Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7 - Ist der Rechner noch infiziert? (https://www.trojaner-board.de/166115-windows-7-rechner-noch-infiziert.html)

krai 14.04.2015 20:48
Windows 7 - Ist der Rechner noch infiziert?
 
Hallo Zusammen!

Habe einen Rechner eines Verwandten hier stehen welche nach eigener Aussage einen Trojaner eingefangen und entfernt hat. Habe leider keine Ahnung was für ein Trojaner und wie er ihn entfernt haben will.

Könntet ihr bitte mal einen Blick darauf werfen ob der Rechner sauber ist?
Vielen Dank!

FRST.txt
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015
Ran by martin (administrator) on MARTIN-NOTEBOOK on 14-04-2015 21:31:09
Running from C:\Users\martin\Desktop
Loaded Profiles: martin (Available profiles: martin)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Users\martin\AppData\Roaming\Host System\host.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Company, L.P.) C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Users\martin\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\HP HD Webcam Driver\Monitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [763520 2012-08-08] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-08] (Atheros Communications)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2014-08-18] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2014-08-18] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-03-01] (Intel Corporation)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [319360 2012-03-14] (Hewlett-Packard Company)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2014-08-18] (Intel Corporation)
HKLM-x32\...\Run: [HP HD Webcam Driver_Monitor] => C:\Program Files (x86)\HP HD Webcam Driver\monitor.exe [303480 2012-07-26] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2012-03-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] ()
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12313720 2012-08-07] (Hewlett-Packard)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [184736 2012-09-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-531367498-374304512-3508266509-1001\...\Run: [Amazon Music] => C:\Users\martin\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] ()
HKU\S-1-5-21-531367498-374304512-3508266509-1001\...\MountPoints2: {5999006b-9cd1-11e3-9781-b4b52f7b4b7e} - D:\LaunchU3.exe -a
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5B0.lnk
ShortcutTarget: 5B0.lnk -> C:\ProgramData\{9f91f221-754b-c30c-9f91-1f221754c885}\5B0.exe ()
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Old Crow Medicine Show - Wagon Wheel.lnk
ShortcutTarget: Old Crow Medicine Show - Wagon Wheel.lnk -> C:\ProgramData\{7b655848-8a6a-6b4a-7b65-558488a66122}\Old Crow Medicine Show - Wagon Wheel.exe ()
HKLM\...\AppCertDlls: [x64] -> c:\program files (x86)\settings manager\smdmf\x64\sysapcrt.dll
HKLM\...\AppCertDlls: [x86] -> c:\program files (x86)\settings manager\smdmf\sysapcrt.dll
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.goodforsearch.info/?pid=2317&r=2015/04/10&hid=14761854521232543427&lg=EN&cc=AT&unqvl=86
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-531367498-374304512-3508266509-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.goodforsearch.info/?l=1&q={searchTerms}&pid=2317&r=2015/04/10&hid=14761854521232543427&lg=EN&cc=AT&unqvl=86
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.goodforsearch.info/?l=1&q={searchTerms}&pid=2317&r=2015/04/10&hid=14761854521232543427&lg=EN&cc=AT&unqvl=86
SearchScopes: HKU\S-1-5-21-531367498-374304512-3508266509-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.goodforsearch.info/?l=1&q={searchTerms}&pid=2317&r=2015/04/10&hid=14761854521232543427&lg=EN&cc=AT&unqvl=86

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-08-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-08-18] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2014-08-18]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [caeaobpemokdfnidgaebncaooofnbfha] - C:\Users\martin\ChromeExtensions\caeaobpemokdfnidgaebncaooofnbfha\amazon-icon-fwde.crx [2014-09-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 2969302e; c:\Program Files (x86)\LibraryEngine\LibraryEngine.dll [1753600 2015-04-10] () [File not signed]
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211072 2012-08-08] (Qualcomm Atheros Commnucations) [File not signed]
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-04-28] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-11-19] (Hewlett-Packard Company)
R2 HostService; C:\Users\martin\AppData\Roaming\Host System\host.exe [536576 2014-07-23] () [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [365440 2012-03-14] (Hewlett-Packard Company)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2014-08-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2014-08-18] (Intel Corporation)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2012-07-11] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-03-07] (PDF Complete Inc)
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2012-04-05] (ArcSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-08] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [32896 2012-03-20] (Advanced Micro Devices, Inc.)
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2012-02-03] (ArcSoft, Inc.)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2012-08-08] (Qualcomm Atheros)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-11-09] (Hewlett-Packard Company)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [90736 2012-07-11] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158832 2012-07-11] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1064184 2013-01-23] (Sunplus)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-14 21:31 - 2015-04-14 21:32 - 00017119 _____ () C:\Users\martin\Desktop\FRST.txt
2015-04-14 21:31 - 2015-04-14 21:31 - 00000000 ____D () C:\FRST
2015-04-14 21:30 - 2015-04-14 21:27 - 02096640 _____ (Farbar) C:\Users\martin\Desktop\FRST64.exe
2015-04-11 21:15 - 2015-04-11 21:15 - 00003338 _____ () C:\windows\System32\Tasks\{4DFB186A-DBC0-4E91-8CC4-C473A0F2F01C}
2015-04-10 22:48 - 2015-04-10 22:48 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-10 22:48 - 2015-04-10 22:48 - 00000000 ____D () C:\ProgramData\Licenses
2015-04-10 22:29 - 2015-04-10 22:29 - 00000000 ____D () C:\Program Files (x86)\LibraryEngine
2015-04-10 22:26 - 2015-04-10 22:56 - 00000000 ____D () C:\ProgramData\{9f91f221-754b-c30c-9f91-1f221754c885}
2015-04-07 21:48 - 2015-04-07 21:57 - 891787140 _____ () C:\Users\martin\Desktop\Kitzi Sponsion.zip
2015-04-07 20:53 - 2015-04-07 20:53 - 00000000 ____D () C:\ProgramData\NoMore Ads
2015-04-06 22:59 - 2015-04-09 16:28 - 00000000 ____D () C:\Users\martin\Desktop\Typenschein
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\windows\SysWOW64\GWX
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\windows\system32\GWX
2015-04-02 21:39 - 2015-04-10 22:28 - 00000000 ____D () C:\Program Files (x86)\UpgradeLeader
2015-04-02 21:37 - 2015-04-11 21:13 - 00000000 ____D () C:\Program Files (x86)\SalEPPlus
2015-04-02 21:37 - 2015-04-09 22:49 - 00000000 ____D () C:\ProgramData\11055139438368474995
2015-04-02 21:37 - 2015-04-02 21:37 - 00000000 ____D () C:\Program Files (x86)\SAleePLuss
2015-04-02 21:36 - 2015-04-07 13:15 - 00000000 ____D () C:\ProgramData\{7b655848-8a6a-6b4a-7b65-558488a66122}
2015-04-02 21:18 - 2015-04-02 21:18 - 00000000 ____D () C:\ProgramData\{a88a4232-e0de-0c11-a88a-a4232e0d08cb}
2015-03-30 22:07 - 2015-03-30 22:07 - 00003308 _____ () C:\windows\System32\Tasks\{B9880EDD-B16E-4B4C-A9D9-228DB69220ED}
2015-03-30 22:00 - 2015-03-30 22:10 - 00000000 ____D () C:\Program Files (x86)\MP3Gain
2015-03-30 22:00 - 2015-03-30 22:00 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
2015-03-30 22:00 - 2015-03-30 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
2015-03-24 21:08 - 2015-04-06 22:23 - 00000000 ____D () C:\Users\martin\.ultramixer
2015-03-24 21:07 - 2015-03-24 21:07 - 00001031 _____ () C:\Users\martin\Desktop\UltraMixer.lnk
2015-03-24 21:07 - 2015-03-24 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraMixer
2015-03-24 21:07 - 2015-03-24 21:07 - 00000000 ____D () C:\Program Files (x86)\UltraMixer
2015-03-24 21:05 - 2015-03-24 21:05 - 55785649 _____ (UltraMixer Digitial Audio Solutions ) C:\Users\martin\Downloads\UltraMixer-2.4.6-win.exe
2015-03-24 21:02 - 2015-03-24 21:02 - 00000022 _____ () C:\Users\martin\Downloads\MP3Fader_Setup.zip
2015-03-16 23:44 - 2015-04-08 21:25 - 00003192 _____ () C:\windows\System32\Tasks\HPCeeScheduleFormartin

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-14 21:28 - 2014-09-20 21:12 - 00025345 _____ () C:\windows\setupact.log
2015-04-14 21:28 - 2012-04-16 07:20 - 00000000 ____D () C:\ProgramData\PDFC
2015-04-14 21:28 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-14 21:16 - 2012-10-07 17:41 - 01836762 _____ () C:\windows\WindowsUpdate.log
2015-04-14 21:04 - 2012-04-16 05:53 - 00699666 _____ () C:\windows\system32\perfh007.dat
2015-04-14 21:04 - 2012-04-16 05:53 - 00149774 _____ () C:\windows\system32\perfc007.dat
2015-04-14 21:04 - 2009-07-14 07:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-14 21:00 - 2012-04-16 07:20 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-04-14 20:48 - 2009-07-14 06:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-14 20:48 - 2009-07-14 06:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-12 16:15 - 2014-09-20 21:11 - 00020982 _____ () C:\windows\PFRO.log
2015-04-11 23:10 - 2013-05-26 16:41 - 00003962 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{CB48FE46-A3F8-47D2-88D1-C369DC76C2B7}
2015-04-11 21:13 - 2012-12-16 17:58 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2015-04-09 22:54 - 2012-12-22 17:04 - 00000000 ____D () C:\Users\martin\AppData\Local\CrashDumps
2015-04-09 16:22 - 2014-07-31 23:15 - 00015360 ___SH () C:\Users\martin\Thumbs.db
2015-04-08 21:25 - 2015-02-02 22:46 - 00000336 _____ () C:\windows\Tasks\HPCeeScheduleFormartin.job
2015-04-07 22:51 - 2012-12-12 20:55 - 00000000 ____D () C:\Users\martin\AppData\Local\PDFC
2015-04-01 20:36 - 2013-04-01 15:36 - 00000000 ____D () C:\Users\martin\AppData\Local\Google
2015-04-01 20:36 - 2013-04-01 15:36 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-01 20:21 - 2013-04-01 15:36 - 00000000 ____D () C:\Users\martin\AppData\Local\Deployment
2015-03-24 21:08 - 2012-12-12 20:50 - 00000000 ____D () C:\Users\martin
2015-03-18 20:31 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2015-03-18 00:14 - 2013-01-20 23:27 - 00002128 _____ () C:\windows\wininit.ini
2015-03-18 00:14 - 2013-01-20 23:26 - 00000000 ___RD () C:\Users\martin\Dropbox
2015-03-18 00:14 - 2013-01-20 23:24 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-18 00:14 - 2013-01-20 23:24 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Dropbox
2015-03-17 22:36 - 2009-07-14 07:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2015-03-17 00:19 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

==================== Files in the root of some directories =======

2015-04-11 21:10 - 2015-04-11 21:15 - 0011700 _____ () C:\Users\martin\AppData\Local\Temp-log.txt

