Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Bundespolizei-Trojaner wegkriegen (https://www.trojaner-board.de/160845-bundespolizei-trojaner-wegkriegen.html)

magigstar 17.11.2014 07:10
Bundespolizei-Trojaner wegkriegen
 
Hallo zusammen,

mein Onkel hat ein Problem mit seinem Notebook.
Er hat womöglich den sogenannten Bundespolizei-Trojaner sich eingefangen.

Was kann man da machen?

Bootsektor 17.11.2014 07:52
:hallo:

Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem
  • Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
  • Poste die Logfiles direkt in deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Posten in Code Tags
Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke.
Dazu:
  • Klicke über dem Antwortfenster auf die Raute #, dann steht dort in eckigen Klammern [] CODE /CODE.
  • Zwischen den beiden code-Bausteinen fügst Du dann deine Logfiles ein. Also CODE Logfile /CODE
  • Wenn die Logs zu lang sein sollten, dann teile sie bitte auf und poste sie dann hier in Deinem Thread, notfalls in mehreren Antworten.

Welches Betriebssystem hat denn dein Onkel?

magigstar 17.11.2014 20:30
Guten Abend,

mein Onkel hat Windows 8 als Betriebssystem.

Bootsektor 17.11.2014 23:42
Dann müssen wir einen Scan mit FRST in der Recovery machen:

Schritt 1

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

magigstar 18.11.2014 17:55
Ich hab ein kleines Problem... auf die F8-Taste springt der Notebook komischerweise nicht an...

Und eine Windows CD gibt es nicht oder so irgendwie.
Der Support hat gesagt, dass alles auf ein extra Laufwerk auf den Notebook drauf ist und man daher eine Sicherung davon machen sollte.

Kann ich den Notebook mit einer anderen CD zur Reparaturkonsole bringen?

Bootsektor 18.11.2014 22:00
Hallo,

versuche bitte auch Strg und F8, schau nach ob du eventuell die (Fn) Taste gleichzeitig gedrückt halten musst.

Wenn das nicht geht, Notebook anschalten und wenn Windows bootet abwürgen (Powertaste drücken). Das machst du dreimal, dann sollte er eigentlich in den Reparaturoptionen starten.

magigstar 19.11.2014 21:27
Ok, es klappt...

Allerdings weiss ich nicht genau, wie ich in die Eingabeforderung gehen kann.

Jetzt kommt "Automatische Reparatur",
Da gibt es entweder "Neu starten" oder "Erweiterte Optionen"

Gehe ich unter "Erweiterte Optionen" gibt es

- Fortsetezn
- Ein Gerät verwenden (USB-Laufwerk)
- Problembehandlung
- PC ausschalten


Wenn ich auf "Ein Gerät verwenden" klicke, gibt es

- Internal Hard Disk or Solid State Disk
- EFI USB Device
- EFI DVD/CDROM


Gehe ich unter "EFI USB Device" finde ich das DOS...

- OS boot Manager
- Boot From EFI File


OS boot Manager startet neu
Boot Form EFI File hilft nicht weiter...

Bootsektor 19.11.2014 23:24
Hallo

Gehe dann auf Problembehandlung -> Erweiterte Optionen -> Eingabeaufforderung nach dem Neustart solltest du dann in der Eingabeaufforderung landen

magigstar 22.11.2014 13:17
Erweiterte Optionen > Problembehandlung und dann gibt es nur:

- Windows Systemwiederherstellung
- Systemwiederherstellung
- Minimal-Image wiederherstellen
- Computer-Checkup ausführen
- Support
- Datensicherung


Ok, auf jeden Fall bin ich in der Konsole.



FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2014
Ran by SYSTEM on MININT-QT14N5O on 22-11-2014 13:31:52
Running from g:\
Platform: Windows 8.1 (X64) OS Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2811120 2014-03-13] (Synaptics Incorporated)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\Default\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
HKU\Default User\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
HKU\XXXXXX\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
Startup: C:\Users\XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\ProgramData\C2FD8267.cpp (Microsoft Corporation)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
S2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
S2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-03] ()
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-11-28] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-14] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-11-26] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-12-05] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [184800 2013-12-05] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [190704 2014-03-13] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2014-05-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-05-12] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7517872 2014-07-06] (Broadcom Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 BtwSerialBus; C:\Windows\System32\drivers\BtwSerialBus.sys [150744 2013-09-09] (Broadcom Corporation.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-12-05] (McAfee, Inc.)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
S3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
S3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
S3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
S0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-12-05] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-12-05] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2013-12-05] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-12-05] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782616 2013-12-05] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-12-05] (McAfee, Inc.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-03] (Realtek Semiconductor Corp.)
S5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [466136 2014-01-14] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-03-13] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-03-13] (Synaptics Incorporated)
S3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2014-05-12] (Microsoft Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-22 13:31 - 2014-11-22 13:31 - 00000000 ____D () C:\FRST
2014-11-15 03:09 - 2014-11-15 03:09 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-15 03:09 - 2014-11-15 03:09 - 00000000 _____ () C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-14 14:07 - 2014-11-14 14:07 - 00000000 ____D () C:\Users\XXXXXX\Documents\Avatar
2014-11-14 14:07 - 2014-11-14 14:07 - 00000000 ____D () C:\Users\XXXXXX\AppData\Roaming\CyberLink
2014-11-14 13:59 - 2014-11-14 13:59 - 00245760 _____ (Microsoft Corporation) C:\ProgramData\C2FD8267.cpp
2014-11-14 13:38 - 2014-11-18 08:24 - 00000000 ____D () C:\Users\XXXXXX\AppData\Local\CrashDumps
2014-11-14 11:50 - 2014-11-14 11:50 - 00000000 ____D () C:\Users\XXXXXX\AppData\Roaming\hpqlog
2014-11-14 11:47 - 2014-11-14 11:47 - 00000000 ____D () C:\Users\XXXXXX\AppData\Local\Evernote
2014-11-14 11:36 - 2014-11-14 11:36 - 00004026 _____ () C:\Windows\System32\Tasks\HPGenoobeReminder
2014-11-14 11:29 - 2014-11-14 11:29 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-11-14 11:19 - 2014-11-18 08:29 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-500690503-1980189136-1725906662-1001
2014-11-14 11:19 - 2014-11-18 08:20 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{95DAEC24-B717-4178-B6C4-ECE1152688E9}
2014-11-14 11:19 - 2014-11-14 11:19 - 00000000 __SHD () C:\Users\XXXXXX\AppData\Local\EmieUserList
2014-11-14 11:19 - 2014-11-14 11:19 - 00000000 __SHD () C:\Users\XXXXXX\AppData\Local\EmieSiteList
2014-11-14 11:18 - 2014-11-14 11:18 - 00000000 ____D () C:\Users\XXXXXX\AppData\Roaming\Macromedia
2014-11-14 11:17 - 2014-11-18 08:25 - 00000000 __RDO () C:\Users\XXXXXX\OneDrive
2014-11-14 11:17 - 2014-11-14 11:17 - 00000000 ____D () C:\Users\XXXXXX\AppData\Roaming\Hewlett-Packard
2014-11-14 11:15 - 2014-11-18 08:26 - 00000000 ____D () C:\Users\XXXXXX\Documents\Youcam
2014-11-14 11:15 - 2014-11-14 14:06 - 00000000 ____D () C:\Users\XXXXXX\AppData\Local\CyberLink
2014-11-14 11:14 - 2014-11-14 11:50 - 00000000 ____D () C:\Users\XXXXXX\AppData\Local\Hewlett-Packard
2014-11-14 11:14 - 2014-11-14 11:14 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-14 11:13 - 2014-11-14 11:36 - 00000000 ____D () C:\Users\XXXXXX\AppData\Local\Packages
2014-11-14 11:13 - 2014-11-14 11:13 - 00000000 ____D () C:\Users\XXXXXX\AppData\Roaming\Synaptics
2014-11-14 11:13 - 2014-11-14 11:13 - 00000000 ____D () C:\Users\XXXXXX\AppData\Roaming\Adobe
2014-11-14 11:13 - 2014-11-14 11:13 - 00000000 ____D () C:\Users\XXXXXX\AppData\Local\VirtualStore
2014-11-14 11:13 - 2014-07-06 19:19 - 00002249 _____ () C:\Users\Public\Desktop\Snapfish Fotos.lnk
2014-11-14 11:12 - 2014-11-18 08:09 - 00000000 ____D () C:\users\XXXXXX
2014-11-14 11:12 - 2014-11-18 08:08 - 00000000 ____D () C:\Users\XXXXXX\AppData\Local\Pokki
2014-11-14 11:12 - 2014-11-14 11:12 - 00000020 ___SH () C:\Users\XXXXXX\ntuser.ini
2014-11-14 11:12 - 2014-11-14 11:12 - 00000000 _SHDL () C:\Users\XXXXXX\Vorlagen
2014-11-14 11:12 - 2014-11-14 11:12 - 00000000 _SHDL () C:\Users\XXXXXX\Startmenü
2014-11-14 11:12 - 2014-11-14 11:12 - 00000000 _SHDL () C:\Users\XXXXXX\Netzwerkumgebung
2014-11-14 11:12 - 2014-11-14 11:12 - 00000000 _SHDL () C:\Users\XXXXXX\Lokale Einstellungen
2014-11-14 11:12 - 2014-11-14 11:12 - 00000000 _SHDL () C:\Users\XXXXXX\Eigene Dateien
2014-11-14 11:12 - 2014-11-14 11:12 - 00000000 _SHDL () C:\Users\XXXXXX\Druckumgebung
2014-11-14 11:12 - 2014-11-14 11:12 - 00000000 _SHDL () C:\Users\XXXXXX\Documents\Eigene Musik
2014-11-14 11:12 - 2014-11-14 11:12 - 00000000 _SHDL () C:\Users\XXXXXX\Documents\Eigene Bilder
2014-11-14 11:12 - 2014-11-14 11:12 - 00000000 _SHDL () C:\Users\XXXXXX\AppData\Local\Verlauf
2014-11-14 11:12 - 2014-11-14 11:12 - 00000000 _SHDL () C:\Users\XXXXXX\AppData\Local\Anwendungsdaten
2014-11-14 11:12 - 2014-11-14 11:12 - 00000000 _SHDL () C:\Users\XXXXXX\Anwendungsdaten
2014-11-14 11:12 - 2014-05-12 03:11 - 00000000 ___HD () C:\Users\XXXXXX\Documents\hp.system.package.metadata
2014-11-14 11:08 - 2014-11-19 12:07 - 01025461 _____ () C:\Windows\WindowsUpdate.log
2014-11-14 08:59 - 2014-11-14 08:59 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-11-14 08:59 - 2014-11-14 08:59 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-11-14 08:59 - 2014-11-14 08:59 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-11-14 08:59 - 2014-11-14 08:59 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-11-14 08:59 - 2014-11-14 08:59 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-11-14 08:59 - 2014-11-14 08:59 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-11-14 08:59 - 2014-11-14 08:59 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-11-14 08:59 - 2014-11-14 08:59 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-11-14 08:59 - 2014-11-14 08:59 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-11-14 08:59 - 2014-11-14 08:59 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-11-14 08:59 - 2014-11-14 08:59 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-11-14 08:59 - 2014-11-14 08:59 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-11-14 08:59 - 2014-11-14 08:59 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-11-14 08:59 - 2014-11-14 08:59 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-11-14 08:59 - 2014-11-14 08:59 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-11-14 08:59 - 2014-11-14 08:59 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-11-14 08:59 - 2014-11-14 08:59 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-11-14 08:59 - 2014-11-14 08:59 - 00000000 _SHDL () C:\Programme
2014-11-14 08:59 - 2014-11-14 08:59 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-11-14 08:59 - 2014-11-14 08:59 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-11-14 08:59 - 2014-11-14 08:59 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-11-14 08:59 - 2014-11-14 08:59 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-11-14 08:59 - 2014-11-14 08:59 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-11-14 08:59 - 2014-11-14 08:59 - 00000000 _SHDL () C:\Dokumente und Einstellungen

