –slot=1 –bagKey=yikAakHwZJ8U
Task: {11F247F4-96AE-42BC-AC9C-D0EA67929A1C} - \SuperEasyDriverUpdaterRunAtStartup No Task File <==== ATTENTION
Task: {18E683ED-5BC5-4276-AB05-6D1EB05A0B5F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1D189FBA-F98A-4916-B000-CCE4E9337DCA} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {23131080-1C79-41EA-8A08-0CDFFDB01746} - System32\Tasks\eva Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-02-13] (Seagate Technology LLC)
Task: {245749BD-F7E4-4E88-9E8F-F8AD903DCEDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28] (Google Inc.)
Task: {35656B35-E85E-4C6A-9B8D-5EC52D675717} - System32\Tasks\eva => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-02-13] (Seagate Technology LLC)
Task: {42DBDD1E-4E71-4A40-B3E9-EA0FE0E7E87C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {5634D503-D8D5-4A9F-8C32-6B892A801A72} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {5AE3412E-FE4F-4321-9757-2564CB7BB64B} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22] (Hewlett Packard)
Task: {60F4703E-DEC6-415F-9332-D7F342331CE8} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {66ECB3A6-E689-424E-8C2A-A59EAADE18C6} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {706EF7A2-97FB-416C-A1DC-4FAB69D9C5CE} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2012-12-30] ()
Task: {8876534E-C15B-4F96-991D-8D05A6ADDF35} - System32\Tasks\eva DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2015-02-13] (Seagate Technology LLC)
Task: {8B2368B4-6ABD-4F21-909D-A0996E083497} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28] (Google Inc.)
Task: {8BCE6D0F-FFC3-4D84-87B2-DB3B19E62F7E} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {8FFF57FB-7441-4151-9599-D9BB58C58C95} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {98594AE4-B71D-45C6-9755-4CA12EFD2519} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {9BDDAB86-5729-4122-AE5B-209977814EDD} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {A72EB1D4-0D6B-497D-B8C7-A8C125929275} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {BC3C2220-EDBD-4A5F-814B-F6D3753B57DE} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {C41A826B-0CD1-4A6E-A06F-E8CE4A1D08E7} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {CA563CBE-3913-4085-B26B-F7E803503895} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {CDC0FE9F-6CB9-4A2E-B92A-23840B25F391} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {E419F02F-4791-4CFC-8C44-8E3B2236F936} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {F5B24804-A0D0-462A-9B9E-ABADD3ECA290} - \Optimize Start Menu Cache Files-S-1-5-21-964893997-1847190727-3478051664-1002 No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
==================== Loaded Modules (Whitelisted) ==============
2012-12-24 06:53 - 2012-12-24 06:53 - 00129024 ____N () C:\WINDOWS\System32\HPCP1020LM.DLL
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-22 12:14 - 2015-05-13 10:48 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libglesv2.dll
2015-05-22 12:14 - 2015-05-13 10:48 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libegl.dll
2015-05-22 12:14 - 2015-05-13 10:48 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\eva\SkyDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\eva\Pictures\2013\Hawaii 0613\DSCN4234.JPG
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\eva\Pictures\2013\Hawaii 0613\DSCN4234.JPG
DNS Servers: 216.230.147.90 - 216.230.128.3
==================== MSCONFIG/TASK MANAGER Error getting ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "AsusVibeLauncher.lnk"
HKLM\...\StartupApproved\Run: => "ACMON"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "DBAgent"
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\StartupApproved\Run: => "Uploader"
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-964893997-1847190727-3478051664-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Uploader"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D8DAD5D1-1F06-4852-BB73-7B4278961884}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{3EACD543-70F3-4831-8C2A-A380D71DDC7E}] => (Allow) LPort=4482
FirewallRules: [{9D23796F-42F7-4D51-A623-9ADB51FD7F94}] => (Allow) LPort=4482
FirewallRules: [{B50E7D48-D4A5-430C-BAA2-EA6E3548AEEE}] => (Allow) LPort=4481
FirewallRules: [{4EFF1B9B-0D5A-4DA5-9858-15F30BDECB06}] => (Allow) LPort=4481
FirewallRules: [{D1D4F05A-9B5E-4254-A67A-9EDBA99DD92B}] => (Allow) C:\Program Files (x86)\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{B3275FE2-402E-4974-9F15-DF7FBD9392C8}] => (Allow) C:\Program Files (x86)\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{EF2F7E10-DC3E-44DD-AC06-962107218977}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{7FB06B69-0145-457B-8515-95E4D7928483}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{8379195E-12BE-415A-9270-E058B0D1855C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{B160BA9B-350A-4FC2-8466-A11CC0A637C9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{4E9632B1-8A9F-47E6-A4B7-022DC04B15B2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{9762F22F-037D-4546-8872-0D88C5F935CE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{D1D5CEDE-3A4C-45BA-AD94-52077F44A01D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{33A33B8C-30EF-4177-9261-35E4042FE61E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{EE3DB352-4315-4A5C-A829-00F796B30733}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{4331D622-2D3A-4EC7-B751-7331269EEEE8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{57A47C89-72FC-46BD-BFDB-5A8564569EBB}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\services\windows-x86-skypekit.exe
FirewallRules: [{4CD96E01-16D9-4C23-87A8-B670171E6A56}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\services\windows-x86-skypekit.exe
FirewallRules: [{291BA644-B436-4523-AF44-22CB31EC0BAC}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\windows-x86-skypekit.exe
FirewallRules: [{5762DD5A-3C03-4DB4-B103-661F078C9601}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\windows-x86-skypekit.exe
FirewallRules: [{8065A733-1D14-4A1B-B773-C3DD2B511F97}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3BEFD9F0-1099-47BC-A19D-4199F29A289A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CDF323BF-A11E-4503-A2B8-ED5296601115}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{6662D437-18BE-4DCA-96DF-5DAB086DD99A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E2B64105-2A35-44FC-9946-5DEC1FB95B60}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{51EF41A7-BAB2-4ACE-80F3-7DDD43199D4E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7A1A014E-F774-4294-8F84-CD9F4E21ACA4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CDA3D6A8-9DC3-459D-AB67-F629FA6B2862}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{68685F20-7A9E-455A-9E43-07C7E29E042D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F82D61C3-001D-4360-85AF-AF4AA8FE604B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D2DA6547-A1CB-4607-A8D7-B23ABF94D077}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{14DF9E15-01E9-4FEE-8070-5970F2696559}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{7FDE5B33-7032-495B-B7B5-CDC1706EC7D3}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{699861EE-6C4D-40DE-997F-F6C10787E2E0}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{953C0655-4803-4F56-BD0E-6C3C913A0C80}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{1A6AED7F-F488-410A-8F4D-FA4A6FDBAC8C}] => (Allow) E:\Installer\hpbcsiInstaller.exe
FirewallRules: [{B361681B-84A6-4C81-9CC7-34AB4833A203}] => (Allow) E:\Installer\hpbcsiInstaller.exe
FirewallRules: [TCP Query User{396CA64A-FEE5-4575-B62D-39F8D5FFBBFF}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{2077040E-1322-4757-AA02-686BCE692B81}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{14E60836-010F-4724-88AD-13634D3F1C52}] => (Allow) LPort=8888
FirewallRules: [{445249C1-BBAC-4BA9-ACFA-3ADF41817C57}] => (Allow) LPort=8888
FirewallRules: [{42CA0C55-D77A-4BFA-9A3F-865326466217}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP Color LaserJet CM2320nf MFP
Description: HP Color LaserJet CM2320nf MFP
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/24/2015 08:55:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: googledrivesync.exe, version: 1.21.9226.6034, time stamp: 0x509418e4
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c846bb
Exception code: 0xc0000005
Fault offset: 0x00041eee
Faulting process id: 0x1a6c
Faulting application start time: 0xgoogledrivesync.exe0
Faulting application path: googledrivesync.exe1
Faulting module path: googledrivesync.exe2
Report Id: googledrivesync.exe3
Faulting package full name: googledrivesync.exe4
Faulting package-relative application ID: googledrivesync.exe5
Error: (05/24/2015 08:55:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6500
Error: (05/24/2015 08:55:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6500
Error: (05/24/2015 08:55:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/24/2015 07:51:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.3.9600.17415, time stamp: 0x545045a2
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c846bb
Exception code: 0xc0000005
Fault offset: 0x00027fb3
Faulting process id: 0x1284
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5
Error: (05/24/2015 05:39:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.3.9600.17415, time stamp: 0x545045a2
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c846bb
Exception code: 0xc0000005
Fault offset: 0x00027fb3
Faulting process id: 0x104c
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5
Error: (05/24/2015 00:33:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3437
Error: (05/24/2015 00:33:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3437
Error: (05/24/2015 00:33:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/24/2015 00:33:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2328
System errors:
=============
Error: (05/24/2015 05:33:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).