Some content of TEMP:
====================
C:\Users\martin\AppData\Local\Temp\10EC.exe
C:\Users\martin\AppData\Local\Temp\1333_cov_webssearches.exe
C:\Users\martin\AppData\Local\Temp\1850.exe
C:\Users\martin\AppData\Local\Temp\2000.exe
C:\Users\martin\AppData\Local\Temp\3420.exe
C:\Users\martin\AppData\Local\Temp\378C.exe
C:\Users\martin\AppData\Local\Temp\492C.exe
C:\Users\martin\AppData\Local\Temp\5080.exe
C:\Users\martin\AppData\Local\Temp\58A0.exe
C:\Users\martin\AppData\Local\Temp\5B0.exe
C:\Users\martin\AppData\Local\Temp\7018.exe
C:\Users\martin\AppData\Local\Temp\8380.exe
C:\Users\martin\AppData\Local\Temp\8F70.exe
C:\Users\martin\AppData\Local\Temp\98AC.exe
C:\Users\martin\AppData\Local\Temp\A170.exe
C:\Users\martin\AppData\Local\Temp\A1C0.exe
C:\Users\martin\AppData\Local\Temp\AC00.exe
C:\Users\martin\AppData\Local\Temp\adblockplusie-1.1.exe
C:\Users\martin\AppData\Local\Temp\amazonicon_fwde.exe
C:\Users\martin\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\martin\AppData\Local\Temp\B380.exe
C:\Users\martin\AppData\Local\Temp\B680.exe
C:\Users\martin\AppData\Local\Temp\D4C0.exe
C:\Users\martin\AppData\Local\Temp\D930.exe
C:\Users\martin\AppData\Local\Temp\DF50.exe
C:\Users\martin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmps7hni_.dll
C:\Users\martin\AppData\Local\Temp\E790.exe
C:\Users\martin\AppData\Local\Temp\jna2562246376404723907.dll
C:\Users\martin\AppData\Local\Temp\OptimizerPro.exe
C:\Users\martin\AppData\Local\Temp\protegere6_ff_ie_fwde.exe
C:\Users\martin\AppData\Local\Temp\Quarantine.exe
C:\Users\martin\AppData\Local\Temp\sdanircmdc.exe
C:\Users\martin\AppData\Local\Temp\sdapskill.exe
C:\Users\martin\AppData\Local\Temp\sdaspwn.exe
C:\Users\martin\AppData\Local\Temp\SettingsManagerSetup.exe
C:\Users\martin\AppData\Local\Temp\sp64126.exe
C:\Users\martin\AppData\Local\Temp\UninstallHPSA.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 19:05

==================== End Of Log ============================
Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015
Ran by martin at 2015-04-14 21:32:34
Running from C:\Users\martin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adblock Plus für IE (32-Bit- und 64-Bit) (HKLM\...\{C27EF409-FB69-451F-B996-DC853C25FCA2}) (Version: 1.4 - Eyeo GmbH)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-531367498-374304512-3508266509-1001\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{8642397F-CF08-6B30-A477-A039BBAA511E}) (Version: 3.0.868.0 - Advanced Micro Devices, Inc.)
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.42 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.61.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.39 - ArcSoft)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.1.2.0 - Hewlett-Packard Company)
Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.39.32378 - Hewlett-Packard Company)
Dropbox (HKU\S-1-5-21-531367498-374304512-3508266509-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Evernote v. 4.5.4 (HKLM-x32\...\{550BFF6E-7376-11E1-99EA-984BE15F174E}) (Version: 4.5.4.6487 - Evernote Corp.)
Face Recognition for HP ProtectTools (HKLM\...\Face Recognition for HP ProtectTools) (Version: 7.2.1.4548 - Hewlett-Packard Company)
Face Recognition for HP ProtectTools (Version: 7.2.1.4548 - Hewlett-Packard Company) Hidden
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 7.0.2.2 - Hewlett-Packard Company)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{1B9B252D-62CC-483D-89F5-E2A4FF871C7F}) (Version: 5.1.7.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{5DCA44EB-03F6-44A3-A294-F3E5DE98D7F6}) (Version: 4.4.10.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{A351CC1B-C92C-4F37-8109-9F6D33ACF5EF}) (Version: 1.1.1.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.8.16 - SunplusIT)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.5.9.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.1.1199 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{223AE3E8-4445-410F-8EDA-13EC137E3BDB}) (Version: 3.4.3.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{F4F3B985-9B21-4D67-B1B2-2829C5D392E8}) (Version: 2.4.2.1 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6402.0 - IDT)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3090 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.68.0 - JMicron Technology Corp.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
NoMore Ads (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - NoMore Ads) <==== ATTENTION
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.93 - PDF Complete, Inc)
Privacy Manager for HP ProtectTools (HKLM\...\{29AB47F0-C5A3-401F-8A84-3324F2DC8E46}) (Version: 7.0.1.892 - Hewlett-Packard Company)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
ReactorAppend (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{2969302e}) (Version:  - ReactorAppend) <==== ATTENTION
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.50.1123.2011 - Realtek)
SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.0.10 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 7.0.0.10 - Hewlett-Packard Company) Hidden
UltraMixer 2.4.6 (HKLM-x32\...\{32E2F180-247C-4077-B06A-20F9868568E0}_is1) (Version: 2.4.6 - UltraMixer Digital Audio Solutions)
Validity Fingerprint Sensor Driver (HKLM\...\{AA51ED2E-DCE7-415F-9C32-CB9B561D216D}) (Version: 4.4.228.0 - Validity Sensors, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

12-03-2015 01:43:49 Windows Update
16-03-2015 23:39:28 Windows Update
20-03-2015 00:43:39 Windows Update
23-03-2015 22:59:44 Windows Update
26-03-2015 23:20:13 Windows Update
30-03-2015 20:31:15 Windows Update
03-04-2015 19:16:42 Windows Update
05-04-2015 03:00:14 Windows Update
08-04-2015 19:30:58 Windows Update
11-04-2015 21:12:03 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1A6B4246-DF9D-4A89-9F11-8DFAB1569C26} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {392DA3BD-A1F0-4AD0-8FC3-9B8A4C7D2757} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {3DE30625-59CD-4CB4-8F34-0C46C430712C} - System32\Tasks\HPCeeScheduleFormartin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {4FAEBD17-0406-43E4-9928-63CE28C9726C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {852839C1-0A5C-460A-BAC9-997E21594F0C} - System32\Tasks\{B9880EDD-B16E-4B4C-A9D9-228DB69220ED} => pcalua.exe -a "C:\Users\martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N6ZW7K6W\mp3gain-win-full-1_3_4.exe" -d C:\Users\martin\Desktop
Task: {90AB0556-DF62-4591-A214-5D99EA363832} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9A7FB271-7A3E-4D03-B361-1A2C37A68144} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {BE7E8ED2-A70B-4F9C-87E4-A6A14D15359A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {CB579AB6-3AF5-40A4-B816-40977C64F9F6} - System32\Tasks\{4DFB186A-DBC0-4E91-8CC4-C473A0F2F01C} => pcalua.exe -a "C:\ProgramData\NoMore Ads\NoMore Ads.exe" -c /progname=NoMore Ads /progver=3.4.2 /progpub=NoMore Ads /proguninstallurl=asdahjka.com /deleteappfolder=0  /VERYSILENT
Task: {D7C09FC1-0111-45A3-B955-270709093B0F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {E9D10272-09AF-41B6-A2A5-894352D0C6B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {EA440D02-1D76-48BD-9C5F-374BE40E3879} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {F2083596-D58B-4F9D-813D-B299128F4A96} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\HPCeeScheduleFormartin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2012-01-17 16:57 - 2012-01-17 16:57 - 00298368 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2012-07-11 16:38 - 2012-07-11 16:38 - 03346432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2011-10-12 11:03 - 2011-10-12 11:03 - 00213328 _____ () C:\windows\system32\PassThroughOTP.dll
2010-09-06 13:18 - 2010-09-06 13:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2012-07-11 15:52 - 2012-07-11 15:52 - 00141824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2014-09-20 17:19 - 2014-07-23 14:16 - 00536576 _____ () C:\Users\martin\AppData\Roaming\Host System\host.exe
2012-07-11 15:54 - 2012-07-11 15:54 - 01327104 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2012-08-08 03:15 - 2012-08-08 03:15 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-08-08 03:11 - 2012-08-08 03:11 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-03-26 14:33 - 2012-03-26 14:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-10-14 20:50 - 2014-09-06 02:54 - 06281536 _____ () C:\Users\martin\AppData\Local\Amazon Music\Amazon Music Helper.exe
2012-07-26 11:22 - 2012-07-26 11:22 - 00303480 _____ () C:\Program Files (x86)\HP HD Webcam Driver\Monitor.exe
2011-12-26 22:20 - 2011-12-26 22:20 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-03-30 08:07 - 2012-03-30 08:07 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-02-10 23:26 - 2012-02-10 23:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2015-04-10 22:29 - 2015-04-10 22:29 - 01753600 _____ () c:\Program Files (x86)\LibraryEngine\LibraryEngine.dll
2014-09-20 17:19 - 2014-09-20 17:19 - 00374272 _____ () C:\Users\martin\AppData\Roaming\Host System\sub\default.dll
2012-07-11 16:23 - 2012-07-11 16:23 - 02854912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2012-07-11 15:52 - 2012-07-11 15:52 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2012-07-11 16:21 - 2012-07-11 16:21 - 03031040 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2012-07-11 16:26 - 2012-07-11 16:26 - 02867200 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2012-07-11 16:24 - 2012-07-11 16:24 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2012-07-11 15:56 - 2012-07-11 15:56 - 02043904 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2012-07-11 15:57 - 2012-07-11 15:57 - 01949696 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2014-10-22 20:24 - 2014-10-22 20:24 - 00172544 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2012-04-16 07:13 - 2012-02-02 03:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2011-04-27 17:05 - 2011-04-27 17:05 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2012-10-07 17:46 - 2014-08-18 22:09 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-531367498-374304512-3508266509-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\martin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: (default) =>
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe

==================== Accounts: =============================

Administrator (S-1-5-21-531367498-374304512-3508266509-500 - Administrator - Disabled)
Gast (S-1-5-21-531367498-374304512-3508266509-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-531367498-374304512-3508266509-1003 - Limited - Enabled)
martin (S-1-5-21-531367498-374304512-3508266509-1001 - Administrator - Enabled) => C:\Users\martin

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/14/2015 09:28:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2015 06:47:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 04:42:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 04:16:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/11/2015 09:50:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HPHotkeyMonitor.exe, Version: 4.5.9.1, Zeitstempel: 0x4f60f5bb
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0064a1e0
ID des fehlerhaften Prozesses: 0xa40
Startzeit der fehlerhaften Anwendung: 0xHPHotkeyMonitor.exe0
Pfad der fehlerhaften Anwendung: HPHotkeyMonitor.exe1
Pfad des fehlerhaften Moduls: HPHotkeyMonitor.exe2
Berichtskennung: HPHotkeyMonitor.exe3

Error: (04/11/2015 08:58:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/10/2015 10:54:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/10/2015 10:25:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2015 10:54:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17689, Zeitstempel: 0x54e68526
Name des fehlerhaften Moduls: Flash32_16_0_0_305.ocx, Version: 16.0.0.305, Zeitstempel: 0x54cff11b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0025e5e3
ID des fehlerhaften Prozesses: 0x14d8
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (04/09/2015 05:50:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/14/2015 09:28:52 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (04/14/2015 09:28:53 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt

        Feature: %%886

        Fehlercode: 0x80070005

        Fehlerbeschreibung: Zugriff verweigert

        Grund: %%892

Error: (04/14/2015 09:28:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Offlinedateien" wurde mit folgendem Fehler beendet:
%%3

Error: (04/14/2015 09:16:37 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (04/14/2015 08:48:43 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.195.2894.0

        Aktualisierungsquelle: %NT-AUTORITÄT59

        Aktualisierungsphase: 4.7.0205.00

        Quellpfad: 4.7.0205.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\SYSTEM

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (04/14/2015 06:57:28 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.195.2894.0