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-19 12:28 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\System32\sru
2014-11-19 12:27 - 2013-08-22 06:46 - 00026223 _____ () C:\Windows\setupact.log
2014-11-19 12:27 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-18 08:28 - 2014-07-06 19:24 - 00001867 _____ () C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk
2014-11-18 08:21 - 2013-08-22 07:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-11-18 08:11 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\System32\config\BBI
2014-11-18 08:10 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\System32\config\ELAM
2014-11-15 03:09 - 2014-05-12 03:11 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-11-14 14:06 - 2014-07-06 19:21 - 00000000 ____D () C:\Users\Public\CyberLink
2014-11-14 13:27 - 2014-07-06 19:10 - 00000000 ____D () C:\ProgramData\CyberLink
2014-11-14 11:55 - 2014-07-06 19:22 - 00000000 ____D () C:\ProgramData\McAfee
2014-11-14 11:51 - 2014-05-12 03:32 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-11-14 11:50 - 2014-05-12 12:25 - 00826688 _____ () C:\Windows\System32\perfh010.dat
2014-11-14 11:50 - 2014-05-12 12:25 - 00171478 _____ () C:\Windows\System32\perfc010.dat
2014-11-14 11:50 - 2014-05-12 12:18 - 00800954 _____ () C:\Windows\System32\perfh007.dat
2014-11-14 11:50 - 2014-05-12 12:18 - 00174458 _____ () C:\Windows\System32\perfc007.dat
2014-11-14 11:50 - 2014-05-12 12:10 - 00835518 _____ () C:\Windows\System32\perfh00C.dat
2014-11-14 11:50 - 2014-05-12 12:10 - 00173998 _____ () C:\Windows\System32\perfc00C.dat
2014-11-14 11:50 - 2014-03-18 01:53 - 03930712 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-11-14 11:22 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-11-14 11:13 - 2014-05-12 03:31 - 00000000 ___RD () C:\Program Files (x86)\Online Services
2014-11-14 11:13 - 2014-03-31 17:07 - 00000000 ___HD () C:\SYSTEM.SAV
2014-11-14 09:02 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\rescache
2014-11-14 08:59 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Windows NT
2014-11-14 08:59 - 2013-08-22 05:36 - 00000000 __RHD () C:\users\Default
2014-11-14 08:58 - 2014-04-02 02:25 - 00000000 ____D () C:\Windows\Panther

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 3988.09 MB
Available physical RAM: 3280.45 MB
Total Pagefile: 3988.09 MB
Available Pagefile: 3295.19 MB
Total Virtual: 131072 MB
Available Virtual: 131071.87 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:444.28 GB) (Free:415.59 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.46 GB) (Free:2.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (WINRE) (Fixed) (Total:0.63 GB) (Free:0.35 GB) NTFS
Drive g: (INTENSO) (Removable) (Total:14.44 GB) (Free:14.09 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 99E17B67)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 14.5 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.


LastRegBack: 2014-04-02 01:25

==================== End Of Log ============================
--- --- ---

Bootsektor 22.11.2014 23:25
Hallo Magigstar,

sehr gut :daumenhoc

Schritt 1

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe notepad in das Ausführen Fenster.
Bitte den unkenntlich gemachten Benutzernamen vor jedem Fix wieder ersetzen
Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
Startup: C:\Users\XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\ProgramData\C2FD8267.cpp (Microsoft Corporation)
C:\ProgramData\C2FD8267.cpp
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Versuche nach dem Fix den Rechner normal zu starten, wenn das funktioniert hat, bitte die FRST.exe auf den Desktop ziehen und einen erneuten Scan mit FRST, hake dabe addition.txt an. Poste mir die fixlist.txt vom Stick und die beiden neuen Logs.