Error: (05/24/2015 05:33:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) ME Service service terminated unexpectedly. It has done this 1 time(s).
Error: (05/24/2015 05:33:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (05/24/2015 05:33:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Centrino® Wireless Bluetooth® + High Speed Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (05/24/2015 05:33:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlackBerry Device Manager service terminated unexpectedly. It has done this 1 time(s).
Error: (05/24/2015 05:33:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bluetooth OBEX Service service terminated unexpectedly. It has done this 1 time(s).
Error: (05/24/2015 05:33:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) PROSet/Wireless Zero Configuration Service service terminated unexpectedly. It has done this 1 time(s).
Error: (05/24/2015 05:33:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Seagate MobileBackup Service service terminated unexpectedly. It has done this 1 time(s).
Error: (05/24/2015 05:33:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
Error: (05/24/2015 05:33:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s).
Microsoft Office:
=========================
Error: (09/07/2014 00:21:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3887 seconds with 3360 seconds of active time. This session ended with a crash.
Error: (08/06/2014 06:52:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5469 seconds with 2760 seconds of active time. This session ended with a crash.
Error: (07/02/2014 07:05:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1546 seconds with 1320 seconds of active time. This session ended with a crash.
Error: (01/27/2014 05:12:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 679 seconds with 660 seconds of active time. This session ended with a crash.
Error: (08/25/2013 00:34:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 563 seconds with 420 seconds of active time. This session ended with a crash.
Error: (05/20/2013 04:14:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1123 seconds with 360 seconds of active time. This session ended with a crash.
Error: (04/19/2013 03:13:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 34 seconds with 0 seconds of active time. This session ended with a crash.
Error: (04/19/2013 03:12:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2672 seconds with 1200 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3517U CPU @ 1.90GHz
Percentage of memory in use: 45%
Total physical RAM: 6029.56 MB
Available physical RAM: 3267.35 MB
Total Pagefile: 7181.56 MB
Available Pagefile: 4135.56 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:78.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:258.45 GB) (Free:258.33 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4F359092)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: 41B54F21)
Partition: GPT Partition Type.
==================== End of log ============================
Code:
ATTFilter
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787
|
|
25.05.2015, 11:55
| #6 |
| /// TB-Ausbilder | Windows 8: Ordner werden als shortcut angezeigt, tlw. auch USB-Sticks Servus, Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\MountPoints2: {9fb8d0ea-fb3a-11e4-bed1-c4850836bb94} - "E:\EMP_UDSe.exe" /autorun
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File not found
FF SelectedSearchEngine:
Task: {04D3D92E-0BDE-45CB-9121-030F9E2A28F6} - System32\Tasks\{0E7401C2-FC9C-41EB-8F4D-27299929021B} => pcalua.exe -a C:\Users\eva\AppData\Local\BeamriseUninstall\Bootstrapper{1.4BR2gpTP.100}.exe -c uninstall –slot=1 –bagKey=yikAakHwZJ8U
Task: {11F247F4-96AE-42BC-AC9C-D0EA67929A1C} - \SuperEasyDriverUpdaterRunAtStartup No Task File <==== ATTENTION
Task: {F5B24804-A0D0-462A-9B9E-ABADD3ECA290} - \Optimize Start Menu Cache Files-S-1-5-21-964893997-1847190727-3478051664-1002 No Task File <==== ATTENTION
FirewallRules: [{57A47C89-72FC-46BD-BFDB-5A8564569EBB}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\services\windows-x86-skypekit.exe
FirewallRules: [{4CD96E01-16D9-4C23-87A8-B670171E6A56}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\services\windows-x86-skypekit.exe
FirewallRules: [{291BA644-B436-4523-AF44-22CB31EC0BAC}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\windows-x86-skypekit.exe
FirewallRules: [{5762DD5A-3C03-4DB4-B103-661F078C9601}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\windows-x86-skypekit.exe
RemoveProxy:
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.
Schritt 3
Schritt 4
Schritt 5 Downloade dir Microsoft's Fix-It auf den Desktop, führe das Tool aus, folge den Anweisungen und starte deinen Rechner im Abschluss neu auf. Bitte poste mit deiner nächsten Antwort
|
|
25.05.2015, 12:58
| #7 |
| | Windows 8: Ordner werden als shortcut angezeigt, tlw. auch USB-Sticks Guten Morgen (hier ist es 5:50)! Hier die Logs, ich werde erst wieder in etwa 7 Stunden auf diesem Rechner sein, muss in die Arbeit. Schritt 1: Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
Ran by eva at 2015-05-25 05:23:17 Run:2
Running from C:\Users\eva\Desktop
Loaded Profiles: eva (Available Profiles: eva)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\MountPoints2: {9fb8d0ea-fb3a-11e4-bed1-c4850836bb94} - "E:\EMP_UDSe.exe" /autorun
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File not found
FF SelectedSearchEngine:
Task: {04D3D92E-0BDE-45CB-9121-030F9E2A28F6} - System32\Tasks\{0E7401C2-FC9C-41EB-8F4D-27299929021B} => pcalua.exe -a C:\Users\eva\AppData\Local\BeamriseUninstall\Bootstrapper{1.4BR2gpTP.100}.exe -c uninstall –slot=1 –bagKey=yikAakHwZJ8U
Task: {11F247F4-96AE-42BC-AC9C-D0EA67929A1C} - \SuperEasyDriverUpdaterRunAtStartup No Task File <==== ATTENTION
Task: {F5B24804-A0D0-462A-9B9E-ABADD3ECA290} - \Optimize Start Menu Cache Files-S-1-5-21-964893997-1847190727-3478051664-1002 No Task File <==== ATTENTION
FirewallRules: [{57A47C89-72FC-46BD-BFDB-5A8564569EBB}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\services\windows-x86-skypekit.exe
FirewallRules: [{4CD96E01-16D9-4C23-87A8-B670171E6A56}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\services\windows-x86-skypekit.exe
FirewallRules: [{291BA644-B436-4523-AF44-22CB31EC0BAC}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\windows-x86-skypekit.exe
FirewallRules: [{5762DD5A-3C03-4DB4-B103-661F078C9601}] => (Allow) C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\windows-x86-skypekit.exe
RemoveProxy:
EmptyTemp:
end
*****************
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value Removed successfully
"HKU\S-1-5-21-964893997-1847190727-3478051664-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fb8d0ea-fb3a-11e4-bed1-c4850836bb94}" => key Removed successfully
HKCR\CLSID\{9fb8d0ea-fb3a-11e4-bed1-c4850836bb94} => key not found.
"C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL" => value data Removed successfully.
Firefox SelectedSearchEngine Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04D3D92E-0BDE-45CB-9121-030F9E2A28F6}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04D3D92E-0BDE-45CB-9121-030F9E2A28F6}" => key Removed successfully
C:\Windows\System32\Tasks\{0E7401C2-FC9C-41EB-8F4D-27299929021B} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0E7401C2-FC9C-41EB-8F4D-27299929021B}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{11F247F4-96AE-42BC-AC9C-D0EA67929A1C}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11F247F4-96AE-42BC-AC9C-D0EA67929A1C}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SuperEasyDriverUpdaterRunAtStartup" => key Removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5B24804-A0D0-462A-9B9E-ABADD3ECA290} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-964893997-1847190727-3478051664-1002" => key Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{57A47C89-72FC-46BD-BFDB-5A8564569EBB} => value Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4CD96E01-16D9-4C23-87A8-B670171E6A56} => value Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{291BA644-B436-4523-AF44-22CB31EC0BAC} => value Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5762DD5A-3C03-4DB4-B103-661F078C9601} => value Removed successfully
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
========= End of RemoveProxy: =========
EmptyTemp: => Removed 212.1 MB temporary data.