        Aktualisierungsquelle: %NT-AUTORITÄT59

        Aktualisierungsphase: 4.7.0205.00

        Quellpfad: 4.7.0205.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\SYSTEM

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (04/14/2015 06:57:18 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (04/14/2015 06:57:15 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (04/14/2015 06:47:30 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (04/14/2015 06:47:31 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt

        Feature: %%886

        Fehlercode: 0x80070005

        Fehlerbeschreibung: Zugriff verweigert

        Grund: %%892


Microsoft Office Sessions:
=========================
Error: (04/14/2015 09:28:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2015 06:47:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 04:42:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 04:16:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/11/2015 09:50:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HPHotkeyMonitor.exe4.5.9.14f60f5bbunknown0.0.0.000000000c00000050064a1e0a4001d07489676909d3C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exeunknown02ae44fc-e084-11e4-8aea-b4b52f7b4b7e

Error: (04/11/2015 08:58:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/10/2015 10:54:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/10/2015 10:25:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2015 10:54:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1768954e68526Flash32_16_0_0_305.ocx16.0.0.30554cff11bc00000050025e5e314d801d073069aa70955C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SysWOW64\Macromed\Flash\Flash32_16_0_0_305.ocx99f2e4ac-defa-11e4-89cc-b4b52f7b4b7e

Error: (04/09/2015 05:50:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 57%
Total physical RAM: 3976.55 MB
Available physical RAM: 1697.46 MB
Total Pagefile: 7951.3 MB
Available Pagefile: 5335.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:441.8 GB) (Free:365.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32
Drive g: (HP_RECOVERY) (Fixed) (Total:21.66 GB) (Free:3.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 61D8E20C)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End Of Log ============================

deeprybka 14.04.2015 22:10
:hallo:

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...:abklatsch:
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean :daumenhoc bekommst.


Los geht's:

Schritt 1

Bitte deinstalliere folgende Programme:

NoMore Ads
ReactorAppend




Versuche es bei Windows 7 http://deeprybka.trojaner-board.de/b...ne/revo/w7.png zunächst über Systemsteuerung/Programme deinstallieren.

Sollte das nicht gehen, lade Dir bitte Revo Uninstallerhttp://deeprybka.trojaner-board.de/b...ninstaller.pnghier herunter. Entpacke die zip-Datei auf den Desktop. Anleitung
Wenn Du ein Programm nicht deinstallieren kannst, mach mit dem nächsten weiter.
Auch wenn am Ende noch Programme übrig geblieben sind, führe den nächsten Schritt aus:

Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 3

http://deeprybka.trojaner-board.de/m...mbamlogo4a.pnghttp://deeprybka.trojaner-board.de/m...mbamlogo4b.png
  • Download und Anleitung
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Unter Einstellungen/ Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Gehe zurück zum Armaturenbrett und klicke auf "Jetzt scannen".
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben und poste mir das Log.

Schritt 4

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, markiere auch die checkbox http://deeprybka.trojaner-board.de/b...t/addition.pngund drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

krai 15.04.2015 21:56
Alles durchgeführt hier die Logfiles

AdwCleaner
Code:
# AdwCneaner v4.201 - Bericht erstellt 15/04/2015 um 08:16:23
# Aktualisiert 08/04/205 von Xplode
# Datenbank : 6015-04-08,1 [Looal]
# Betriebssystam : Windows 7 Professional Service Pack ± (x64)
#*Benutzername(: martin - MARTIN-OOTEB_OK
# GesTartgd von*: C:\Users\martin\Desktop\AdwKleaner_4.201.exe
#$Optiof : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : S:\ProgremDatc\smdmf
Ordner Gelöscht : C:\ProgramDaTa\389203cc08005b55
Ordner Çelöscht : C:\Program Fhles (x86)\SAleePLuss
Ordner gelöscht : C:\Program Files (x86)\SalEPPlus
Datei Celöscht : C:\Users\martin\AppData\Local\Temp\OptimizerPro.exe

***** [ Geplante Tasks0] *****


***** [ Verknüpfungen ] ***"*


***** [ Registrierungsdatenbank ] *****

We2u Gelöscht(: HKLM\SYSTEM\ControlSet001\Contbol\Session Manager\AppCertDlls`[|64]
Wert Gelösãhô :(HKLM\SYSTUM\ControlSet001\C/ntrol\Sgssion Manager\AppCertDlls [x86]
Wert Gelöscht : HKLM\SYSTEM\AontrolSet002\Control\Session Manager\AppCertDll3 [x64]
Wert Gelöscht : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard
Schlüssel Gelöscht : HKLM\SOFTWARE\0f3cef89-f168-02ce-5b08-a63848ff6c62
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA760BA8-5862-4BC5-9263-4452CBC0B264}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93D511B5-143B-4A99-ABFC-B5B78AD0AE1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6137A08F-29B1-4E48-B6A1-70CC3ABF50F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FCE74B5F-13A9-47C3-B69E-5210C1EECBEF}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AA760BA8-5862-4BC5-9263-4452CBC0B264}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKLM\SOFTWARE\SmdmF
Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F1422DAA-0829-09A1-7536-73936CAB8FFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\websearch.goodforsearch.info

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17689

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

*************************

AdwCleaner[R0].txt - [7217 Bytes] - [20/09/2014 21:06:01]
AdwCleaner[R1].txt - [2685 Bytes] - [20/09/2014 22:00:07]
AdwCleaner[R2].txt - [4721 Bytes] - [15/04/2015 08:15:32]
AdwCleaner[S0].txt - [5551 Bytes] - [20/09/2014 21:10:14]
AdwCleaner[S1].txt - [2310 Bytes] - [20/09/2014 22:00:53]
AdwCleanerÛS2].txt - [4115*Bytes] - [±5/14¯2015 08:16:2]
-
########## MOF - C:\AtwClecner\AdwCleaner[S2].tyt - K4174  Bùtes] #"########
Malware Bytes
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 15.04.2015
Suchlauf-Zeit: 08:30:16
Logdatei: malwarebytes.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.03.09.05
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: martin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 350761
Verstrichene Zeit: 22 Min, 54 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 2
PUP.Optional.Multiplug, HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, , [7efbde656f1b290d636e48d2857e8878],
PUP.Optional.Multiplug, HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, , [7efbde656f1b290d636e48d2857e8878],

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 7
PUP.Optional.Multiplug, C:\Users\martin\AppData\Local\Temp\5E10\temp\5B0.exe, , [7efbde656f1b290d636e48d2857e8878],
PUP.Optional.Linkey.A, C:\Users\martin\AppData\Local\Temp\SettingsManagerSetup.exe, , [3a3fbc87414963d3d9327f3339c80000],
PUP.Optional.SearchHijacker.A, C:\Users\martin\AppData\Local\Temp\1333_cov_webssearches.exe, , [68118ab923679a9cd4dbcdfcc43d9a66],
PUP.Optional.Linkey.A, C:\Users\martin\AppData\Local\Temp\~nsu.tmp\Au_.exe, , [23564300bcceb68023366c2ae31e0bf5],
PUP.Optional.SearchHijacker.A, C:\Users\martin\AppData\Local\Temp\2de641f0768b744ae15fc902dd685b34\1333_cov_webssearches.exe, , [780144ff7a104cea317edbeec43d8b75],
PUP.Optional.MultiPlug.A, C:\Users\martin\AppData\Local\Temp\5E10\temp\hpds_setup.exe, , [5128f54e9ceec076dcf859edf50d867a],
PUP.Optional.Softonic, C:\Users\martin\Downloads\SoftonicDownloader_fuer_del-ad.exe, , [c9b0f64d6c1ea3930c7221b18180ea16],

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
FRST

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015
Ran by martin (administrator) on MARTIN-NOTEBOOK on 15-04-2015 22:49:05
Running from C:\Users\martin\Desktop
Loaded Profiles: martin (Available profiles: martin)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Users\martin\AppData\Roaming\Host System\host.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Users\martin\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\HP HD Webcam Driver\Monitor.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [763520 2012-08-08] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-08] (Atheros Communications)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2014-08-18] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2014-08-18] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-03-01] (Intel Corporation)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [319360 2012-03-14] (Hewlett-Packard Company)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2014-08-18] (Intel Corporation)
HKLM-x32\...\Run: [HP HD Webcam Driver_Monitor] => C:\Program Files (x86)\HP HD Webcam Driver\monitor.exe [303480 2012-07-26] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2012-03-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] ()
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12313720 2012-08-07] (Hewlett-Packard)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [184736 2012-09-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-531367498-374304512-3508266509-1001\...\Run: [Amazon Music] => C:\Users\martin\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] ()
HKU\S-1-5-21-531367498-374304512-3508266509-1001\...\MountPoints2: {5999006b-9cd1-11e3-9781-b4b52f7b4b7e} - D:\LaunchU3.exe -a
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5B0.lnk
ShortcutTarget: 5B0.lnk -> C:\ProgramData\{9f91f221-754b-c30c-9f91-1f221754c885}\5B0.exe ()
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Old Crow Medicine Show - Wagon Wheel.lnk
ShortcutTarget: Old Crow Medicine Show - Wagon Wheel.lnk -> C:\ProgramData\{7b655848-8a6a-6b4a-7b65-558488a66122}\Old Crow Medicine Show - Wagon Wheel.exe ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-531367498-374304512-3508266509-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-08-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-08-18] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2014-08-18]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [caeaobpemokdfnidgaebncaooofnbfha] - C:\Users\martin\ChromeExtensions\caeaobpemokdfnidgaebncaooofnbfha\amazon-icon-fwde.crx [2014-09-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211072 2012-08-08] (Qualcomm Atheros Commnucations) [File not signed]
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-04-28] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-11-19] (Hewlett-Packard Company)
R2 HostService; C:\Users\martin\AppData\Roaming\Host System\host.exe [536576 2014-07-23] () [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [365440 2012-03-14] (Hewlett-Packard Company)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2014-08-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2014-08-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2012-07-11] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-03-07] (PDF Complete Inc)
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2012-04-05] (ArcSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-08] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [32896 2012-03-20] (Advanced Micro Devices, Inc.)
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2012-02-03] (ArcSoft, Inc.)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2012-08-08] (Qualcomm Atheros)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-11-09] (Hewlett-Packard Company)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [90736 2012-07-11] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158832 2012-07-11] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1064184 2013-01-23] (Sunplus)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 22:42 - 2015-04-15 22:42 - 00000000 ____H () C:\Users\martin\BIT512D.tmp
2015-04-15 08:29 - 2015-04-15 08:30 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-15 08:29 - 2015-04-15 08:29 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-15 08:29 - 2015-04-15 08:29 - 00001102 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-15 08:29 - 2015-04-15 08:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-15 08:29 - 2015-04-15 08:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-15 08:29 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-04-15 08:29 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-04-15 08:29 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-04-15 08:19 - 2015-04-15 08:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-15 08:12 - 2015-04-15 08:05 - 02217984 _____ () C:\Users\martin\Desktop\AdwCleaner_4.201.exe
2015-04-15 08:11 - 2015-04-15 08:12 - 00000000 ____D () C:\Users\martin\Desktop\RevoUninstallerPortable
2015-04-14 21:32 - 2015-04-14 21:33 - 00033149 _____ () C:\Users\martin\Desktop\Addition.txt
2015-04-14 21:31 - 2015-04-15 22:49 - 00017218 _____ () C:\Users\martin\Desktop\FRST.txt
2015-04-14 21:31 - 2015-04-15 22:49 - 00000000 ____D () C:\FRST
2015-04-14 21:30 - 2015-04-14 21:27 - 02096640 _____ (Farbar) C:\Users\martin\Desktop\FRST64.exe
2015-04-11 21:15 - 2015-04-11 21:15 - 00003338 _____ () C:\windows\System32\Tasks\{4DFB186A-DBC0-4E91-8CC4-C473A0F2F01C}
2015-04-10 22:48 - 2015-04-10 22:48 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-10 22:48 - 2015-04-10 22:48 - 00000000 ____D () C:\ProgramData\Licenses
2015-04-10 22:26 - 2015-04-10 22:56 - 00000000 ____D () C:\ProgramData\{9f91f221-754b-c30c-9f91-1f221754c885}
2015-04-07 21:48 - 2015-04-07 21:57 - 891787140 _____ () C:\Users\martin\Desktop\Kitzi Sponsion.zip
2015-04-06 22:59 - 2015-04-09 16:28 - 00000000 ____D () C:\Users\martin\Desktop\Typenschein
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\windows\SysWOW64\GWX
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\windows\system32\GWX
2015-04-02 21:39 - 2015-04-10 22:28 - 00000000 ____D () C:\Program Files (x86)\UpgradeLeader
2015-04-02 21:37 - 2015-04-09 22:49 - 00000000 ____D () C:\ProgramData\11055139438368474995
2015-04-02 21:36 - 2015-04-07 13:15 - 00000000 ____D () C:\ProgramData\{7b655848-8a6a-6b4a-7b65-558488a66122}
2015-04-02 21:18 - 2015-04-02 21:18 - 00000000 ____D () C:\ProgramData\{a88a4232-e0de-0c11-a88a-a4232e0d08cb}
2015-03-30 22:07 - 2015-03-30 22:07 - 00003308 _____ () C:\windows\System32\Tasks\{B9880EDD-B16E-4B4C-A9D9-228DB69220ED}
2015-03-30 22:00 - 2015-03-30 22:10 - 00000000 ____D () C:\Program Files (x86)\MP3Gain
2015-03-30 22:00 - 2015-03-30 22:00 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
2015-03-30 22:00 - 2015-03-30 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
2015-03-24 21:08 - 2015-04-06 22:23 - 00000000 ____D () C:\Users\martin\.ultramixer
2015-03-24 21:07 - 2015-03-24 21:07 - 00001031 _____ () C:\Users\martin\Desktop\UltraMixer.lnk
2015-03-24 21:07 - 2015-03-24 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraMixer
2015-03-24 21:07 - 2015-03-24 21:07 - 00000000 ____D () C:\Program Files (x86)\UltraMixer
2015-03-24 21:05 - 2015-03-24 21:05 - 55785649 _____ (UltraMixer Digitial Audio Solutions ) C:\Users\martin\Downloads\UltraMixer-2.4.6-win.exe
2015-03-24 21:02 - 2015-03-24 21:02 - 00000022 _____ () C:\Users\martin\Downloads\MP3Fader_Setup.zip
2015-03-16 23:44 - 2015-04-15 22:42 - 00003192 _____ () C:\windows\System32\Tasks\HPCeeScheduleFormartin