Falls der Rechner nicht startet poste bitte die Fixlist.txt und mache einen neuen Scan in der Recovery

magigstar 23.11.2014 13:07
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-11-2014
Ran by SYSTEM at 2014-11-23 13:02:52 Run:1
Running from e:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Startup: C:\Users\XXXXXX XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\ProgramData\C2FD8267.cpp (Microsoft Corporation)
C:\ProgramData\C2FD8267.cpp
*****************

C:\Users\XXXXX XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk not found.
C:\ProgramData\C2FD8267.cpp => Moved successfully.
"C:\ProgramData\C2FD8267.cpp" => File/Directory not found.

==== End of Fixlog ====

Wow, es hat funktioniert.. hat eigentlich FRST.exe auf die Text-Datei zugegriffen, beim fixen?
Das war mir gar nicht so ersichtlich.


Notebook startet... gleich am Anfang nach Anmeldung...

Code:
RundDLL

Problem beim Starten von C:\PROGRA~3\C3FD8267.cpp


Ein aktuelles FRST im laufenden Betrieb:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2014
Ran by XXXXX (administrator) on SALEMI on 23-11-2014 13:09:46
Running from F:\
Loaded Profile: XXXXX (Available profiles: XXXXX)
Platform: Windows 8.1 (Update 1) (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\livecomm.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Pokki) C:\Users\XXXXX\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Pokki) C:\Users\XXXXX\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\XXXXX\AppData\Local\Pokki\Engine\HostAppService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16422_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(McAfee, Inc.) C:\Program Files\mcafee\virusscan\McVsShld.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\Core\mchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2811120 2014-03-13] (Synaptics Incorporated)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-500690503-1980189136-1725906662-1001\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\PROGRA~3\C2FD8267.cpp (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-500690503-1980189136-1725906662-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
HKU\S-1-5-21-500690503-1980189136-1725906662-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT14/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT14/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT14/4
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPNTDFJS
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPNTDFJS
SearchScopes: HKLM -> {764F2118-8996-44BA-89D4-8FD6D728EA21} URL = http://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 -> {764F2118-8996-44BA-89D4-8FD6D728EA21} URL = http://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-500690503-1980189136-1725906662-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPNTDFJS
SearchScopes: HKU\S-1-5-21-500690503-1980189136-1725906662-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPNTDFJS
SearchScopes: HKU\S-1-5-21-500690503-1980189136-1725906662-1001 -> {764F2118-8996-44BA-89D4-8FD6D728EA21} URL = http://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-07-07]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-11-28] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-14] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-11-26] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-12-05] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [184800 2013-12-05] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [190704 2014-03-13] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2014-05-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-05-12] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7517872 2014-07-07] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 BtwSerialBus; C:\Windows\System32\drivers\BtwSerialBus.sys [150744 2013-09-09] (Broadcom Corporation.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-12-05] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-11] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-12-05] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-12-05] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2013-12-05] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-12-05] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782616 2013-12-05] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-12-05] (McAfee, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-04] (Realtek Semiconductor Corp.)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [466136 2014-01-14] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-03-13] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-03-13] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2014-05-12] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-23 13:10 - 2014-11-23 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-11-22 22:31 - 2014-11-23 13:09 - 00000000 ____D () C:\FRST
2014-11-15 12:09 - 2014-11-15 12:09 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-15 12:09 - 2014-11-15 12:09 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-14 23:07 - 2014-11-14 23:07 - 00000000 ____D () C:\Users\XXXXX\Documents\Avatar
2014-11-14 23:07 - 2014-11-14 23:07 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\CyberLink
2014-11-14 22:38 - 2014-11-23 13:06 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\CrashDumps
2014-11-14 20:50 - 2014-11-14 20:50 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\hpqlog
2014-11-14 20:48 - 2014-11-23 13:06 - 00002166 _____ () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
2014-11-14 20:48 - 2014-11-14 20:49 - 00002494 _____ () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FarmVille 2.lnk
2014-11-14 20:48 - 2014-11-14 20:48 - 00002337 _____ () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-11-14 20:47 - 2014-11-14 20:47 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Evernote
2014-11-14 20:36 - 2014-11-14 20:36 - 00004026 _____ () C:\Windows\System32\Tasks\HPGenoobeReminder
2014-11-14 20:29 - 2014-11-14 20:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-11-14 20:19 - 2014-11-23 13:10 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-500690503-1980189136-1725906662-1001
2014-11-14 20:19 - 2014-11-18 17:20 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{95DAEC24-B717-4178-B6C4-ECE1152688E9}
2014-11-14 20:19 - 2014-11-14 20:19 - 00000000 __SHD () C:\Users\XXXXX\AppData\Local\EmieUserList
2014-11-14 20:19 - 2014-11-14 20:19 - 00000000 __SHD () C:\Users\XXXXX\AppData\Local\EmieSiteList
2014-11-14 20:18 - 2014-11-14 20:18 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\Macromedia
2014-11-14 20:17 - 2014-11-23 13:05 - 00000000 __RDO () C:\Users\XXXXX\OneDrive
2014-11-14 20:17 - 2014-11-14 20:17 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\Hewlett-Packard
2014-11-14 20:15 - 2014-11-23 13:08 - 00000000 ____D () C:\Users\XXXXX\Documents\Youcam
2014-11-14 20:15 - 2014-11-14 23:06 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\CyberLink
2014-11-14 20:14 - 2014-11-14 20:50 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Hewlett-Packard
2014-11-14 20:14 - 2014-11-14 20:14 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-14 20:13 - 2014-11-14 20:36 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Packages
2014-11-14 20:13 - 2014-11-14 20:13 - 00001457 _____ () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-14 20:13 - 2014-11-14 20:13 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\Synaptics
2014-11-14 20:13 - 2014-11-14 20:13 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\Adobe
2014-11-14 20:13 - 2014-11-14 20:13 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\VirtualStore
2014-11-14 20:13 - 2014-07-07 04:19 - 00002249 _____ () C:\Users\Public\Desktop\Snapfish Fotos.lnk
2014-11-14 20:12 - 2014-11-23 13:07 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Pokki
2014-11-14 20:12 - 2014-11-18 17:09 - 00000000 ____D () C:\Users\XXXXX
2014-11-14 20:12 - 2014-11-14 20:12 - 00000020 ___SH () C:\Users\XXXXX\ntuser.ini
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\Vorlagen
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\Startmenü
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\Netzwerkumgebung
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\Lokale Einstellungen
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\Eigene Dateien
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\Druckumgebung
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\Documents\Eigene Musik
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\Documents\Eigene Bilder
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\AppData\Local\Verlauf
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\AppData\Local\Anwendungsdaten
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\Anwendungsdaten
2014-11-14 20:12 - 2014-05-12 21:49 - 00000000 ___RD () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-14 20:12 - 2014-05-12 12:11 - 00000000 ___HD () C:\Users\XXXXX\Documents\hp.system.package.metadata
2014-11-14 20:12 - 2014-03-18 11:06 - 00000000 ___RD () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-11-14 20:12 - 2014-03-18 10:54 - 00000369 _____ () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-11-14 20:12 - 2014-03-18 10:54 - 00000369 _____ () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-11-14 20:12 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-14 20:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-14 20:08 - 2014-11-19 21:15 - 01025461 _____ () C:\Windows\WindowsUpdate.log
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Programme
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Dokumente und Einstellungen