The system needed a reboot.
==== End of Fixlog 05:23:35 ====
Code:
ATTFilter Shortcut Cleaner 1.3.8 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/
Windows Version: Windows 8.1
Program started at: 05/25/2015 05:28:58 AM.
Scanning for registry hijacks:
* No issues found in the Registry.
Searching for Hijacked Shortcuts:
Searching C:\Users\eva\AppData\Roaming\Microsoft\Windows\Start Menu\
Searching C:\ProgramData\Microsoft\Windows\Start Menu\
Searching C:\Users\eva\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
Searching C:\Users\Public\Desktop\
Searching C:\Users\eva\Desktop\
Searching C:\Users\Public\Desktop\
0 bad shortcuts found.
Program finished at: 05/25/2015 05:29:39 AM
Execution time: 0 hours(s), 0 minute(s), and 40 seconds(s)
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
Ran by eva (administrator) on ULLI-PC on 25-05-2015 05:30:31
Running from C:\Users\eva\Desktop
Loaded Profiles: eva (Available Profiles: eva)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
() C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-27] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2013-09-09] (Research In Motion Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1533728 2015-04-01] (Seagate Technology LLC)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EPSON_UD_START] => C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UD.exe [536168 2013-05-31] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\Run: [B497FBE558A0E8CF98F7051B1D4699A80CF8D4D0._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-13] (Google Inc.)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-04-01] (Seagate Technology LLC)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2015-04-08] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [175880 2015-04-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [154256 2015-04-08] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2012-10-08]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-12-30]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2014-03-24]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-05-06] (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2012-11-04] (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553571000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\4qvbq2lp.default
FF Homepage: hxxp://www.portal.at/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2014-12-12] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll [2014-12-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-05-06] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2013-11-06] ()
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2012-12-03] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: anonymoX - C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\4qvbq2lp.default\Extensions\client@anonymox.net.xpi [2013-06-25]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-12-30]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-06-24]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
Chrome:
=======
CHR Profile: C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-24]
CHR Extension: (Google Drive) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-24]
CHR Extension: (YouTube) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-24]
CHR Extension: (GeoGebra) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2015-04-08]
CHR Extension: (Google Search) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-24]
CHR Extension: (Bookmark Manager) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-24]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-08-24]
CHR Extension: (Bitdefender QuickScan) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-12-11]
CHR Extension: (Gmail) - C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-24]
CHR HKU\S-1-5-21-964893997-1847190727-3478051664-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-19] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-09-09] (Research In Motion Limited) []
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe [157696 2013-05-31] (SEIKO EPSON CORPORATION) []
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) []
R2 HPSIService; C:\Windows\system32\HPSIsvc.exe [120832 2011-08-04] (HP) []
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) []
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
R3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) []
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) []
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-13] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-04-01] (Seagate Technology LLC)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-10] (Avira Operations GmbH & Co. KG)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [111104 2015-01-15] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
R3 eppvad_simple; C:\Windows\system32\drivers\EMP_UDAU.sys [23040 2013-05-31] (SEIKO EPSON CORPORATION)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-06-27] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-25 05:28 - 2015-05-25 05:29 - 00001814 _____ () C:\Users\eva\Desktop\sc-cleaner.txt
2015-05-25 05:28 - 2015-05-25 05:28 - 00463688 _____ (Bleeping Computer, LLC) C:\Users\eva\Desktop\sc-cleaner.exe
2015-05-24 19:41 - 2015-05-25 05:30 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-964893997-1847190727-3478051664-1002
2015-05-24 19:27 - 2015-03-03 07:17 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-05-24 17:35 - 2015-05-24 17:35 - 00000812 _____ () C:\Users\eva\Desktop\JRT.txt
2015-05-24 17:33 - 2015-05-24 17:33 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-ULLI-PC-Windows-8.1-(64-bit).dat
2015-05-24 17:33 - 2015-05-24 17:33 - 00000000 ____D () C:\RegBackup
2015-05-24 17:32 - 2015-05-24 17:32 - 00001197 _____ () C:\Users\eva\Desktop\mbam.txt
2015-05-24 16:49 - 2015-05-24 16:52 - 00000000 ____D () C:\AdwCleaner
2015-05-24 16:46 - 2015-05-24 16:47 - 02945770 _____ (Thisisu) C:\Users\eva\Desktop\JRT.exe
2015-05-24 16:40 - 2015-05-24 16:41 - 02222592 _____ () C:\Users\eva\Desktop\AdwCleaner_4.205.exe
2015-05-24 14:43 - 2015-05-24 14:43 - 00009119 _____ () C:\Users\eva\Desktop\Gmer.txt
2015-05-24 14:36 - 2015-05-24 14:36 - 00380416 _____ () C:\Users\eva\Desktop\Gmer-19357.exe
2015-05-24 14:25 - 2015-05-25 05:31 - 00028310 _____ () C:\Users\eva\Desktop\FRST.txt
2015-05-24 14:25 - 2015-05-24 17:38 - 00040945 _____ () C:\Users\eva\Desktop\Addition.txt
2015-05-24 14:24 - 2015-05-25 05:30 - 00000000 ____D () C:\FRST
2015-05-24 14:23 - 2015-05-24 14:23 - 02108416 _____ (Farbar) C:\Users\eva\Desktop\FRST64.exe
2015-05-24 14:21 - 2015-05-24 14:21 - 00000468 _____ () C:\Users\eva\Desktop\defogger_disable.log
2015-05-24 14:21 - 2015-05-24 14:21 - 00000000 _____ () C:\Users\eva\defogger_reenable
2015-05-24 14:19 - 2015-05-24 14:19 - 00050477 _____ () C:\Users\eva\Desktop\Defogger.exe
2015-05-24 13:14 - 2015-05-24 13:15 - 00003342 ____N () C:\Users\eva\Desktop\ShortcutVirusRemover.bat
2015-05-24 13:01 - 2015-05-24 13:25 - 00000094 ____N () C:\Users\eva\Desktop\removevirus.bat
2015-05-24 09:08 - 2015-05-24 09:08 - 00000320 _____ () C:\WINDOWS\SysWOW64\win_hcleaner.ini
2015-05-24 09:07 - 2015-05-24 09:07 - 00706893 ____N () C:\Users\eva\Desktop\HFV.exe
2015-05-23 23:09 - 2015-05-23 23:09 - 00003700 ____N () C:\WINDOWS\System32\Tasks\eva Merge
2015-05-23 23:09 - 2015-05-23 23:09 - 00003684 ____N () C:\WINDOWS\System32\Tasks\eva
2015-05-23 23:06 - 2015-05-23 23:06 - 00000000 ____D () C:\WINDOWS\LastGood
2015-05-22 07:03 - 2015-05-22 07:03 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard
2015-05-22 07:01 - 2015-05-22 07:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Projector
2015-05-22 07:01 - 2015-05-22 07:01 - 00000000 ____D () C:\Program Files (x86)\EPSON Projector
2015-05-22 07:01 - 2013-05-31 16:33 - 00023040 ____N (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\Drivers\EMP_UDAU.sys
2015-05-22 06:55 - 2015-05-22 06:55 - 00000000 ____N () C:\WINDOWS\system32\Drivers\Msft_Kernel_ax88772_01011.Wdf
2015-05-18 17:43 - 2015-05-18 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia
2015-05-18 17:43 - 2015-05-18 17:43 - 00000000 ____D () C:\ProgramData\Macromedia
2015-05-18 17:43 - 2015-05-18 17:43 - 00000000 ____D () C:\Program Files (x86)\Macromedia
2015-05-18 17:41 - 2015-05-18 17:41 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2015-05-18 17:39 - 2015-05-18 17:56 - 00000000 ____D () C:\Users\eva\Desktop\Macromedia 8
2015-05-16 19:05 - 2015-05-16 19:05 - 00000000 ____D () C:\Users\eva\Documents\ASUS
2015-05-16 19:05 - 2015-05-16 19:05 - 00000000 ____D () C:\ProgramData\ASUS