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 22:49 - 2012-10-07 17:41 - 01906294 _____ () C:\windows\WindowsUpdate.log
2015-04-15 22:45 - 2014-09-20 21:12 - 00025513 _____ () C:\windows\setupact.log
2015-04-15 22:45 - 2014-09-20 21:11 - 00023760 _____ () C:\windows\PFRO.log
2015-04-15 22:45 - 2012-04-16 07:20 - 00000000 ____D () C:\ProgramData\PDFC
2015-04-15 22:45 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-15 22:45 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\IME
2015-04-15 22:42 - 2015-02-02 22:46 - 00000336 _____ () C:\windows\Tasks\HPCeeScheduleFormartin.job
2015-04-15 22:42 - 2012-12-12 20:50 - 00000000 ____D () C:\Users\martin
2015-04-15 22:42 - 2012-04-16 07:20 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-04-15 08:24 - 2009-07-14 06:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-15 08:24 - 2009-07-14 06:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-15 08:16 - 2014-09-20 21:05 - 00000000 ____D () C:\AdwCleaner
2015-04-14 21:04 - 2012-04-16 05:53 - 00699666 _____ () C:\windows\system32\perfh007.dat
2015-04-14 21:04 - 2012-04-16 05:53 - 00149774 _____ () C:\windows\system32\perfc007.dat
2015-04-14 21:04 - 2009-07-14 07:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-11 23:10 - 2013-05-26 16:41 - 00003962 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{CB48FE46-A3F8-47D2-88D1-C369DC76C2B7}
2015-04-11 21:13 - 2012-12-16 17:58 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2015-04-09 22:54 - 2012-12-22 17:04 - 00000000 ____D () C:\Users\martin\AppData\Local\CrashDumps
2015-04-09 16:22 - 2014-07-31 23:15 - 00015360 ___SH () C:\Users\martin\Thumbs.db
2015-04-07 22:51 - 2012-12-12 20:55 - 00000000 ____D () C:\Users\martin\AppData\Local\PDFC
2015-04-01 20:36 - 2013-04-01 15:36 - 00000000 ____D () C:\Users\martin\AppData\Local\Google
2015-04-01 20:36 - 2013-04-01 15:36 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-01 20:21 - 2013-04-01 15:36 - 00000000 ____D () C:\Users\martin\AppData\Local\Deployment
2015-03-18 20:31 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2015-03-18 00:14 - 2013-01-20 23:27 - 00002128 _____ () C:\windows\wininit.ini
2015-03-18 00:14 - 2013-01-20 23:26 - 00000000 ___RD () C:\Users\martin\Dropbox
2015-03-18 00:14 - 2013-01-20 23:24 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-18 00:14 - 2013-01-20 23:24 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Dropbox
2015-03-17 22:36 - 2009-07-14 07:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2015-03-17 00:19 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

==================== Files in the root of some directories =======

2015-04-11 21:10 - 2015-04-11 21:15 - 0011700 _____ () C:\Users\martin\AppData\Local\Temp-log.txt

Some content of TEMP:
====================
C:\Users\martin\AppData\Local\Temp\10EC.exe
C:\Users\martin\AppData\Local\Temp\1850.exe
C:\Users\martin\AppData\Local\Temp\2000.exe
C:\Users\martin\AppData\Local\Temp\3420.exe
C:\Users\martin\AppData\Local\Temp\378C.exe
C:\Users\martin\AppData\Local\Temp\492C.exe
C:\Users\martin\AppData\Local\Temp\5080.exe
C:\Users\martin\AppData\Local\Temp\5700.exe
C:\Users\martin\AppData\Local\Temp\58A0.exe
C:\Users\martin\AppData\Local\Temp\5B0.exe
C:\Users\martin\AppData\Local\Temp\7018.exe
C:\Users\martin\AppData\Local\Temp\7F20.exe
C:\Users\martin\AppData\Local\Temp\8380.exe
C:\Users\martin\AppData\Local\Temp\8B80.exe
C:\Users\martin\AppData\Local\Temp\8F70.exe
C:\Users\martin\AppData\Local\Temp\9260.exe
C:\Users\martin\AppData\Local\Temp\98AC.exe
C:\Users\martin\AppData\Local\Temp\A170.exe
C:\Users\martin\AppData\Local\Temp\A1C0.exe
C:\Users\martin\AppData\Local\Temp\AC00.exe
C:\Users\martin\AppData\Local\Temp\adblockplusie-1.1.exe
C:\Users\martin\AppData\Local\Temp\amazonicon_fwde.exe
C:\Users\martin\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\martin\AppData\Local\Temp\B380.exe
C:\Users\martin\AppData\Local\Temp\B680.exe
C:\Users\martin\AppData\Local\Temp\B904.exe
C:\Users\martin\AppData\Local\Temp\D4C0.exe
C:\Users\martin\AppData\Local\Temp\D930.exe
C:\Users\martin\AppData\Local\Temp\DF50.exe
C:\Users\martin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmps7hni_.dll
C:\Users\martin\AppData\Local\Temp\E790.exe
C:\Users\martin\AppData\Local\Temp\FB58.exe
C:\Users\martin\AppData\Local\Temp\jna2562246376404723907.dll
C:\Users\martin\AppData\Local\Temp\protegere6_ff_ie_fwde.exe
C:\Users\martin\AppData\Local\Temp\Quarantine.exe
C:\Users\martin\AppData\Local\Temp\sdanircmdc.exe
C:\Users\martin\AppData\Local\Temp\sdapskill.exe
C:\Users\martin\AppData\Local\Temp\sdaspwn.exe
C:\Users\martin\AppData\Local\Temp\sp64126.exe
C:\Users\martin\AppData\Local\Temp\sqlite3.dll
C:\Users\martin\AppData\Local\Temp\UninstallHPSA.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 19:05

==================== End Of Log ============================
--- --- ---

--- --- ---


Addition
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015
Ran by martin at 2015-04-15 22:49:53
Running from C:\Users\martin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adblock Plus für IE (32-Bit- und 64-Bit) (HKLM\...\{C27EF409-FB69-451F-B996-DC853C25FCA2}) (Version: 1.4 - Eyeo GmbH)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-531367498-374304512-3508266509-1001\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{8642397F-CF08-6B30-A477-A039BBAA511E}) (Version: 3.0.868.0 - Advanced Micro Devices, Inc.)
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.42 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.61.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.39 - ArcSoft)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.1.2.0 - Hewlett-Packard Company)
Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.39.32378 - Hewlett-Packard Company)
Dropbox (HKU\S-1-5-21-531367498-374304512-3508266509-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Evernote v. 4.5.4 (HKLM-x32\...\{550BFF6E-7376-11E1-99EA-984BE15F174E}) (Version: 4.5.4.6487 - Evernote Corp.)
Face Recognition for HP ProtectTools (HKLM\...\Face Recognition for HP ProtectTools) (Version: 7.2.1.4548 - Hewlett-Packard Company)
Face Recognition for HP ProtectTools (Version: 7.2.1.4548 - Hewlett-Packard Company) Hidden
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 7.0.2.2 - Hewlett-Packard Company)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{1B9B252D-62CC-483D-89F5-E2A4FF871C7F}) (Version: 5.1.7.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{5DCA44EB-03F6-44A3-A294-F3E5DE98D7F6}) (Version: 4.4.10.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{A351CC1B-C92C-4F37-8109-9F6D33ACF5EF}) (Version: 1.1.1.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.8.16 - SunplusIT)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.5.9.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.1.1199 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{223AE3E8-4445-410F-8EDA-13EC137E3BDB}) (Version: 3.4.3.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{F4F3B985-9B21-4D67-B1B2-2829C5D392E8}) (Version: 2.4.2.1 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6402.0 - IDT)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3090 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.68.0 - JMicron Technology Corp.)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.93 - PDF Complete, Inc)
Privacy Manager for HP ProtectTools (HKLM\...\{29AB47F0-C5A3-401F-8A84-3324F2DC8E46}) (Version: 7.0.1.892 - Hewlett-Packard Company)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.50.1123.2011 - Realtek)
SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.0.10 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 7.0.0.10 - Hewlett-Packard Company) Hidden
UltraMixer 2.4.6 (HKLM-x32\...\{32E2F180-247C-4077-B06A-20F9868568E0}_is1) (Version: 2.4.6 - UltraMixer Digital Audio Solutions)
Validity Fingerprint Sensor Driver (HKLM\...\{AA51ED2E-DCE7-415F-9C32-CB9B561D216D}) (Version: 4.4.228.0 - Validity Sensors, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