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-23 13:10 - 2014-07-07 04:24 - 00001867 _____ () C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk
2014-11-23 13:09 - 2013-08-22 15:46 - 00027159 _____ () C:\Windows\setupact.log
2014-11-23 13:04 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-23 13:04 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-11-19 21:28 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-11-19 21:11 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-11-18 17:11 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-11-15 12:09 - 2014-05-12 12:11 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-11-14 23:06 - 2014-07-07 04:21 - 00000000 ____D () C:\Users\Public\CyberLink
2014-11-14 22:27 - 2014-07-07 04:10 - 00000000 ____D () C:\ProgramData\CyberLink
2014-11-14 20:55 - 2014-07-07 04:22 - 00000000 ____D () C:\ProgramData\McAfee
2014-11-14 20:51 - 2014-05-12 12:32 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-11-14 20:50 - 2014-05-12 21:25 - 00826688 _____ () C:\Windows\system32\perfh010.dat
2014-11-14 20:50 - 2014-05-12 21:25 - 00171478 _____ () C:\Windows\system32\perfc010.dat
2014-11-14 20:50 - 2014-05-12 21:18 - 00800954 _____ () C:\Windows\system32\perfh007.dat
2014-11-14 20:50 - 2014-05-12 21:18 - 00174458 _____ () C:\Windows\system32\perfc007.dat
2014-11-14 20:50 - 2014-05-12 21:10 - 00835518 _____ () C:\Windows\system32\perfh00C.dat
2014-11-14 20:50 - 2014-05-12 21:10 - 00173998 _____ () C:\Windows\system32\perfc00C.dat
2014-11-14 20:50 - 2014-03-18 10:53 - 03930712 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-14 20:22 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-11-14 20:13 - 2014-07-07 04:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2014-11-14 20:13 - 2014-05-12 12:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-11-14 20:13 - 2014-05-12 12:31 - 00000000 ___RD () C:\Program Files (x86)\Online Services
2014-11-14 20:13 - 2014-05-12 12:15 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2014-11-14 20:13 - 2014-05-12 12:14 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2014-11-14 20:13 - 2014-04-01 02:07 - 00000000 ___HD () C:\SYSTEM.SAV
2014-11-14 18:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-11-14 17:59 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT
2014-11-14 17:59 - 2013-08-22 14:36 - 00000000 __RHD () C:\Users\Default
2014-11-14 17:58 - 2014-04-02 11:25 - 00000000 ____D () C:\Windows\Panther

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-04-02 10:25

==================== End Of Log ============================
--- --- ---




Das Additional dazu:


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-11-2014
Ran by XXXXX at 2014-11-23 13:11:46
Running from F:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 6.223.215.5 - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9130 - Broadcom Corporation)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3604 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.2 (HKLM-x32\...\{412F6426-A3C7-11E3-8A71-00163E98E7D6}) (Version: 5.2.0.2951 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FarmVille 2 (HKU\S-1-5-21-500690503-1980189136-1725906662-1001\...\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b) (Version: 1.0.4.55785 - Pokki)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{F90A86C9-7779-47DD-AC06-8EE832C55F55}) (Version: 6.0.18.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{082B1425-0F24-43FA-9B64-E8F617B0AD3B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{36F80C5F-DC0D-4DF4-AF09-DC1867F0EB0A}) (Version: 2.4.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{8B4EA042-9E21-46FB-8286-225F4D51CC52}) (Version: 4.2.41.2710 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 12.8.907 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.40 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.)
Start Menu (HKU\S-1-5-21-500690503-1980189136-1725906662-1001\...\Pokki) (Version: 0.269.2.437 - Pokki)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.5.2 - Synaptics Incorporated)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App für HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05F46FEC-6D89-4105-B2C0-A24B065FC7FB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2014-01-13] (Hewlett-Packard Company)
Task: {0DC251C3-64B6-484E-902A-85CABA7078DD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {17BE34B1-2451-4E35-BA57-F8E2F84E33DF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {3A775E34-C624-49DC-BD84-8AB7E0E1E5F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {50A1836A-D1C0-4B99-B80F-90C8F9C06EAD} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.)
Task: {6237F4C6-9E2B-452C-AF1C-4C1543AE3216} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe [2014-02-12] ()
Task: {AE46274E-9561-4D16-AA2C-77C7A12089AE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {CAB64DB4-A2BD-4582-9CE6-9F3F5DC8BF44} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {E0C52568-2A67-47C6-9CBF-444367D38298} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)

==================== Loaded Modules (whitelisted) =============

2014-03-28 12:31 - 2014-03-28 12:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 12:27 - 2014-03-28 12:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 12:27 - 2014-03-28 12:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 12:27 - 2014-03-28 12:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 12:48 - 2014-03-28 12:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 12:48 - 2014-03-28 12:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-12-04 07:44 - 2013-12-04 07:44 - 00200168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-12-04 07:44 - 2013-12-04 07:44 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-12-04 07:44 - 2013-12-04 07:44 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-07-07 04:59 - 2014-07-07 04:59 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-03-28 12:36 - 2014-03-28 12:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-11-14 20:12 - 2014-01-17 17:32 - 00569856 _____ () C:\Users\XXXXX\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2014-11-14 20:12 - 2014-01-17 17:32 - 01400846 _____ () C:\Users\XXXXX\AppData\Local\Pokki\Engine\avcodec-54.dll
2014-11-14 20:12 - 2014-01-17 17:32 - 00151054 _____ () C:\Users\XXXXX\AppData\Local\Pokki\Engine\avutil-51.dll
2014-11-14 20:12 - 2014-01-17 17:32 - 00222734 _____ () C:\Users\XXXXX\AppData\Local\Pokki\Engine\avformat-54.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\XXXXX\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-500690503-1980189136-1725906662-500 - Administrator - Disabled)
Gast (S-1-5-21-500690503-1980189136-1725906662-501 - Limited - Disabled)
XXXXX (S-1-5-21-500690503-1980189136-1725906662-1001 - Administrator - Enabled) => C:\Users\XXXXX
HomeGroupUser$ (S-1-5-21-500690503-1980189136-1725906662-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/23/2014 01:05:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HPMSGSVC.exe, Version: 1.1.4.0, Zeitstempel: 0x53328331
Name des fehlerhaften Moduls: HPMSGSVC.exe, Version: 1.1.4.0, Zeitstempel: 0x53328331
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002469
ID des fehlerhaften Prozesses: 0xc94
Startzeit der fehlerhaften Anwendung: 0xHPMSGSVC.exe0
Pfad der fehlerhaften Anwendung: HPMSGSVC.exe1
Pfad des fehlerhaften Moduls: HPMSGSVC.exe2
Berichtskennung: HPMSGSVC.exe3
Vollständiger Name des fehlerhaften Pakets: HPMSGSVC.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: HPMSGSVC.exe5

Error: (11/23/2014 01:04:22 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWmiHelper::ConnectToWMIServer  Could not connect. Error code = 0x80070424

Error: (11/23/2014 01:04:22 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWmiHelper::ConnectToWMIServer  Could not connect. Error code = 0x80070424

Error: (11/19/2014 09:27:39 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWmiHelper::ConnectToWMIServer  Could not connect. Error code = 0x80070424

Error: (11/19/2014 09:27:39 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWmiHelper::ConnectToWMIServer  Could not connect. Error code = 0x80070424

Error: (11/19/2014 09:11:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 97047

Error: (11/19/2014 09:11:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 97047

Error: (11/19/2014 09:11:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/19/2014 09:07:56 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWmiHelper::ConnectToWMIServer  Could not connect. Error code = 0x80070424

Error: (11/19/2014 09:07:56 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWmiHelper::ConnectToWMIServer  Could not connect. Error code = 0x80070424


System errors:
=============
Error: (11/23/2014 01:07:52 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Sicherheitscenter" ist von folgendem Dienst abhängig: winmgmt. Dieser Dienst ist möglicherweise nicht installiert.

Error: (11/23/2014 01:04:21 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "IP-Hilfsdienst" ist von folgendem Dienst abhängig: winmgmt. Dieser Dienst ist möglicherweise nicht installiert.

Error: (11/23/2014 01:04:10 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎19.‎11.‎2014 um 21:27:28 unerwartet heruntergefahren.

Error: (11/19/2014 09:27:38 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "IP-Hilfsdienst" ist von folgendem Dienst abhängig: winmgmt. Dieser Dienst ist möglicherweise nicht installiert.

Error: (11/19/2014 09:27:28 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎19.‎11.‎2014 um 21:19:43 unerwartet heruntergefahren.