2015-05-09 13:08 - 2015-05-09 13:08 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2015-05-09 13:08 - 2015-05-09 13:08 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-25 05:26 - 2015-04-08 18:41 - 00000000 ___RD () C:\Users\eva\Google Drive
2015-05-25 05:25 - 2014-01-14 05:26 - 00000000 ___DO () C:\Users\eva\SkyDrive
2015-05-25 05:25 - 2013-05-28 20:06 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-25 05:24 - 2013-08-22 08:46 - 00389782 _____ () C:\WINDOWS\setupact.log
2015-05-25 05:24 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-25 05:23 - 2014-01-14 01:43 - 01822751 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-25 05:23 - 2013-08-22 07:25 - 01048576 _____ () C:\WINDOWS\system32\config\BBI
2015-05-25 05:12 - 2013-05-28 20:06 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-25 05:02 - 2012-12-30 13:46 - 00000350 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2015-05-25 05:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-24 20:28 - 2013-11-14 01:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-24 19:37 - 2015-01-16 14:49 - 00003480 _____ () C:\WINDOWS\System32\Tasks\eva DBAgent 2 0
2015-05-24 19:37 - 2015-01-16 14:48 - 00003492 _____ () C:\WINDOWS\System32\Tasks\Seagate_Install_Launch
2015-05-24 19:36 - 2015-03-03 20:52 - 00002733 _____ () C:\Users\Public\Desktop\Seagate Dashboard.lnk
2015-05-24 19:36 - 2015-03-03 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2015-05-24 19:28 - 2013-08-22 07:25 - 00262144 _____ () C:\WINDOWS\system32\config\ELAM
2015-05-24 16:59 - 2014-08-26 06:54 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-24 16:57 - 2014-08-26 06:54 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-24 16:57 - 2014-08-26 06:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-24 16:57 - 2014-08-26 06:53 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-05-24 16:52 - 2014-01-14 01:48 - 00000000 ____D () C:\Users\eva
2015-05-24 15:13 - 2013-02-27 17:18 - 00000000 ____D () C:\Users\eva\AppData\Local\Paint.NET
2015-05-24 15:11 - 2015-02-10 19:43 - 00000000 ____D () C:\Users\eva\Desktop\div_sticks
2015-05-23 23:05 - 2015-04-19 08:47 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-05-23 23:05 - 2015-04-19 08:47 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-05-23 23:05 - 2013-11-14 01:20 - 00236396 _____ () C:\WINDOWS\PFRO.log
2015-05-23 23:05 - 2013-08-22 08:44 - 00492528 ____N () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-23 19:47 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-23 17:10 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-05-22 06:54 - 2015-04-19 08:45 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2015-05-21 20:34 - 2012-08-04 19:42 - 03497316 _____ () C:\WINDOWS\AsDebug.log
2015-05-21 20:34 - 2012-08-04 19:42 - 00573596 _____ () C:\WINDOWS\AsCDProc.log
2015-05-21 19:47 - 2013-01-07 21:43 - 00123256 ____N () C:\Users\eva\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-20 18:40 - 2013-05-15 06:40 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-19 15:49 - 2014-04-01 07:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-19 15:47 - 2013-03-31 10:07 - 00152744 ____N (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-05-19 15:47 - 2013-03-31 10:07 - 00132120 ____N (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-05-18 17:50 - 2012-12-15 20:00 - 00000000 ____D () C:\Users\eva\AppData\Roaming\Macromedia
2015-05-17 20:07 - 2013-05-28 20:06 - 00003894 ____N () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 20:07 - 2013-05-28 20:06 - 00003658 ____N () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-17 17:32 - 2013-01-09 20:43 - 00000000 ____D () C:\Users\Public\Documents\Personalvertretung
2015-05-16 19:05 - 2012-12-15 19:19 - 00000000 ____D () C:\Users\eva\AppData\Local\ASUS
2015-05-09 13:09 - 2015-04-08 18:39 - 00002060 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-05-09 13:09 - 2015-04-08 18:39 - 00002058 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-05-09 13:09 - 2015-04-08 18:39 - 00002048 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-05-09 13:09 - 2015-04-08 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-03 19:39 - 2012-12-30 11:25 - 00000000 ____D () C:\Users\eva\AppData\Roaming\HpUpdate
==================== Files in the root of some directories =======
2013-01-02 20:14 - 2013-01-02 20:14 - 0000021 ____N () C:\Users\eva\AppData\Roaming\my_intel.sys
2013-09-06 20:07 - 2014-06-02 11:21 - 0001001 ____N () C:\Users\eva\AppData\Roaming\Rim.Desktop.Exception.log
2013-09-06 20:06 - 2013-09-06 20:06 - 0001092 ____N () C:\Users\eva\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-09-06 20:07 - 2014-06-02 11:21 - 0001001 ____N () C:\Users\eva\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-12-15 19:22 - 2015-04-05 15:20 - 0000401 ____N () C:\Users\eva\AppData\Roaming\sp_data.sys
2014-10-04 23:41 - 2014-10-04 23:41 - 0004634 ____N () C:\Users\eva\AppData\Local\recently-used.xbel
2012-12-30 13:37 - 2014-09-23 20:10 - 0005807 _____ () C:\ProgramData\hpzinstall.log
2012-08-04 19:42 - 2012-07-30 00:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-04 19:42 - 2009-07-22 04:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
Some files in TEMP:
====================
C:\Users\eva\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-23 23:56
==================== End of log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
Ran by eva at 2015-05-25 05:32:39
Running from C:\Users\eva\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-964893997-1847190727-3478051664-500 - Administrator - Disabled)
eva (S-1-5-21-964893997-1847190727-3478051664-1002 - Administrator - Enabled) => C:\Users\eva
Guest (S-1-5-21-964893997-1847190727-3478051664-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research in Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research in Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM-x32\...\{334147DC-B3C8-4626-A985-4AEA8A36DAB6}) (Version: 8.0.0.41 - Research In Motion Ltd)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CoffeeCup Free HTML Editor (HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\CoffeeCup Free HTML Editor) (Version: - )
D110 (x32 Version: 140.0.353.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
Epson USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.62.000 - SEIKO EPSON CORPORATION)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GeoGebra (HKLM-x32\...\GeoGebra) (Version: 4.0.30.0 - International GeoGebra Institute)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP LaserJet Professional CP1020 Series (HKLM-x32\...\{F2918DE9-8F79-44c8-85D8-CAD1245B95D3}) (Version: - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP Photo Creations Powered by RocketLife)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{A5E2418D-B360-419D-AAAD-0D8F2E98FBF6}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPLaserJetHelp_LearnCenter (HKLM-x32\...\{66012C7F-D4FD-4C8D-8FBA-D0A680B1C149}) (Version: 1.02.0000 - Hewlett-Packard)
HPLJUT (x32 Version: 1.00.0012 - HP) Hidden
hppCP1020LaserJetService (x32 Version: 001.008.00477 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 002.015.00599 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: - )
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Logitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech)
Macromedia Dreamweaver 8 (HKLM-x32\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (Version: 8.0.0.2734 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.365.000 - Hewlett-Packard) Hidden
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6710 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.0.2102.0 - Seagate)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - )
SUPER © Version 2010.bld.37 (Jan 2, 2010) (HKLM-x32\...\SUPER ©) (Version: Version 2010.bld.37 (Jan 2, 2010) - eRightSoft)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
04-05-2015 20:11:22 Scheduled Checkpoint
13-05-2015 17:43:42 Scheduled Checkpoint
18-05-2015 17:43:07 Installed Macromedia Dreamweaver 8
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {023417BE-10B3-4661-BD22-B8CF42195E3C} - System32\Tasks\{AB276CEB-C1A2-4370-99E9-903C8E7626F1} => Chrome.exe hxxp://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsMain
Task: {18E683ED-5BC5-4276-AB05-6D1EB05A0B5F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1D189FBA-F98A-4916-B000-CCE4E9337DCA} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {23131080-1C79-41EA-8A08-0CDFFDB01746} - System32\Tasks\eva Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-04-01] (Seagate Technology LLC)
Task: {245749BD-F7E4-4E88-9E8F-F8AD903DCEDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28] (Google Inc.)