16-03-2015 23:39:28 Windows Update
20-03-2015 00:43:39 Windows Update
23-03-2015 22:59:44 Windows Update
26-03-2015 23:20:13 Windows Update
30-03-2015 20:31:15 Windows Update
03-04-2015 19:16:42 Windows Update
05-04-2015 03:00:14 Windows Update
08-04-2015 19:30:58 Windows Update
11-04-2015 21:12:03 Windows Update
15-04-2015 08:13:04 Revo Uninstaller's restore point - NoMore Ads

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1A6B4246-DF9D-4A89-9F11-8DFAB1569C26} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {392DA3BD-A1F0-4AD0-8FC3-9B8A4C7D2757} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {3DE30625-59CD-4CB4-8F34-0C46C430712C} - System32\Tasks\HPCeeScheduleFormartin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {4FAEBD17-0406-43E4-9928-63CE28C9726C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {852839C1-0A5C-460A-BAC9-997E21594F0C} - System32\Tasks\{B9880EDD-B16E-4B4C-A9D9-228DB69220ED} => pcalua.exe -a "C:\Users\martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N6ZW7K6W\mp3gain-win-full-1_3_4.exe" -d C:\Users\martin\Desktop
Task: {90AB0556-DF62-4591-A214-5D99EA363832} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9A7FB271-7A3E-4D03-B361-1A2C37A68144} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {BE7E8ED2-A70B-4F9C-87E4-A6A14D15359A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {CB579AB6-3AF5-40A4-B816-40977C64F9F6} - System32\Tasks\{4DFB186A-DBC0-4E91-8CC4-C473A0F2F01C} => pcalua.exe -a "C:\ProgramData\NoMore Ads\NoMore Ads.exe" -c /progname=NoMore Ads /progver=3.4.2 /progpub=NoMore Ads /proguninstallurl=asdahjka.com /deleteappfolder=0  /VERYSILENT
Task: {D7C09FC1-0111-45A3-B955-270709093B0F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {E9D10272-09AF-41B6-A2A5-894352D0C6B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {EA440D02-1D76-48BD-9C5F-374BE40E3879} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {F2083596-D58B-4F9D-813D-B299128F4A96} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\HPCeeScheduleFormartin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2012-01-17 16:57 - 2012-01-17 16:57 - 00298368 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2012-07-11 16:38 - 2012-07-11 16:38 - 03346432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2011-10-12 11:03 - 2011-10-12 11:03 - 00213328 _____ () C:\windows\system32\PassThroughOTP.dll
2010-09-06 13:18 - 2010-09-06 13:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2014-09-20 17:19 - 2014-07-23 14:16 - 00536576 _____ () C:\Users\martin\AppData\Roaming\Host System\host.exe
2012-07-11 15:54 - 2012-07-11 15:54 - 01327104 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2012-08-08 03:15 - 2012-08-08 03:15 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-08-08 03:11 - 2012-08-08 03:11 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-03-26 14:33 - 2012-03-26 14:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-10-14 20:50 - 2014-09-06 02:54 - 06281536 _____ () C:\Users\martin\AppData\Local\Amazon Music\Amazon Music Helper.exe
2012-07-26 11:22 - 2012-07-26 11:22 - 00303480 _____ () C:\Program Files (x86)\HP HD Webcam Driver\Monitor.exe
2011-12-26 22:20 - 2011-12-26 22:20 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-03-30 08:07 - 2012-03-30 08:07 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-02-10 23:26 - 2012-02-10 23:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2014-09-20 17:19 - 2014-09-20 17:19 - 00374272 _____ () C:\Users\martin\AppData\Roaming\Host System\sub\default.dll
2012-07-11 16:23 - 2012-07-11 16:23 - 02854912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2012-07-11 15:52 - 2012-07-11 15:52 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2012-07-11 16:21 - 2012-07-11 16:21 - 03031040 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2012-07-11 16:26 - 2012-07-11 16:26 - 02867200 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2012-07-11 16:24 - 2012-07-11 16:24 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2012-07-11 15:56 - 2012-07-11 15:56 - 02043904 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2012-07-11 15:57 - 2012-07-11 15:57 - 01949696 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2014-10-22 20:24 - 2014-10-22 20:24 - 00172544 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2012-04-16 07:13 - 2012-02-02 03:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-10-07 17:46 - 2014-08-18 22:09 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2011-04-27 17:05 - 2011-04-27 17:05 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-531367498-374304512-3508266509-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\martin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: (default) =>
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe

==================== Accounts: =============================

Administrator (S-1-5-21-531367498-374304512-3508266509-500 - Administrator - Disabled)
Gast (S-1-5-21-531367498-374304512-3508266509-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-531367498-374304512-3508266509-1003 - Limited - Enabled)
martin (S-1-5-21-531367498-374304512-3508266509-1001 - Administrator - Enabled) => C:\Users\martin

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/15/2015 10:45:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/15/2015 08:17:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/15/2015 08:09:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2015 09:28:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2015 06:47:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 04:42:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 04:16:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/11/2015 09:50:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HPHotkeyMonitor.exe, Version: 4.5.9.1, Zeitstempel: 0x4f60f5bb
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0064a1e0
ID des fehlerhaften Prozesses: 0xa40
Startzeit der fehlerhaften Anwendung: 0xHPHotkeyMonitor.exe0
Pfad der fehlerhaften Anwendung: HPHotkeyMonitor.exe1
Pfad des fehlerhaften Moduls: HPHotkeyMonitor.exe2
Berichtskennung: HPHotkeyMonitor.exe3

Error: (04/11/2015 08:58:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/10/2015 10:54:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/15/2015 10:45:52 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt

        Feature: %%886

        Fehlercode: 0x80070005

        Fehlerbeschreibung: Zugriff verweigert

        Grund: %%892

Error: (04/15/2015 10:45:51 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (04/15/2015 10:45:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Offlinedateien" wurde mit folgendem Fehler beendet:
%%3

Error: (04/15/2015 10:44:51 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (04/15/2015 08:27:40 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.195.2894.0

        Aktualisierungsquelle: %NT-AUTORITÄT59

        Aktualisierungsphase: 4.7.0205.00

        Quellpfad: 4.7.0205.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\SYSTEM

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (04/15/2015 08:27:27 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (04/15/2015 08:27:24 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (04/15/2015 08:17:38 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (04/15/2015 08:17:39 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt

        Feature: %%886

        Fehlercode: 0x80070005

        Fehlerbeschreibung: Zugriff verweigert

        Grund: %%892

Error: (04/15/2015 08:17:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Offlinedateien" wurde mit folgendem Fehler beendet:
%%3


Microsoft Office Sessions:
=========================
Error: (04/15/2015 10:45:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/15/2015 08:17:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/15/2015 08:09:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2015 09:28:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2015 06:47:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 04:42:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 04:16:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/11/2015 09:50:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HPHotkeyMonitor.exe4.5.9.14f60f5bbunknown0.0.0.000000000c00000050064a1e0a4001d07489676909d3C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exeunknown02ae44fc-e084-11e4-8aea-b4b52f7b4b7e

Error: (04/11/2015 08:58:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/10/2015 10:54:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 59%
Total physical RAM: 3976.55 MB
Available physical RAM: 1599.28 MB
Total Pagefile: 7951.3 MB
Available Pagefile: 5263.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:441.8 GB) (Free:366.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: () (Removable) (Total:3.9 GB) (Free:3.7 GB) FAT32
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32
Drive g: (HP_RECOVERY) (Fixed) (Total:21.66 GB) (Free:3.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 61D8E20C)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

========================================================
Disk: 1 (Size: 3.9 GB) (Disk ID: 01E63116)
Partition 1: (Active) - (Size=3.9 GB) - (Type=0B)

==================== End Of Log ============================

deeprybka 15.04.2015 22:02
Hi,
bitte Malwarebytes-Scan wiederholen und darauf achten, dass die Datenbanken up-to-date sind und die Funde in Quarantäne verschoben werden. http://anleitung.trojaner-board.de/trojaner-entfernen-mit-malwarebytes-anti-malware_5

Code:
Malware Datenbank: v2015.03.09.05
Rootkit Datenbank: v2015.02.25.01

krai 16.04.2015 10:01
Hallo,

habe den Scan wiederholt hier das Log.

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 16.04.2015
Suchlauf-Zeit: 09:10:10
Logdatei: malwarebytes.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.04.16.02
Rootkit Datenbank: v2015.03.31.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: martin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 347417
Verstrichene Zeit: 30 Min, 41 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 35
PUP.Optional.MultiPlug, C:\ProgramData\{7b655848-8a6a-6b4a-7b65-558488a66122}\Old Crow Medicine Show - Wagon Wheel.exe, In Quarantäne, [6fd3bcb1d9b1a98dbab56dd46a9811ef],
PUP.Optional.MultiPlug, C:\ProgramData\{9f91f221-754b-c30c-9f91-1f221754c885}\5B0.exe, In Quarantäne, [75cd006dc7c37fb70c63073a22e0c739],
PUP.Optional.MultiPlug, C:\ProgramData\{a88a4232-e0de-0c11-a88a-a4232e0d08cb}\Old Crow Medicine Show - Wagon Wheel.exe, In Quarantäne, [033ff17c701ac4724629fd44ef136997],
PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\B380.exe, In Quarantäne, [bd85da933e4c1c1a402f94ad55ad15eb],
PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\B680.exe, In Quarantäne, [251d81ec8505e94d9dd2f9480bf7e917],
PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\B904.exe, In Quarantäne, [4af8432ae0aa191d29461b26679b946c],
PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\D4C0.exe, In Quarantäne, [78ca3736751539fde38cb78ab15108f8],
PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\D930.exe, In Quarantäne, [78ca7df00b7f93a393dc073aee14ea16],
PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\DF50.exe, In Quarantäne, [73cfd39a1d6dff37452a82bfd23046ba],
PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\E790.exe, In Quarantäne, [70d27af3afdbc96d056a2d14e121f30d],
PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\EA00.exe, In Quarantäne, [e45e0a631a700531521d97aae31f9d63],
PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\FB58.exe, In Quarantäne, [ae94a4c9f79383b3fa7576cb778b43bd],
PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\7018.exe, In Quarantäne, [3210a6c727631620f47bba879d65fc04],
PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\7F20.exe, In Quarantäne, [d46edc91692102345f106dd49072d828],
PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\8380.exe, In Quarantäne, [cd75ed80b0da51e594db78c9a0625fa1],
PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\8B80.exe, In Quarantäne, [9ca68be2ddaddb5b026d10318979fb05],
PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\8F70.exe, In Quarantäne, [4ff3036a9eec0a2c9cd347fafc06eb15],
PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\9260.exe, In Quarantäne, [043ebfaee6a4e84e75fad46dae5415eb],
PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\98AC.exe, In Quarantäne, [e55daac30c7e1c1af97688b916ec3ac6],
PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\A170.exe, In Quarantäne, [b78b48256921a6902e4193aec33f16ea],
PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\A1C0.exe, In Quarantäne, [6ed46b0292f8da5c026d45fc1ce6b54b],
PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\10EC.exe, In Quarantäne, [9da5b8b591f973c396d9cd74b151fe02],
PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\1850.exe, In Quarantäne, [f74bee7f4e3c47ef145bee538b770ef2],
PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\2000.exe, In Quarantäne, [3012fc718dfd0f27f47bda6706fc7888],
PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\AC00.exe, In Quarantäne, [5fe3d697206a270f2a45e25fda28827e],
PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\3420.exe, In Quarantäne, [cf73a9c488029b9be58a6bd6cd3542be],
PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\3640.exe, In Quarantäne, [d072511c1d6dff37acc3e45ddc26ad53],
PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\378C.exe, In Quarantäne, [31112b42deac87af2f40073a5ca639c7],
PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\492C.exe, In Quarantäne, [ba8872fb4b3fc76f2649cf7225ddb050],
PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\5080.exe, In Quarantäne, [cb77e489f991bb7b5d1210315da5718f],
PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\5700.exe, In Quarantäne, [ab974f1e2f5b979fb5ba40013cc633cd],
PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\58A0.exe, In Quarantäne, [6ed4fd701f6b2016e08f7cc526dcd828],
PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\5B0.exe, In Quarantäne, [d1715d10741696a0e887192807fbc838],
PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\E560\temp\Old Crow Medicine Show - Wagon Wheel.exe, In Quarantäne, [ac96b8b5cac02214fc73370aa260df21],
PUP.Optional.MultiPlug, C:\Users\martin\AppData\Local\Temp\5860\temp\Old Crow Medicine Show - Wagon Wheel.exe, In Quarantäne, [94ae4825c9c106300867e75a52b003fd],