Error: (11/19/2014 09:07:56 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "IP-Hilfsdienst" ist von folgendem Dienst abhängig: winmgmt. Dieser Dienst ist möglicherweise nicht installiert.

Error: (11/18/2014 05:47:49 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "IP-Hilfsdienst" ist von folgendem Dienst abhängig: winmgmt. Dieser Dienst ist möglicherweise nicht installiert.

Error: (11/18/2014 05:47:38 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎18.‎11.‎2014 um 17:23:04 unerwartet heruntergefahren.

Error: (11/18/2014 05:25:52 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Sicherheitscenter" ist von folgendem Dienst abhängig: winmgmt. Dieser Dienst ist möglicherweise nicht installiert.

Error: (11/18/2014 05:23:09 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "IP-Hilfsdienst" ist von folgendem Dienst abhängig: winmgmt. Dieser Dienst ist möglicherweise nicht installiert.


Microsoft Office Sessions:
=========================
Error: (11/23/2014 01:05:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HPMSGSVC.exe1.1.4.053328331HPMSGSVC.exe1.1.4.053328331c000000500002469c9401d00715d44c7d38C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exeC:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe144a4d69-7309-11e4-826e-9cad97cd769c

Error: (11/23/2014 01:04:22 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWmiHelper::ConnectToWMIServer  Could not connect. Error code = 0x80070424

Error: (11/23/2014 01:04:22 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWmiHelper::ConnectToWMIServer  Could not connect. Error code = 0x80070424

Error: (11/19/2014 09:27:39 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWmiHelper::ConnectToWMIServer  Could not connect. Error code = 0x80070424

Error: (11/19/2014 09:27:39 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWmiHelper::ConnectToWMIServer  Could not connect. Error code = 0x80070424

Error: (11/19/2014 09:11:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 97047

Error: (11/19/2014 09:11:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 97047

Error: (11/19/2014 09:11:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/19/2014 09:07:56 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWmiHelper::ConnectToWMIServer  Could not connect. Error code = 0x80070424

Error: (11/19/2014 09:07:56 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWmiHelper::ConnectToWMIServer  Could not connect. Error code = 0x80070424


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU N3530 @ 2.16GHz
Percentage of memory in use: 46%
Total physical RAM: 3988.09 MB
Available physical RAM: 2146.67 MB
Total Pagefile: 5396.09 MB
Available Pagefile: 3762.7 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:444.28 GB) (Free:415.46 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.46 GB) (Free:2.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (INTENSO) (Removable) (Total:14.44 GB) (Free:14.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 99E17B67)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 14.5 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.

==================== End Of Log ============================

Bootsektor 23.11.2014 22:25
Hallo magigstar,

hast du den Namen im Fix korrekt wieder eingesetzt?

McAfee funktioniert?

Da passt noch was nicht ganz.
Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
Startup: C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\PROGRA~3\C2FD8267.cpp (No File)
C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
cmd: dir C:\Users\XXXXX\AppData\Roaming\hpqlog /s

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt 2
Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.




Schritt 3
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

magigstar 24.11.2014 20:16
Och nee.. mein Fehler... ich habe die XXXX mit dem Vor- und Nachnamen eingetragen, dabei war der Benutzername nur der Vorname.

Soll ich die vorherige Beschreibung erneut angehen?


Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-11-2014
Ran by XXXXX at 2014-11-24 20:13:50 Run:3
Running from F:\
Loaded Profile: XXXXX (Available profiles: XXXXX)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Startup: C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\PROGRA~3\C2FD8267.cpp (No File)
C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
cmd: dir C:\Users\XXXXX\AppData\Roaming\hpqlog /s
*****************

C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk => Moved successfully.
C:\PROGRA~3\C2FD8267.cpp not found.
"C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk" => File/Directory not found.

=========  dir C:\Users\XXXXX\AppData\Roaming\hpqlog /s =========

 Datentr�ger in Laufwerk C: ist Windows
 Volumeseriennummer: D656-2C2D

 Verzeichnis von C:\Users\XXXXX\AppData\Roaming\hpqlog

14.11.2014  20:50    <DIR>          .
14.11.2014  20:50    <DIR>          ..
              0 Datei(en),              0 Bytes

    Anzahl der angezeigten Dateien:
              0 Datei(en),              0 Bytes
              2 Verzeichnis(se), 446.063.005.696 Bytes frei

========= End of CMD: =========


==== End of Fixlog ====


FSS.exe Log:

Code:
Farbar Service Scanner Version: 21-07-2014
Ran by XXXXX (administrator) on 24-11-2014 at 20:17:47
Running from "F:\"
Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