Task: {35656B35-E85E-4C6A-9B8D-5EC52D675717} - System32\Tasks\eva => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-04-01] (Seagate Technology LLC)
Task: {42DBDD1E-4E71-4A40-B3E9-EA0FE0E7E87C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {5634D503-D8D5-4A9F-8C32-6B892A801A72} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {5AE3412E-FE4F-4321-9757-2564CB7BB64B} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22] (Hewlett Packard)
Task: {60F4703E-DEC6-415F-9332-D7F342331CE8} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {66ECB3A6-E689-424E-8C2A-A59EAADE18C6} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {68DB1BFC-BA28-46E4-9A47-047A6A2DB973} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-04-01] (Seagate Technology LLC)
Task: {706EF7A2-97FB-416C-A1DC-4FAB69D9C5CE} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2012-12-30] ()
Task: {8B2368B4-6ABD-4F21-909D-A0996E083497} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28] (Google Inc.)
Task: {8BCE6D0F-FFC3-4D84-87B2-DB3B19E62F7E} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {8FFF57FB-7441-4151-9599-D9BB58C58C95} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {97298B33-8DF3-487A-B6C5-AEEF56116F4E} - System32\Tasks\eva DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2015-04-01] (Seagate Technology LLC)
Task: {98594AE4-B71D-45C6-9755-4CA12EFD2519} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {9BDDAB86-5729-4122-AE5B-209977814EDD} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {A72EB1D4-0D6B-497D-B8C7-A8C125929275} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {BC3C2220-EDBD-4A5F-814B-F6D3753B57DE} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {C41A826B-0CD1-4A6E-A06F-E8CE4A1D08E7} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {CA563CBE-3913-4085-B26B-F7E803503895} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {CDC0FE9F-6CB9-4A2E-B92A-23840B25F391} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {E419F02F-4791-4CFC-8C44-8E3B2236F936} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
==================== Loaded Modules (Whitelisted) ==============
2014-01-14 01:43 - 2015-04-08 15:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-12-24 06:53 - 2012-12-24 06:53 - 00129024 ____N () C:\WINDOWS\System32\HPCP1020LM.DLL
2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-08-30 01:33 - 2012-08-15 11:52 - 00094208 ____N () C:\Windows\System32\IccLibDll_x64.dll
2014-02-28 11:32 - 2014-02-28 11:32 - 00174368 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-25 05:25 - 2015-05-25 05:25 - 00098816 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\win32api.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00110080 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\pywintypes27.dll
2015-05-25 05:25 - 2015-05-25 05:25 - 00364544 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\pythoncom27.dll
2015-05-25 05:25 - 2015-05-25 05:25 - 00045568 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\_socket.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 01161216 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\_ssl.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00320512 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\win32com.shell.shell.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00713216 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\_hashlib.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 01175040 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\wx._core_.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00805888 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\wx._gdi_.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00811008 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\wx._windows_.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 01062400 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\wx._controls_.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00735232 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\wx._misc_.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00682496 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\pysqlite2._sqlite.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00128512 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\_elementtree.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00127488 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\pyexpat.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00087552 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\_ctypes.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00119808 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\win32file.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00108544 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\win32security.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00007168 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\hashobjs_ext.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00017408 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\usb_ext.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00167936 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\win32gui.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00018432 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\win32event.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00013824 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\common.time34.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00036864 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\_psutil_windows.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00038912 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\win32inet.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00011264 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\win32crypt.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00070656 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\wx._html2.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00027136 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\_multiprocessing.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00020480 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\_yappi.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00035840 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\win32process.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00686080 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\unicodedata.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00122368 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\wx._wizard.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00024064 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\win32pipe.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00010240 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\select.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00025600 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\win32pdh.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00525640 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\windows._lib_cacheinvalidation.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00017408 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\win32profile.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00022528 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\win32ts.pyd
2015-05-25 05:25 - 2015-05-25 05:25 - 00078336 _____ () C:\Users\eva\AppData\Local\Temp\_MEI66362\wx._animate.pyd
2015-05-22 12:14 - 2015-05-13 10:48 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libglesv2.dll
2015-05-22 12:14 - 2015-05-13 10:48 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libegl.dll
2015-05-22 12:14 - 2015-05-13 10:48 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\PepperFlash\pepflashplayer.dll
2012-10-08 04:34 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\eva\SkyDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\eva\Pictures\2013\Hawaii 0613\DSCN4234.JPG
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER Error getting ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "AsusVibeLauncher.lnk"
HKLM\...\StartupApproved\Run: => "ACMON"
HKLM\...\StartupApproved\Run: => "EvtMgr6"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "DBAgent"
HKLM\...\StartupApproved\Run32: => "EPSON_UD_START"
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\...\StartupApproved\Run: => "Uploader"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D8DAD5D1-1F06-4852-BB73-7B4278961884}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{3EACD543-70F3-4831-8C2A-A380D71DDC7E}] => (Allow) LPort=4482
FirewallRules: [{9D23796F-42F7-4D51-A623-9ADB51FD7F94}] => (Allow) LPort=4482
FirewallRules: [{B50E7D48-D4A5-430C-BAA2-EA6E3548AEEE}] => (Allow) LPort=4481
FirewallRules: [{4EFF1B9B-0D5A-4DA5-9858-15F30BDECB06}] => (Allow) LPort=4481
FirewallRules: [{D1D4F05A-9B5E-4254-A67A-9EDBA99DD92B}] => (Allow) C:\Program Files (x86)\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{B3275FE2-402E-4974-9F15-DF7FBD9392C8}] => (Allow) C:\Program Files (x86)\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{EF2F7E10-DC3E-44DD-AC06-962107218977}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{7FB06B69-0145-457B-8515-95E4D7928483}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{8379195E-12BE-415A-9270-E058B0D1855C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{B160BA9B-350A-4FC2-8466-A11CC0A637C9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{4E9632B1-8A9F-47E6-A4B7-022DC04B15B2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{9762F22F-037D-4546-8872-0D88C5F935CE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{D1D5CEDE-3A4C-45BA-AD94-52077F44A01D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{33A33B8C-30EF-4177-9261-35E4042FE61E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{EE3DB352-4315-4A5C-A829-00F796B30733}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{4331D622-2D3A-4EC7-B751-7331269EEEE8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{8065A733-1D14-4A1B-B773-C3DD2B511F97}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3BEFD9F0-1099-47BC-A19D-4199F29A289A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CDF323BF-A11E-4503-A2B8-ED5296601115}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{6662D437-18BE-4DCA-96DF-5DAB086DD99A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E2B64105-2A35-44FC-9946-5DEC1FB95B60}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{51EF41A7-BAB2-4ACE-80F3-7DDD43199D4E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7A1A014E-F774-4294-8F84-CD9F4E21ACA4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CDA3D6A8-9DC3-459D-AB67-F629FA6B2862}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{68685F20-7A9E-455A-9E43-07C7E29E042D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F82D61C3-001D-4360-85AF-AF4AA8FE604B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D2DA6547-A1CB-4607-A8D7-B23ABF94D077}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{14DF9E15-01E9-4FEE-8070-5970F2696559}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{7FDE5B33-7032-495B-B7B5-CDC1706EC7D3}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{699861EE-6C4D-40DE-997F-F6C10787E2E0}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{953C0655-4803-4F56-BD0E-6C3C913A0C80}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{1A6AED7F-F488-410A-8F4D-FA4A6FDBAC8C}] => (Allow) E:\Installer\hpbcsiInstaller.exe
FirewallRules: [{B361681B-84A6-4C81-9CC7-34AB4833A203}] => (Allow) E:\Installer\hpbcsiInstaller.exe
FirewallRules: [TCP Query User{396CA64A-FEE5-4575-B62D-39F8D5FFBBFF}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{2077040E-1322-4757-AA02-686BCE692B81}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{14E60836-010F-4724-88AD-13634D3F1C52}] => (Allow) LPort=8888
FirewallRules: [{445249C1-BBAC-4BA9-ACFA-3ADF41817C57}] => (Allow) LPort=8888
FirewallRules: [{42CA0C55-D77A-4BFA-9A3F-865326466217}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP Color LaserJet CM2320nf MFP
Description: HP Color LaserJet CM2320nf MFP
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/25/2015 05:15:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6641
Error: (05/25/2015 05:15:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6641
Error: (05/25/2015 05:15:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/24/2015 10:59:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9031
Error: (05/24/2015 10:59:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9031
Error: (05/24/2015 10:59:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/24/2015 10:58:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4465922
Error: (05/24/2015 10:58:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4465922
Error: (05/24/2015 10:58:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/24/2015 07:59:10 PM) (Source: MsiInstaller) (EventID: 10005) (User: ULLI-PC)
Description: Product: Microsoft Fix it 50641 -- This Microsoft Fix it does not apply to your operating system or application version.