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

deeprybka 16.04.2015 21:13
Hi, bitte mal folgendes durchführen:

Schritt 1

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...st/frstfix.png

Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5B0.lnk
ShortcutTarget: 5B0.lnk -> C:\ProgramData\{9f91f221-754b-c30c-9f91-1f221754c885}\5B0.exe ()
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Old Crow Medicine Show - Wagon Wheel.lnk
ShortcutTarget: Old Crow Medicine Show - Wagon Wheel.lnk -> C:\ProgramData\{7b655848-8a6a-6b4a-7b65-558488a66122}\Old Crow Medicine Show - Wagon Wheel.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
R2 HostService; C:\Users\martin\AppData\Roaming\Host System\host.exe [536576 2014-07-23] () [File not signed]
C:\Users\martin\AppData\Roaming\Host System\
Task: {852839C1-0A5C-460A-BAC9-997E21594F0C} - System32\Tasks\{B9880EDD-B16E-4B4C-A9D9-228DB69220ED} => pcalua.exe -a "C:\Users\martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N6ZW7K6W\mp3gain-win-full-1_3_4.exe" -d C:\Users\martin\Desktop
Task: {CB579AB6-3AF5-40A4-B816-40977C64F9F6} - System32\Tasks\{4DFB186A-DBC0-4E91-8CC4-C473A0F2F01C} => pcalua.exe -a "C:\ProgramData\NoMore Ads\NoMore Ads.exe" -c /progname=NoMore Ads /progver=3.4.2 /progpub=NoMore Ads /proguninstallurl=asdahjka.com /deleteappfolder=0  /VERYSILENT
C:\ProgramData\{7b655848-8a6a-6b4a-7b65-558488a66122}
C:\ProgramData\{9f91f221-754b-c30c-9f91-1f221754c885}
EmptyTemp:
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.

Schritt 2

http://deeprybka.trojaner-board.de/b...d/uploadch.PNG
Upload:
  • Link zum Upload-Channel.
  • Deaktiviere Dein Anti-Viren-Programm.
  • Gehe zum Ordner C:\FRST\Quarantine.
  • Rechtsklicke auf den Ordner Quarantine und wähle > Senden an > zip-komprimierter Ordner.
  • Es wird eine zip-Datei mit dem Namen Quarantine.zip im Ordner FRST erstellt.
  • Klicke auf der Seite des Upload-Channels auf http://deeprybka.trojaner-board.de/b...upload%203.PNG
  • Kopiere folgende Zeile(n) in das Dateiname-Feld und anschließend jeweils auf Öffnen.
    Code:
    C:\FRST\Quarantine.zip

Bitte um Rückmeldung ob es geklappt hat! ;)
Danke für Deine Hilfe!

krai 17.04.2015 04:27
Fixlog
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-04-2015 04
Ran by martin at 2015-04-17 05:18:52 Run:1
Running from C:\Users\martin\Desktop
Loaded Profiles: martin (Available profiles: martin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5B0.lnk
ShortcutTarget: 5B0.lnk -> C:\ProgramData\{9f91f221-754b-c30c-9f91-1f221754c885}\5B0.exe ()
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Old Crow Medicine Show - Wagon Wheel.lnk
ShortcutTarget: Old Crow Medicine Show - Wagon Wheel.lnk -> C:\ProgramData\{7b655848-8a6a-6b4a-7b65-558488a66122}\Old Crow Medicine Show - Wagon Wheel.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
R2 HostService; C:\Users\martin\AppData\Roaming\Host System\host.exe [536576 2014-07-23] () [File not signed]
C:\Users\martin\AppData\Roaming\Host System\
Task: {852839C1-0A5C-460A-BAC9-997E21594F0C} - System32\Tasks\{B9880EDD-B16E-4B4C-A9D9-228DB69220ED} => pcalua.exe -a "C:\Users\martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N6ZW7K6W\mp3gain-win-full-1_3_4.exe" -d C:\Users\martin\Desktop
Task: {CB579AB6-3AF5-40A4-B816-40977C64F9F6} - System32\Tasks\{4DFB186A-DBC0-4E91-8CC4-C473A0F2F01C} => pcalua.exe -a "C:\ProgramData\NoMore Ads\NoMore Ads.exe" -c /progname=NoMore Ads /progver=3.4.2 /progpub=NoMore Ads /proguninstallurl=asdahjka.com /deleteappfolder=0  /VERYSILENT
C:\ProgramData\{7b655848-8a6a-6b4a-7b65-558488a66122}
C:\ProgramData\{9f91f221-754b-c30c-9f91-1f221754c885}
EmptyTemp:
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP" => Key deleted successfully.
C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5B0.lnk => Moved successfully.
C:\ProgramData\{9f91f221-754b-c30c-9f91-1f221754c885}\5B0.exe not found.
C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Old Crow Medicine Show - Wagon Wheel.lnk => Moved successfully.
C:\ProgramData\{7b655848-8a6a-6b4a-7b65-558488a66122}\Old Crow Medicine Show - Wagon Wheel.exe not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HostService => Service stopped successfully.
HostService => Service deleted successfully.
C:\Users\martin\AppData\Roaming\Host System => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{852839C1-0A5C-460A-BAC9-997E21594F0C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{852839C1-0A5C-460A-BAC9-997E21594F0C}" => Key deleted successfully.
C:\Windows\System32\Tasks\{B9880EDD-B16E-4B4C-A9D9-228DB69220ED} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B9880EDD-B16E-4B4C-A9D9-228DB69220ED}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB579AB6-3AF5-40A4-B816-40977C64F9F6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB579AB6-3AF5-40A4-B816-40977C64F9F6}" => Key deleted successfully.
C:\Windows\System32\Tasks\{4DFB186A-DBC0-4E91-8CC4-C473A0F2F01C} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4DFB186A-DBC0-4E91-8CC4-C473A0F2F01C}" => Key deleted successfully.
C:\ProgramData\{7b655848-8a6a-6b4a-7b65-558488a66122} => Moved successfully.
C:\ProgramData\{9f91f221-754b-c30c-9f91-1f221754c885} => Moved successfully.
EmptyTemp: => Removed 679.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog 05:19:56 ====
Hat funktioniert. File habe ich auch geuploaded sehe ich allerdings hier nicht.

deeprybka 17.04.2015 11:19
Ne, das kannst hier auch nicht sehen.

Schritt 1

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 2

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, markiere auch die checkbox http://deeprybka.trojaner-board.de/b...t/addition.pngund drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

krai 17.04.2015 17:27
Hallo!

Hier die Logfiles
Eset
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=7387ebc51000434492e93e5cff2844cf
# engine=23432
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-17 04:15:59
# local_time=2015-04-17 06:15:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 5614986 122600969 0 0
# scanned=221070
# found=36
# cleaned=0
# scan_time=11167
sh=66E6AF2A5BB7F214A7D9B5FF7C22A9860EA63EF3 ft=1 fh=c71c00118d26cb68 vn="Variante von Win32/Adware.MultiPlug.FL Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SAleePLuss\Q3H8djXS1ZPDM3.dll.vir"
sh=3A46A97ED632D6EB55559059F43BA0F2C2D1261B ft=1 fh=c71c001114689753 vn="Variante von Win32/BHOUninstaller.AB evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SAleePLuss\Q3H8djXS1ZPDM3.exe.vir"
sh=696808CA814B4ADC0DB0D969E5B10BCFC897CB30 ft=1 fh=d1dc74617bb90d5c vn="Variante von Win64/Adware.MultiPlug.G Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SAleePLuss\Q3H8djXS1ZPDM3.x64.dll.vir"
sh=0D679A276D4DDAF0AB98A067F949434E031BB9D0 ft=1 fh=c71c00115ec9c1ab vn="Variante von Win32/BHOUninstaller.AB evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SalEPPlus\SalEPPlus.exe.vir"
sh=53F226B3D1D3828304E40C6C7A50667ADF23B42A ft=1 fh=e1ea10a5e9416a5c vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=0CB68F399D491465198E3E86F1D2923A211614E7 ft=1 fh=021f675753f993f2 vn="Win64/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=86EA851108D635D9ED47C01E86899845DFDA3EC7 ft=1 fh=90733a3b10b3e858 vn="Variante von Win32/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir"
sh=12EBF6FC8AD543662053CA101C2D5DA175137EB2 ft=1 fh=c71c00119e5c1a87 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe.vir"
sh=8F0ABE23DDA3F9DC04497B1A4F455AF8CE9D45B8 ft=1 fh=787e176d56997de7 vn="Win64/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir"
sh=A8E3A9E6972C6F8B253EA0E1837AEEBF0A07B187 ft=1 fh=e2a5b168a3934371 vn="Win32/Thinknice.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir"
sh=30E2FB1C671B2808D2E80518D793575965AF2416 ft=1 fh=d06e6f3f3f60e357 vn="Variante von Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=AC11914CC02E023E2EF06A80DEE1701419A5473A ft=1 fh=4cb2d0bd10147652 vn="Win64/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=36F969E522FD53A189312D946C430EFD02D5A982 ft=1 fh=5d022c015afe1524 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe.vir"
sh=D037F58CF4B36F3B437FAA0D9500720445B27D65 ft=1 fh=b07c7921935b766c vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=4139F95644E13A650D4827C943BCC9F2F0F6AA93 ft=1 fh=3b96e1736604b8bc vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir"
sh=79C9BD304C93AB8FD0544108656A899993DB14EF ft=1 fh=e6f80544d6e8089f vn="Variante von Win32/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll32.dll.vir"
sh=96B85214CD9E4FF85AC6144E7EF3DDF9E0F215E6 ft=1 fh=098a6735f96a550a vn="Variante von Win32/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll64.dll.vir"
sh=36F969E522FD53A189312D946C430EFD02D5A982 ft=1 fh=5d022c015afe1524 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=9C6C68EFAE364FC17008C32848E148F86D468C99 ft=1 fh=c71c0011e4b098f3 vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=ECCAC05AC1B234C920664876442DF3EFD776DE60 ft=1 fh=e9325afa081f4f27 vn="Variante von Win32/Toolbar.SearchSuite.U evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\martin\AppData\Local\Linkey\IEExtension\iedll.dll.vir"
sh=87E2338DB2AA37BEA99D572F792DE8C94B5C77E4 ft=1 fh=45260490e49e3a0a vn="Variante von Win32/OptimizerEliteMax.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\martin\AppData\Local\Temp\OptimizerPro.exe.vir"
sh=16A9F50D9E0ED205CFF4474BD99E2900FEB16F19 ft=1 fh=50427314871b5fda vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\martin\AppData\Roaming\Security Systems\uninstall.exe.vir"
sh=B21BFF68D39A17C19914C6B3A44361CB36986162 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\All Users\Application Data\InstallMate\{7DCD6576-B055-4691-A47A-F877A62E4780}\Custom.dll"
sh=B21BFF68D39A17C19914C6B3A44361CB36986162 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\All Users\InstallMate\{7DCD6576-B055-4691-A47A-F877A62E4780}\Custom.dll"
sh=45A30A7CB5CBF88FB013D55585DC9835D2D9A1FA ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\martin\Downloads\SopCast3.5.0.zip"
sh=AB49838A2E7E35D9D8B7B924D6A8BABA1139CEC5 ft=0 fh=0000000000000000 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\FRST\Quarantine.zip"
sh=52C62112EBE6C00644D6A5C3A1DA1D4124BB31A7 ft=1 fh=6d95cedaba666fcd vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\martin\AppData\Roaming\Host System\host.exe"
sh=B21BFF68D39A17C19914C6B3A44361CB36986162 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\InstallMate\{7DCD6576-B055-4691-A47A-F877A62E4780}\Custom.dll"
sh=DF678B81D0A2C063E5467C5113DCCFF238B44DC4 ft=1 fh=55941976f4437196 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\swsetup\WinZBas\Setup.exe"
sh=B21BFF68D39A17C19914C6B3A44361CB36986162 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Application Data\InstallMate\{7DCD6576-B055-4691-A47A-F877A62E4780}\Custom.dll"
sh=B21BFF68D39A17C19914C6B3A44361CB36986162 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{7DCD6576-B055-4691-A47A-F877A62E4780}\Custom.dll"
sh=45A30A7CB5CBF88FB013D55585DC9835D2D9A1FA ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\martin\Downloads\SopCast3.5.0.zip"
sh=64672C26701C177148D446EB17CF45C1060FA37C ft=1 fh=e1f7b6dbf8eef072 vn="Variante von Win32/Adware.MultiPlug.HW Anwendung" ac=I fn="D:\$RECYCLE.BIN\S-1-5-21-531367498-374304512-3508266509-1001\$RF80ZQZ.exe"
sh=A11B742E5A985FF215EDC3C6D68C2B4209C2AA44 ft=1 fh=48c78541455d6d07 vn="Variante von Win32/Adware.MultiPlug.IE Anwendung" ac=I fn="D:\$RECYCLE.BIN\S-1-5-21-531367498-374304512-3508266509-1001\$RLMS4TN.exe"
sh=87E5EA637FD917B85C5BF3D026E6932811093215 ft=1 fh=7004ba2ec1ea3750 vn="Variante von Win32/Adware.MultiPlug.EP Anwendung" ac=I fn="D:\$RECYCLE.BIN\S-1-5-21-531367498-374304512-3508266509-1001\$ROMWGFB.exe"
sh=6FB801A9152E0289B659229BA3236DE8A0FC0806 ft=1 fh=28353a0245e11705 vn="Variante von Win32/Adware.MultiPlug.HW Anwendung" ac=I fn="D:\$RECYCLE.BIN\S-1-5-21-531367498-374304512-3508266509-1001\$RSC2EY3.exe"
FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 04
Ran by martin (administrator) on MARTIN-NOTEBOOK on 17-04-2015 18:24:01
Running from C:\Users\martin\Desktop
Loaded Profiles: martin (Available profiles: martin)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Users\martin\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\HP HD Webcam Driver\Monitor.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [763520 2012-08-08] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-08] (Atheros Communications)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2014-08-18] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2014-08-18] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-03-01] (Intel Corporation)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [319360 2012-03-14] (Hewlett-Packard Company)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2014-08-18] (Intel Corporation)
HKLM-x32\...\Run: [HP HD Webcam Driver_Monitor] => C:\Program Files (x86)\HP HD Webcam Driver\monitor.exe [303480 2012-07-26] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2012-03-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] ()
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12313720 2012-08-07] (Hewlett-Packard)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [184736 2012-09-05] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-531367498-374304512-3508266509-1001\...\Run: [Amazon Music] => C:\Users\martin\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] ()
HKU\S-1-5-21-531367498-374304512-3508266509-1001\...\MountPoints2: {5999006b-9cd1-11e3-9781-b4b52f7b4b7e} - D:\LaunchU3.exe -a
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-531367498-374304512-3508266509-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-08-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-08-18] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2014-08-18]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [caeaobpemokdfnidgaebncaooofnbfha] - C:\Users\martin\ChromeExtensions\caeaobpemokdfnidgaebncaooofnbfha\amazon-icon-fwde.crx [2014-09-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211072 2012-08-08] (Qualcomm Atheros Commnucations) [File not signed]
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-04-28] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-11-19] (Hewlett-Packard Company)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [365440 2012-03-14] (Hewlett-Packard Company)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2014-08-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2014-08-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2012-07-11] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-03-07] (PDF Complete Inc)
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2012-04-05] (ArcSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-08] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [32896 2012-03-20] (Advanced Micro Devices, Inc.)
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2012-02-03] (ArcSoft, Inc.)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2012-08-08] (Qualcomm Atheros)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-11-09] (Hewlett-Packard Company)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [90736 2012-07-11] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158832 2012-07-11] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1064184 2013-01-23] (Sunplus)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-17 18:24 - 2015-04-17 18:24 - 00016241 _____ () C:\Users\martin\Desktop\FRST.txt
2015-04-17 17:03 - 2015-04-17 17:03 - 17593008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-04-17 15:05 - 2015-04-17 15:05 - 02347384 _____ (ESET) C:\Users\martin\Downloads\esetsmartinstaller_deu.exe
2015-04-17 05:18 - 2015-04-17 05:18 - 00000000 ____D () C:\Users\martin\Desktop\FRST-OlderVersion
2015-04-15 08:29 - 2015-04-16 10:59 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-15 08:29 - 2015-04-15 08:29 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-15 08:29 - 2015-04-15 08:29 - 00001102 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-15 08:29 - 2015-04-15 08:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-15 08:29 - 2015-04-15 08:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-15 08:29 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-04-15 08:29 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-04-15 08:29 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-04-15 08:19 - 2015-04-15 08:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-15 08:12 - 2015-04-15 08:05 - 02217984 _____ () C:\Users\martin\Desktop\AdwCleaner_4.201.exe
2015-04-15 08:11 - 2015-04-15 08:12 - 00000000 ____D () C:\Users\martin\Desktop\RevoUninstallerPortable
2015-04-14 21:31 - 2015-04-17 18:24 - 00000000 ____D () C:\FRST
2015-04-14 21:30 - 2015-04-17 05:18 - 02097664 _____ (Farbar) C:\Users\martin\Desktop\FRST64.exe
2015-04-10 22:48 - 2015-04-10 22:48 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-10 22:48 - 2015-04-10 22:48 - 00000000 ____D () C:\ProgramData\Licenses
2015-04-07 21:48 - 2015-04-07 21:57 - 891787140 _____ () C:\Users\martin\Desktop\Kitzi Sponsion.zip
2015-04-06 22:59 - 2015-04-09 16:28 - 00000000 ____D () C:\Users\martin\Desktop\Typenschein
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\windows\SysWOW64\GWX
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\windows\system32\GWX
2015-04-02 21:39 - 2015-04-10 22:28 - 00000000 ____D () C:\Program Files (x86)\UpgradeLeader
2015-04-02 21:37 - 2015-04-09 22:49 - 00000000 ____D () C:\ProgramData\11055139438368474995
2015-04-02 21:18 - 2015-04-16 10:57 - 00000000 ____D () C:\ProgramData\{a88a4232-e0de-0c11-a88a-a4232e0d08cb}
2015-03-30 22:00 - 2015-03-30 22:10 - 00000000 ____D () C:\Program Files (x86)\MP3Gain
2015-03-30 22:00 - 2015-03-30 22:00 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
2015-03-30 22:00 - 2015-03-30 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
2015-03-24 21:08 - 2015-04-06 22:23 - 00000000 ____D () C:\Users\martin\.ultramixer
2015-03-24 21:07 - 2015-03-24 21:07 - 00001031 _____ () C:\Users\martin\Desktop\UltraMixer.lnk
2015-03-24 21:07 - 2015-03-24 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraMixer
2015-03-24 21:07 - 2015-03-24 21:07 - 00000000 ____D () C:\Program Files (x86)\UltraMixer
2015-03-24 21:05 - 2015-03-24 21:05 - 55785649 _____ (UltraMixer Digitial Audio Solutions ) C:\Users\martin\Downloads\UltraMixer-2.4.6-win.exe
2015-03-24 21:02 - 2015-03-24 21:02 - 00000022 _____ () C:\Users\martin\Downloads\MP3Fader_Setup.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-17 18:00 - 2012-04-16 07:20 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-04-17 17:03 - 2012-10-07 17:41 - 01378790 _____ () C:\windows\WindowsUpdate.log
2015-04-17 17:03 - 2012-04-16 07:20 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-04-17 17:03 - 2012-04-16 07:20 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-17 17:03 - 2012-04-16 07:20 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-04-17 15:12 - 2013-05-26 16:41 - 00003962 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{CB48FE46-A3F8-47D2-88D1-C369DC76C2B7}
2015-04-17 15:10 - 2009-07-14 06:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-17 15:10 - 2009-07-14 06:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-17 15:06 - 2012-04-16 05:53 - 00699666 _____ () C:\windows\system32\perfh007.dat
2015-04-17 15:06 - 2012-04-16 05:53 - 00149774 _____ () C:\windows\system32\perfc007.dat
2015-04-17 15:06 - 2009-07-14 07:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-17 15:03 - 2014-09-20 21:12 - 00025905 _____ () C:\windows\setupact.log
2015-04-17 15:03 - 2012-04-16 07:20 - 00000000 ____D () C:\ProgramData\PDFC
2015-04-17 15:03 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-16 21:53 - 2014-09-20 21:11 - 00032948 _____ () C:\windows\PFRO.log
2015-04-16 10:58 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\IME
2015-04-15 22:42 - 2015-03-16 23:44 - 00003192 _____ () C:\windows\System32\Tasks\HPCeeScheduleFormartin
2015-04-15 22:42 - 2015-02-02 22:46 - 00000336 _____ () C:\windows\Tasks\HPCeeScheduleFormartin.job
2015-04-15 22:42 - 2012-12-12 20:50 - 00000000 ____D () C:\Users\martin
2015-04-15 08:16 - 2014-09-20 21:05 - 00000000 ____D () C:\AdwCleaner
2015-04-11 21:13 - 2012-12-16 17:58 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2015-04-09 22:54 - 2012-12-22 17:04 - 00000000 ____D () C:\Users\martin\AppData\Local\CrashDumps
2015-04-09 16:22 - 2014-07-31 23:15 - 00015360 ___SH () C:\Users\martin\Thumbs.db
2015-04-07 22:51 - 2012-12-12 20:55 - 00000000 ____D () C:\Users\martin\AppData\Local\PDFC
2015-04-01 20:36 - 2013-04-01 15:36 - 00000000 ____D () C:\Users\martin\AppData\Local\Google
2015-04-01 20:36 - 2013-04-01 15:36 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-01 20:21 - 2013-04-01 15:36 - 00000000 ____D () C:\Users\martin\AppData\Local\Deployment
2015-03-18 20:31 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2015-03-18 00:14 - 2013-01-20 23:27 - 00002128 _____ () C:\windows\wininit.ini
2015-03-18 00:14 - 2013-01-20 23:26 - 00000000 ___RD () C:\Users\martin\Dropbox
2015-03-18 00:14 - 2013-01-20 23:24 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-18 00:14 - 2013-01-20 23:24 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Dropbox

==================== Files in the root of some directories =======

2015-04-11 21:10 - 2015-04-11 21:15 - 0011700 _____ () C:\Users\martin\AppData\Local\Temp-log.txt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-16 10:00