System errors:
=============
Error: (05/25/2015 05:23:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069
Error: (05/25/2015 05:23:50 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Error: (05/25/2015 05:23:44 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\WINDOWS\System32\IWMSSvc.dll
Error: (05/25/2015 05:23:44 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\WINDOWS\System32\IWMSSvc.dll
Error: (05/25/2015 05:23:42 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\WINDOWS\System32\IWMSSvc.dll
Error: (05/25/2015 05:23:21 AM) (Source: DCOM) (EventID: 10010) (User: ULLI-PC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (05/25/2015 05:23:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).
Error: (05/25/2015 05:23:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Seagate Dashboard Services service terminated unexpectedly. It has done this 1 time(s).
Error: (05/25/2015 05:23:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (05/25/2015 05:23:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Microsoft Office:
=========================
Error: (09/07/2014 00:21:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3887 seconds with 3360 seconds of active time. This session ended with a crash.
Error: (08/06/2014 06:52:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5469 seconds with 2760 seconds of active time. This session ended with a crash.
Error: (07/02/2014 07:05:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1546 seconds with 1320 seconds of active time. This session ended with a crash.
Error: (01/27/2014 05:12:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 679 seconds with 660 seconds of active time. This session ended with a crash.
Error: (08/25/2013 00:34:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 563 seconds with 420 seconds of active time. This session ended with a crash.
Error: (05/20/2013 04:14:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1123 seconds with 360 seconds of active time. This session ended with a crash.
Error: (04/19/2013 03:13:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 34 seconds with 0 seconds of active time. This session ended with a crash.
Error: (04/19/2013 03:12:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2672 seconds with 1200 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3517U CPU @ 1.90GHz
Percentage of memory in use: 50%
Total physical RAM: 6029.56 MB
Available physical RAM: 2992.81 MB
Total Pagefile: 7181.56 MB
Available Pagefile: 3785.29 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:77.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:258.45 GB) (Free:258.33 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4F359092)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: 41B54F21)
Partition: GPT Partition Type.
==================== End of log ============================
Code:
ATTFilter Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
Ran by eva at 2015-05-25 05:41:22
Running from C:\Users\eva\Desktop
Boot Mode: Normal
================== Search Registry: "Beamrise;Mobogenie;SuperEasy Software;Reimage;softonic" ===========
===================== Search result for "Beamrise" ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MediaPlayer\ShimInclusionList\beamrise.exe]
[HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Beamrise]
[HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\eva\AppData\Local\Beamrise\Application\beamrise.exe"="0x534143500100000000000000070000002800000040F317000DB7180001000000000000000000030671220000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000004E000000000000000100000001000000"
[HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Beamrise.EJ5R55JB6ZWQ6375H4I2DZ4V2M]
[HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Beamrise.EJ5R55JB6ZWQ6375H4I2DZ4V2M]
"Image"="C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\VisualElements\splash-620x300.png"
[HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Beamrise.EJ5R55JB6ZWQ6375H4I2DZ4V2M]
[HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Beamrise.EJ5R55JB6ZWQ6375H4I2DZ4V2M]
"Image"="C:\Users\eva\AppData\Local\Beamrise\Application\31.0.1650.7639\VisualElements\splash-620x300.png"
===================== Search result for "Mobogenie" ==========
[HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Internet Explorer\DOMStorage\mobogenie.com]
[HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\Mobogenie\uninst.exe"="0x53414350010000000000000007000000280000000B020200A184350103000000000000000000010600010000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000104E0000000000000100000001000000"
[HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Mobogenie]
[HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Mobogenie]
===================== Search result for "SuperEasy Software" ==========
[HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\SuperEasy Software\Driver Updater\unins000.exe"="0x5341435001000000000000000700000028000000502513004B0B140003000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000004D220000000000000100000001000000"
===================== Search result for "Reimage" ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\CLSID\{8fd0f62a-6e71-4bb9-859b-eefbd704609b}]
"ActivatableClassId"="D3DCaptureTrackerComponent.D3DCaptureImageSource"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Power]
"ResumeRestoreImageStartTimestamp"="0"
[HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\eva\Desktop\ReimageRepair.exe"="0x534143500100000000000000070000002800000020D70B00E2270C0001000000000000000000010600010000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000CABC0300000000000100000001000000"
[HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\bde9f11d]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Misc_RefreshYourPC/LowKeywords}"="erase erases;format formats;reimage;re-image;reinstate;system;wipe wipes"
[HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\fac70555]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Misc_RefreshYourPC/LowKeywords}"="erase erases;format formats;reimage;re-image;reinstate;system;wipe wipes"
[HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002_Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\bde9f11d]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Misc_RefreshYourPC/LowKeywords}"="erase erases;format formats;reimage;re-image;reinstate;system;wipe wipes"
[HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002_Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\fac70555]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Misc_RefreshYourPC/LowKeywords}"="erase erases;format formats;reimage;re-image;reinstate;system;wipe wipes"
====== End of Search ======
Microsoft fix it hat nicht funktioniert - folgende Fehlermeldung: This Microsoft Fix it does not apply to your operating system or application version. Verwende Windows 8.1 in der 64 bit Version. LG, eva mariee |
|
25.05.2015, 19:59
| #8 |
| /// TB-Ausbilder | Windows 8: Ordner werden als shortcut angezeigt, tlw. auch USB-Sticks Servus, wir entfernen erst mal das Restliche, dann kümmern wir uns um die Shell-Meldung. Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MediaPlayer\ShimInclusionList\beamrise.exe
DeleteKey: HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Beamrise
DeleteKey: HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Beamrise.EJ5R55JB6ZWQ6375H4I2DZ4V2M
DeleteKey: HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Beamrise.EJ5R55JB6ZWQ6375H4I2DZ4V2M
DeleteKey: HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Internet Explorer\DOMStorage\mobogenie.com
DeleteKey: HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Mobogenie
RemoveProxy:
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
26.05.2015, 02:47
| #9 |
| | Windows 8: Ordner werden als shortcut angezeigt, tlw. auch USB-Sticks Hallo Matthias, jetzt scheitere ich - Schritt 1 konnte ich ausführen (den log häng ich dann dran). Bei Schritt 2 komme ich bis zum Starten des Scans. Beim ersten Versuch hat er sich nach ca. 1,5 Stunden bei 11% aufgehängt und nichts mehr gemacht. Bis dorthin hat er eine Bedrohung gefunden: Win32/Trojaner.Downloader.Wauchos. AK Trojaner Beim 2. Start ist er jetzt nach 1:59:40 bei 14% und macht nichts mehr seit ca. 1 Stunde - keine Bewegung in geprüften Dateien, keine Veränderung in Objekte. Was soll ich tun? Hier nun das Lof-File von Schritt 1: Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by eva at 2015-05-25 14:08:19 Run:3
Running from C:\Users\eva\Desktop
Loaded Profiles: eva (Available Profiles: eva)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CloseProcesses:
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MediaPlayer\ShimInclusionList\beamrise.exe
DeleteKey: HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Beamrise
DeleteKey: HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Beamrise.EJ5R55JB6ZWQ6375H4I2DZ4V2M
DeleteKey: HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Beamrise.EJ5R55JB6ZWQ6375H4I2DZ4V2M
DeleteKey: HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Internet Explorer\DOMStorage\mobogenie.com
DeleteKey: HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Mobogenie
RemoveProxy:
EmptyTemp:
end
*****************
Processes closed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MediaPlayer\ShimInclusionList\beamrise.exe => key Removed successfully
HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Beamrise => key Removed successfully
HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Beamrise.EJ5R55JB6ZWQ6375H4I2DZ4V2M => key Removed successfully
HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Beamrise.EJ5R55JB6ZWQ6375H4I2DZ4V2M => key not found.
HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Microsoft\Internet Explorer\DOMStorage\mobogenie.com => key Removed successfully
HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Mobogenie => could not remove key at first attempt (Error: C0000121), see next line.
HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Mobogenie => key Removed successfully
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\S-1-5-21-964893997-1847190727-3478051664-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
========= End of RemoveProxy: =========
EmptyTemp: => Removed 64.1 MB temporary data.
The system needed a reboot.
==== End of Fixlog 14:08:32 ====
|
|
26.05.2015, 09:11
| #10 |
| /// TB-Ausbilder | Windows 8: Ordner werden als shortcut angezeigt, tlw. auch USB-Sticks Servus, lass mal bitte HitmanPro statt ESET laufen: Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
|
|
26.05.2015, 12:23
| #11 |
| | Windows 8: Ordner werden als shortcut angezeigt, tlw. auch USB-Sticks Guten Morgen, ich habe also ESET nach fast 11 Stunden bei 23% abgebrochen und poste dann den Log. Hitman Pro läuft nicht auf meinem Computer - sagt, dass es mit meiner 64 bit Version nicht funktioniert. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=23154001d45edd43af4063f35e02e293
# engine=24017
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-25 11:41:03
# local_time=2015-05-25 05:41:03 (-0600, Central America Standard Time)
# country="United States"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 9589655 0 0
# scanned=72963
# found=1
# cleaned=0
# scan_time=11399
sh=52D863B5D39D7D8B80879088C30ACBF510F41EF4 ft=1 fh=1eefec9b0b13dda3 vn="Win32/TrojanDownloader.Wauchos.AK Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\msqcmfnsm.exe.xBAD"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=23154001d45edd43af4063f35e02e293
# engine=24020
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-26 11:14:36
# local_time=2015-05-26 05:14:36 (-0600, Central America Standard Time)
# country="United States"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 9631268 0 0
# scanned=149597
# found=2
# cleaned=0
# scan_time=41403
sh=52D863B5D39D7D8B80879088C30ACBF510F41EF4 ft=1 fh=1eefec9b0b13dda3 vn="Win32/TrojanDownloader.Wauchos.AK Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\msqcmfnsm.exe.xBAD"
sh=566095531FD328C3054D52C571431D0305103E40 ft=1 fh=0e5c76553bbccf7f vn="Variante von Win32/Systweak.R evtl. unerwünschte Anwendung" ac=I fn="C:\Users\eva\Downloads\supereasy_driver_updater_1.1.1_7870.exe"
|
|
26.05.2015, 18:08
| #12 |
| /// TB-Ausbilder | Windows 8: Ordner werden als shortcut angezeigt, tlw. auch USB-Sticks Servus, dann versuchen wir mal EEK anstatt ESET und Hitman: Lade Dir bitte von hier  Emsisoft Emergency Kit herunter.
|
|
27.05.2015, 01:45
| #13 |
| | Windows 8: Ordner werden als shortcut angezeigt, tlw. auch USB-Sticks so, hier die neuen Logs. Schritt 2 mit emisisoft: Code:
ATTFilter Emsisoft Emergency Kit - Version 9.0
Last update: 26-May-15 1:33:50 PM
User account: ULLI-PC\eva
Scan settings:
Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\, D:\, H:\, J:\
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
Scan start: 26-May-15 1:34:46 PM
Value: HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
C:\ProgramData\Avira\Antivirus\INFECTED\533f6dcd.qua -> (Quarantine-8) detected: Adware.BrowseFox.BS (B)
C:\ProgramData\Avira\Antivirus\INFECTED\566ceddf.qua -> (Quarantine-8) detected: Generic.JS.BlackHole.9431862E (B)
C:\ProgramData\Avira\Antivirus\INFECTED\5988e9b1.qua -> (Quarantine-8) detected: Generic.JS.BlackHole.079EE8AA (B)
C:\Users\eva\Downloads\Photoshop\Portable_Adobe_Photoshop_CS3_en_Español_768.exe -> (NSIS o) -> lzma_solid_nsis0000 detected: Gen:Application.Bundler.DefaultTab.1 (B)
H:\Seagate Dashboard 2.0\ULLI-PC\eva\Backup\3b3b1f41-dce7-407e-ba17-186b6dbedbc7\20150523_230922_eva\C\Users\eva\Downloads\Photoshop\Portable_Adobe_Photoshop_CS3_en_Español_768.exe -> (NSIS o) -> lzma_solid_nsis0000 detected: Gen:Application.Bundler.DefaultTab.1 (B)
Scanned 493700
Found 7
Scan end: 26-May-15 5:38:44 PM
Scan time: 4:03:58
H:\Seagate Dashboard 2.0\ULLI-PC\eva\Backup\3b3b1f41-dce7-407e-ba17-186b6dbedbc7\20150523_230922_eva\C\Users\eva\Downloads\Photoshop\Portable_Adobe_Photoshop_CS3_en_Español_768.exe Deleted Gen:Application.Bundler.DefaultTab.1 (B)
C:\Users\eva\Downloads\Photoshop\Portable_Adobe_Photoshop_CS3_en_Español_768.exe Deleted Gen:Application.Bundler.DefaultTab.1 (B)
C:\ProgramData\Avira\Antivirus\INFECTED\5988e9b1.qua Deleted Generic.JS.BlackHole.079EE8AA (B)
C:\ProgramData\Avira\Antivirus\INFECTED\566ceddf.qua Deleted Generic.JS.BlackHole.9431862E (B)
C:\ProgramData\Avira\Antivirus\INFECTED\533f6dcd.qua Deleted Adware.BrowseFox.BS (B)
Value: HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Deleted Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-964893997-1847190727-3478051664-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Deleted Setting.DisableTaskMgr (A)
Deleted 7
Code:
ATTFilter Results of screen317's Security Check version 1.001
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Antivirus
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 55
Java version 32-bit out of Date!
Adobe Flash Player 16.0.0.235 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox 31.0 Firefox out of Date!
Google Chrome (43.0.2357.65)
Google Chrome (43.0.2357.81)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
https://plus.google.com/photos/115128392581057048821/albums/6152550836645109201 LG eva mariee |
|
27.05.2015, 12:02
| #14 |
| /// TB-Ausbilder | Windows 8: Ordner werden als shortcut angezeigt, tlw. auch USB-Sticks Servus, versuch mal folgendes bitte:
|
|
28.05.2015, 12:00
| #15 |
| | Windows 8: Ordner werden als shortcut angezeigt, tlw. auch USB-Sticks Hallo, hier der Log vom Windows repair: Code:
ATTFilter Tweaking.com - Windows Repair v3.2.0
--------------------------------------------------------------------------------
System Variables
--------------------------------------------------------------------------------
OS: Windows 8.1
OS Architecture: 64-bit
OS Version: 6.3.9600
OS Service Pack:
Computer Name: ULLI-PC
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\eva
Current Profile SID: S-1-5-21-964893997-1847190727-3478051664-1002
Current Profile Classes: S-1-5-21-964893997-1847190727-3478051664-1002_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Users\eva\AppData\Local
--------------------------------------------------------------------------------
System Information
--------------------------------------------------------------------------------
System Up Time: 01 Day 16:17:38
Process Count: 120
Commit Total: 3.45 GB
Commit Limit: 7.01 GB
Commit Peak: 5.52 GB
Handle Count: 37593
Kernel Total: 1.49 GB
Kernel Paged: 324.23 MB
Kernel Non Paged: 1.17 GB
System Cache: 3.00 GB
Thread Count: 1103
--------------------------------------------------------------------------------
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 5.89 GB
Memory Used: 3.02 GB(51.3206%)
Memory Avail.: 2.87 GB
--------------------------------------------------------------------------------
Cleaning Memory Before Starting Repairs...
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 5.89 GB
Memory Used: 2.61 GB(44.3697%)
Memory Avail.: 3.28 GB
--------------------------------------------------------------------------------
Starting Repairs...
Started at (27-May-15 6:26:41 AM)
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 123
01 - Reset Registry Permissions
Restore Windows 8 Default Registry Permissions
Start (27-May-15 6:26:46 AM)
Decompressing & Updating Windows Permission File hkud.txt
Done, 0.52 seconds.
Decompressing & Updating Windows Permission File hkcu.txt
Done, 0.52 seconds.
Decompressing & Updating Windows Permission File hkcr.txt
Done, 1.95 seconds.
Decompressing & Updating Windows Permission File hklm.txt
Done, 5.04 seconds.
Running Repair Under System Account
Running Repair Under Current User Account
Done (27-May-15 8:33:32 AM)
03 - Reset Service Permissions
Start (27-May-15 8:33:32 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27-May-15 8:34:32 AM)
04 - Register System Files
Start (27-May-15 8:34:32 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27-May-15 8:40:43 AM)
05 - Repair WMI
Start (27-May-15 8:40:43 AM)
Starting Security Center So We Can Export The Security Info.
Exporting Antivirus Info...
Avira Antivirus Exported.
Windows Defender Exported.
Exporting AntiSpyware Info...
Avira Antivirus Exported.
Windows Defender Exported.
Exporting 3rd Party Firewall Info...
No Firewall Products Reported.
Running Repair Under Current User Account
Done (27-May-15 8:46:41 AM)
06 - Repair Windows Firewall
Start (27-May-15 8:46:41 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27-May-15 8:49:56 AM)
07 - Repair Internet Explorer
Start (27-May-15 8:49:57 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27-May-15 8:53:04 AM)
08 - Repair MDAC/MS Jet
Start (27-May-15 8:53:04 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27-May-15 8:53:49 AM)
09 - Repair Hosts File
Start (27-May-15 8:53:49 AM)
Running Repair Under System Account
Done (27-May-15 8:53:51 AM)
10 - Remove Policies Set By Infections
Start (27-May-15 8:53:51 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27-May-15 8:54:03 AM)
12 - Repair Icons
Start (27-May-15 8:54:03 AM)
Running Repair Under Current User Account
Done (27-May-15 8:54:08 AM)
13 - Repair Winsock & DNS Cache
Start (27-May-15 8:54:09 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27-May-15 8:55:06 AM)
15 - Repair Proxy Settings
Start (27-May-15 8:55:06 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27-May-15 8:55:09 AM)
17 - Repair Windows Updates
Start (27-May-15 8:55:10 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
Done (27-May-15 8:59:34 AM)
18 - Repair CD/DVD Missing/Not Working
Start (27-May-15 8:59:34 AM)
iTunes not found, not applying UpperFilters iTunes Reg Key
Done (27-May-15 8:59:34 AM)
19 - Repair Volume Shadow Copy Service
Start (27-May-15 8:59:34 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27-May-15 9:02:45 AM)
21 - Repair MSI (Windows Installer)
Start (27-May-15 9:02:45 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27-May-15 9:05:30 AM)
23.01 - Repair bat Association
Start (27-May-15 9:05:30 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27-May-15 9:05:33 AM)
23.02 - Repair cmd Association
Start (27-May-15 9:05:33 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27-May-15 9:05:36 AM)
23.03 - Repair com Association
Start (27-May-15 9:05:36 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27-May-15 9:05:39 AM)
23.04 - Repair Directory Association
Start (27-May-15 9:05:39 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27-May-15 9:05:42 AM)
23.05 - Repair Drive Association
Start (27-May-15 9:05:42 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27-May-15 9:05:44 AM)
23.06 - Repair exe Association
Start (27-May-15 9:05:44 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27-May-15 9:05:47 AM)
23.07 - Repair Folder Association
Start (27-May-15 9:05:47 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27-May-15 9:05:50 AM)
23.08 - Repair inf Association
Start (27-May-15 9:05:50 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27-May-15 9:05:53 AM)
23.09 - Repair lnk (Shortcuts) Association
Start (27-May-15 9:05:53 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27-May-15 9:05:56 AM)
23.10 - Repair msc Association
Start (27-May-15 9:05:56 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27-May-15 9:05:59 AM)
23.11 - Repair reg Association
Start (27-May-15 9:05:59 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27-May-15 9:06:02 AM)
23.12 - Repair scr Association
Start (27-May-15 9:06:02 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27-May-15 9:06:04 AM)
24 - Repair Windows Safe Mode
Start (27-May-15 9:06:05 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27-May-15 9:06:09 AM)
25 - Repair Print Spooler
Start (27-May-15 9:06:09 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27-May-15 9:09:00 AM)
26 - Restore Important Windows Services
Start (27-May-15 9:09:00 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27-May-15 9:11:56 AM)
27 - Set Windows Services To Default Startup
Start (27-May-15 9:11:56 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27-May-15 9:12:14 AM)
28.01 - Repair Windows 8 App Store
Start (27-May-15 9:12:14 AM)
Decompressing & Updating Windows Permission File hkcu.txt
Done, 0.38 seconds.
Running Repair Under Current User Account
Done (27-May-15 9:21:20 AM)
29 - Repair Windows 8 Component Store
Start (27-May-15 9:21:20 AM)
Running Repair Under Current User Account
Done (27-May-15 10:38:48 AM)
30 - Restore Windows 8 COM+ Unmarshalers
Start (27-May-15 10:38:48 AM)
Running Repair Under System Account
Processing ACL of: <classes_root\Unmarshalers>
SetACL finished with error(s):
SetACL error message: The call to SetNamedSecurityInfo () failed
Operating system error message: Access is denied.
Done (27-May-15 10:38:55 AM)
31 - Repair Windows 'New' Submenu
Start (27-May-15 10:38:55 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27-May-15 10:38:59 AM)
33 - Repair Performance Counters
Start (27-May-15 10:38:59 AM)
Running Repair Under Current User Account
Done (27-May-15 10:39:02 AM)
Cleaning up empty logs...
All Selected Repairs Done.
Done at (27-May-15 10:39:02 AM)
Total Repair Time: 04:12:23
...YOU MUST RESTART YOUR SYSTEM...
Beim Starten ist wieder diese "Shell"-Datei aufgegangen und der Explorer schaut auch noch gleich aus. Wie siehst du den momentanen Status? LG, eva mariee Guten Morgen, es gibt ein neues Detaille: Das Action Center zeigt mir über das Fähnchen in der Taskleiste an, dass es zwei wichtige Meldungen bezüglich des Virenschutzes gibt. Wenn ich das Action Center öffne, schaut es wie auf dem geteilten Foto aus. Allerdings - Avira Antivir IST aktiviert und auch die Firewall ist eingeschalten, wenn ich es über die Programme kontrolliere zeigt es mir das an. Klickt man im sich öffnenden kleinen Fenster auf "Turn On" tut sich nichts. Was ist das nun wieder? Irgendwie bin ich am Verzweifeln. Kannst du mir bitte mal sagen, wie du die momentane Lage siehst? Können wir denn Laptop retten ohne ihn neu aufzusetzen? hier nun das Foto: https://plus.google.com/photos/115128392581057048821/albums/6152550836645109201 LG, eva marie Guten Morgen, soeben hab ich einen Beitrag geschrieben und er ist nicht da  Also noch einmal: Es gibt was neues komisches, das mir aufgefallen ist: das Action Center zeigt mir über das Fähnchen in der Taskleiste an, dass es zwei wichtige Meldungen in bezug auf den Virenschutz gibt. Öffne ich das Action Center, kommt das kleine Fenster, was du auf dem hoch geladenen Foto siehst. Klickt man auf "turn on". tut sich rein garnichts. ABER: Firewall und Avira sind sicher eingeschaltet! Wenn ich das einzeln über die Programme kontrolliere, sehe ich, dass eigentlich alles ok sein sollte. Irgendwie bin ich am Verzweifeln. Wie schätzt du denn die Lage ein? Ist mein Laptop zu retten, ohne ihn neu aufsetzten zu müssen? Hoer nun der Link zum Foto: https://plus.google.com/photos/115128392581057048821/albums/6152550836645109201 LG, eva marie |
|
| Themen zu Windows 8: Ordner werden als shortcut angezeigt, tlw. auch USB-Sticks |
| access denied, adware.browsefox.bs, antivirus, computer, entfernen, fehlercode 0xc0000005, fehlercode 22, fehlercode 28, fehlercode 31, flash player, generic.js.blackhole, homepage, internet, mobogenie, mobogenie entfernen, registry, required, software, this device is disabled. (code 22), win32/systweak.r, win32/trojandownloader.wauchos.ak, win32/trojaner.downloader.wauchos |
und 
und speichere die Logdatei auf Deinem Desktop.
von tweaking.com 
Linear-Darstellung