==================== End Of Log ============================
--- --- ---


Addition
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2015 04
Ran by martin at 2015-04-17 18:24:39
Running from C:\Users\martin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adblock Plus für IE (32-Bit- und 64-Bit) (HKLM\...\{C27EF409-FB69-451F-B996-DC853C25FCA2}) (Version: 1.4 - Eyeo GmbH)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-531367498-374304512-3508266509-1001\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{8642397F-CF08-6B30-A477-A039BBAA511E}) (Version: 3.0.868.0 - Advanced Micro Devices, Inc.)
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.42 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.61.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.39 - ArcSoft)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.1.2.0 - Hewlett-Packard Company)
Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.39.32378 - Hewlett-Packard Company)
Dropbox (HKU\S-1-5-21-531367498-374304512-3508266509-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Evernote v. 4.5.4 (HKLM-x32\...\{550BFF6E-7376-11E1-99EA-984BE15F174E}) (Version: 4.5.4.6487 - Evernote Corp.)
Face Recognition for HP ProtectTools (HKLM\...\Face Recognition for HP ProtectTools) (Version: 7.2.1.4548 - Hewlett-Packard Company)
Face Recognition for HP ProtectTools (Version: 7.2.1.4548 - Hewlett-Packard Company) Hidden
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 7.0.2.2 - Hewlett-Packard Company)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{1B9B252D-62CC-483D-89F5-E2A4FF871C7F}) (Version: 5.1.7.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{5DCA44EB-03F6-44A3-A294-F3E5DE98D7F6}) (Version: 4.4.10.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{A351CC1B-C92C-4F37-8109-9F6D33ACF5EF}) (Version: 1.1.1.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.8.16 - SunplusIT)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.5.9.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.1.1199 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{223AE3E8-4445-410F-8EDA-13EC137E3BDB}) (Version: 3.4.3.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{F4F3B985-9B21-4D67-B1B2-2829C5D392E8}) (Version: 2.4.2.1 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6402.0 - IDT)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3090 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.68.0 - JMicron Technology Corp.)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.93 - PDF Complete, Inc)
Privacy Manager for HP ProtectTools (HKLM\...\{29AB47F0-C5A3-401F-8A84-3324F2DC8E46}) (Version: 7.0.1.892 - Hewlett-Packard Company)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.50.1123.2011 - Realtek)
SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.0.10 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 7.0.0.10 - Hewlett-Packard Company) Hidden
UltraMixer 2.4.6 (HKLM-x32\...\{32E2F180-247C-4077-B06A-20F9868568E0}_is1) (Version: 2.4.6 - UltraMixer Digital Audio Solutions)
Validity Fingerprint Sensor Driver (HKLM\...\{AA51ED2E-DCE7-415F-9C32-CB9B561D216D}) (Version: 4.4.228.0 - Validity Sensors, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-531367498-374304512-3508266509-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

20-03-2015 00:43:39 Windows Update
23-03-2015 22:59:44 Windows Update
26-03-2015 23:20:13 Windows Update
30-03-2015 20:31:15 Windows Update
03-04-2015 19:16:42 Windows Update
05-04-2015 03:00:14 Windows Update
08-04-2015 19:30:58 Windows Update
11-04-2015 21:12:03 Windows Update
15-04-2015 08:13:04 Revo Uninstaller's restore point - NoMore Ads
17-04-2015 05:18:16 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1A6B4246-DF9D-4A89-9F11-8DFAB1569C26} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {392DA3BD-A1F0-4AD0-8FC3-9B8A4C7D2757} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {3DE30625-59CD-4CB4-8F34-0C46C430712C} - System32\Tasks\HPCeeScheduleFormartin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {4FAEBD17-0406-43E4-9928-63CE28C9726C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {90AB0556-DF62-4591-A214-5D99EA363832} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9A7FB271-7A3E-4D03-B361-1A2C37A68144} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {BE7E8ED2-A70B-4F9C-87E4-A6A14D15359A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {D7C09FC1-0111-45A3-B955-270709093B0F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {E9D10272-09AF-41B6-A2A5-894352D0C6B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-17] (Adobe Systems Incorporated)
Task: {EA440D02-1D76-48BD-9C5F-374BE40E3879} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {F2083596-D58B-4F9D-813D-B299128F4A96} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\HPCeeScheduleFormartin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2012-01-17 16:57 - 2012-01-17 16:57 - 00298368 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2012-07-11 16:38 - 2012-07-11 16:38 - 03346432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2011-10-12 11:03 - 2011-10-12 11:03 - 00213328 _____ () C:\windows\system32\PassThroughOTP.dll
2010-09-06 13:18 - 2010-09-06 13:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2012-07-11 15:54 - 2012-07-11 15:54 - 01327104 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2012-08-08 03:15 - 2012-08-08 03:15 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-08-08 03:11 - 2012-08-08 03:11 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-03-26 14:33 - 2012-03-26 14:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-10-14 20:50 - 2014-09-06 02:54 - 06281536 _____ () C:\Users\martin\AppData\Local\Amazon Music\Amazon Music Helper.exe
2012-07-26 11:22 - 2012-07-26 11:22 - 00303480 _____ () C:\Program Files (x86)\HP HD Webcam Driver\Monitor.exe
2011-12-26 22:20 - 2011-12-26 22:20 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-03-30 08:07 - 2012-03-30 08:07 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-02-10 23:26 - 2012-02-10 23:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2012-07-11 16:23 - 2012-07-11 16:23 - 02854912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2012-07-11 15:52 - 2012-07-11 15:52 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2012-07-11 16:21 - 2012-07-11 16:21 - 03031040 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2012-07-11 16:26 - 2012-07-11 16:26 - 02867200 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2012-07-11 16:24 - 2012-07-11 16:24 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2012-07-11 15:56 - 2012-07-11 15:56 - 02043904 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2012-07-11 15:57 - 2012-07-11 15:57 - 01949696 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2014-10-22 20:24 - 2014-10-22 20:24 - 00172544 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2012-04-16 07:13 - 2012-02-02 03:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-10-07 17:46 - 2014-08-18 22:09 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2011-04-27 17:05 - 2011-04-27 17:05 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-531367498-374304512-3508266509-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\martin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: (default) =>
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe

==================== Accounts: =============================

Administrator (S-1-5-21-531367498-374304512-3508266509-500 - Administrator - Disabled)
Gast (S-1-5-21-531367498-374304512-3508266509-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-531367498-374304512-3508266509-1003 - Limited - Enabled)
martin (S-1-5-21-531367498-374304512-3508266509-1001 - Administrator - Enabled) => C:\Users\martin

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/17/2015 06:21:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/17/2015 03:05:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/17/2015 03:05:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/17/2015 03:03:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/17/2015 05:25:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/17/2015 05:21:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/17/2015 05:14:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/16/2015 09:53:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/16/2015 10:58:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/16/2015 09:08:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/17/2015 03:03:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Offlinedateien" wurde mit folgendem Fehler beendet:
%%3

Error: (04/17/2015 05:30:02 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (04/17/2015 05:29:45 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (04/17/2015 05:24:56 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Offlinedateien" wurde mit folgendem Fehler beendet:
%%3

Error: (04/17/2015 05:22:57 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (04/17/2015 05:22:51 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt

        Feature: %%886

        Fehlercode: 0x80070005

        Fehlerbeschreibung: Zugriff verweigert

        Grund: %%858

Error: (04/17/2015 05:22:47 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (04/17/2015 05:21:14 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (04/17/2015 05:21:15 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt

        Feature: %%886

        Fehlercode: 0x80070005

        Fehlerbeschreibung: Zugriff verweigert

        Grund: %%892

Error: (04/17/2015 05:21:04 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Offlinedateien" wurde mit folgendem Fehler beendet:
%%3


Microsoft Office Sessions:
=========================
Error: (04/17/2015 06:21:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (04/17/2015 03:05:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\martin\Downloads\esetsmartinstaller_deu.exe

Error: (04/17/2015 03:05:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\martin\Downloads\esetsmartinstaller_deu.exe

Error: (04/17/2015 03:03:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/17/2015 05:25:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/17/2015 05:21:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/17/2015 05:14:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/16/2015 09:53:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/16/2015 10:58:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/16/2015 09:08:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 49%
Total physical RAM: 3976.55 MB
Available physical RAM: 2021.92 MB
Total Pagefile: 7951.3 MB
Available Pagefile: 5355.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:441.8 GB) (Free:366.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Ext.-Festplatte-Martin) (Fixed) (Total:465.76 GB) (Free:350.97 GB) NTFS
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32
Drive g: (HP_RECOVERY) (Fixed) (Total:21.66 GB) (Free:3.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: () (Removable) (Total:3.9 GB) (Free:3.9 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 61D8E20C)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 3CE913E0)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 3.9 GB) (Disk ID: 01E63116)
Partition 1: (Active) - (Size=3.9 GB) - (Type=0B)

==================== End Of Log ============================
Vielen Dank!

deeprybka 17.04.2015 20:18
Hi,
wie läuft der Rechner? Noch irgendwelche Probleme?

krai 17.04.2015 20:22
Hi,

nein läuft alles normal soweit ich das einschätzen kann. :)
Ist das Ding wieder sauber?

deeprybka 18.04.2015 15:54
Jup, können wir lassen.

Schritt 1

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...st/frstfix.png

Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:

C:\Documents and Settings\All Users\Application Data\InstallMate\{7DCD6576-B055-4691-A47A-F877A62E4780}
C:\Documents and Settings\All Users\InstallMate\{7DCD6576-B055-4691-A47A-F877A62E4780}
C:\Documents and Settings\martin\Downloads\SopCast3.5.0.zip
C:\ProgramData\InstallMate\{7DCD6576-B055-4691-A47A-F877A62E4780}
C:\swsetup\WinZBas\Setup.exe
C:\Users\All Users\Application Data\InstallMate\{7DCD6576-B055-4691-A47A-F877A62E4780}
C:\Users\martin\Downloads\SopCast3.5.0.zip
D:\$RECYCLE.BIN\S-1-5-21-531367498-374304512-3508266509-1001\$RF80ZQZ.exe
D:\$RECYCLE.BIN\S-1-5-21-531367498-374304512-3508266509-1001\$RLMS4TN.exe
D:\$RECYCLE.BIN\S-1-5-21-531367498-374304512-3508266509-1001\$ROMWGFB.exe
D:\$RECYCLE.BIN\S-1-5-21-531367498-374304512-3508266509-1001\$RSC2EY3.exe
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.

http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:

Alle Logs gepostet? Ja! Dann lade Dir bitte http://filepony.de/icon/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.




>>clean<<
Wir haben es geschafft! :abklatsch:
Die Logs sehen für mich im Moment sauber aus.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:
Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. ;)

http://www.trojaner-board.de/extra/lesestoff.pngWie kann ich mich in Zukunft besser schützen?

Tipps, Dos & Don'ts

http://deeprybka.trojaner-board.de/b...ast/schild.pngUpdates & Software
Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.

Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.



http://deeprybka.trojaner-board.de/b...ast/schild.pngFirewall, Antivirus & Co.
http://s1.directupload.net/images/140701/eivrliwa.pngCracks, Downloads & Co.


Neben unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.
Der Besuch dubioser Websites kann bereits Risiken bergen. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher und beliebter Weg um Malware zu verbreiten.
Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kann man nie sicher sein, ob auch wirklich drin ist, was drauf steht. (Trojanisches Pferd^^)
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden zu verleiten, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
  • Surfe daher mit Vorsicht und klicke mit Verstand.
  • Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von Dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo Deine Daten eingeben.
  • Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst Du von einem Deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und Du solltest nicht denselben Fehler machen.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
  • Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
  • Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
  • Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
  • Erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
  • Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:56 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19