Ein frisches FRST:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2014
Ran by XXXXX (administrator) on SALEMI on 24-11-2014 20:20:44
Running from F:\
Loaded Profile: XXXXX (Available profiles: XXXXX)
Platform: Windows 8.1 (Update 1) (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\mcafee\virusscan\mcods.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Pokki) C:\Users\XXXXX\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Pokki) C:\Users\XXXXX\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\XXXXX\AppData\Local\Pokki\Engine\HostAppService.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17031_none_fa50b3979b1bcb4a\TiWorker.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2811120 2014-03-13] (Synaptics Incorporated)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-500690503-1980189136-1725906662-1001\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-500690503-1980189136-1725906662-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
HKU\S-1-5-21-500690503-1980189136-1725906662-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT14/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT14/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT14/4
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPNTDFJS
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPNTDFJS
SearchScopes: HKLM -> {764F2118-8996-44BA-89D4-8FD6D728EA21} URL = http://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 -> {764F2118-8996-44BA-89D4-8FD6D728EA21} URL = http://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-500690503-1980189136-1725906662-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPNTDFJS
SearchScopes: HKU\S-1-5-21-500690503-1980189136-1725906662-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPNTDFJS
SearchScopes: HKU\S-1-5-21-500690503-1980189136-1725906662-1001 -> {764F2118-8996-44BA-89D4-8FD6D728EA21} URL = http://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-07-07]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-11-28] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-14] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-11-26] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-12-05] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [184800 2013-12-05] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [190704 2014-03-13] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2014-05-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-05-12] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7517872 2014-07-07] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 BtwSerialBus; C:\Windows\System32\drivers\BtwSerialBus.sys [150744 2013-09-09] (Broadcom Corporation.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-12-05] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-11] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-12-05] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-12-05] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2013-12-05] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-12-05] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782616 2013-12-05] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-12-05] (McAfee, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-04] (Realtek Semiconductor Corp.)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [466136 2014-01-14] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-03-13] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-03-13] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2014-05-12] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-24 20:16 - 2014-11-24 20:20 - 00000564 _____ () C:\Users\XXXXX\Desktop\Bundespolizei-Trojaner wegkriegen - Seite 2 - Trojaner-Board.website
2014-11-24 20:10 - 2014-11-24 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-11-22 22:31 - 2014-11-24 20:20 - 00000000 ____D () C:\FRST
2014-11-15 12:09 - 2014-11-15 12:09 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-15 12:09 - 2014-11-15 12:09 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-14 23:07 - 2014-11-14 23:07 - 00000000 ____D () C:\Users\XXXXX\Documents\Avatar
2014-11-14 23:07 - 2014-11-14 23:07 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\CyberLink
2014-11-14 22:38 - 2014-11-24 20:08 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\CrashDumps
2014-11-14 20:50 - 2014-11-14 20:50 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\hpqlog
2014-11-14 20:48 - 2014-11-24 20:08 - 00002166 _____ () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
2014-11-14 20:48 - 2014-11-14 20:49 - 00002494 _____ () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FarmVille 2.lnk
2014-11-14 20:48 - 2014-11-14 20:48 - 00002337 _____ () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-11-14 20:47 - 2014-11-14 20:47 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Evernote
2014-11-14 20:29 - 2014-11-14 20:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-11-14 20:19 - 2014-11-24 20:13 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{95DAEC24-B717-4178-B6C4-ECE1152688E9}
2014-11-14 20:19 - 2014-11-24 20:12 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-500690503-1980189136-1725906662-1001
2014-11-14 20:19 - 2014-11-14 20:19 - 00000000 __SHD () C:\Users\XXXXX\AppData\Local\EmieUserList
2014-11-14 20:19 - 2014-11-14 20:19 - 00000000 __SHD () C:\Users\XXXXX\AppData\Local\EmieSiteList
2014-11-14 20:18 - 2014-11-14 20:18 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\Macromedia
2014-11-14 20:17 - 2014-11-24 20:11 - 00000000 __RDO () C:\Users\XXXXX\OneDrive
2014-11-14 20:17 - 2014-11-14 20:17 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\Hewlett-Packard
2014-11-14 20:15 - 2014-11-24 20:10 - 00000000 ____D () C:\Users\XXXXX\Documents\Youcam
2014-11-14 20:15 - 2014-11-14 23:06 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\CyberLink
2014-11-14 20:14 - 2014-11-14 20:50 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Hewlett-Packard
2014-11-14 20:14 - 2014-11-14 20:14 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-14 20:13 - 2014-11-14 20:36 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Packages
2014-11-14 20:13 - 2014-11-14 20:13 - 00001457 _____ () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-14 20:13 - 2014-11-14 20:13 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\Synaptics
2014-11-14 20:13 - 2014-11-14 20:13 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\Adobe
2014-11-14 20:13 - 2014-11-14 20:13 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\VirtualStore
2014-11-14 20:13 - 2014-07-07 04:19 - 00002249 _____ () C:\Users\Public\Desktop\Snapfish Fotos.lnk
2014-11-14 20:12 - 2014-11-24 20:09 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Pokki
2014-11-14 20:12 - 2014-11-18 17:09 - 00000000 ____D () C:\Users\XXXXX
2014-11-14 20:12 - 2014-11-14 20:12 - 00000020 ___SH () C:\Users\XXXXX\ntuser.ini
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\Vorlagen
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\Startmenü
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\Netzwerkumgebung
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\Lokale Einstellungen
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\Eigene Dateien
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\Druckumgebung
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\Documents\Eigene Musik
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\Documents\Eigene Bilder
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\AppData\Local\Verlauf
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\AppData\Local\Anwendungsdaten
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\Anwendungsdaten
2014-11-14 20:12 - 2014-05-12 21:49 - 00000000 ___RD () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-14 20:12 - 2014-05-12 12:11 - 00000000 ___HD () C:\Users\XXXXX\Documents\hp.system.package.metadata
2014-11-14 20:12 - 2014-03-18 11:06 - 00000000 ___RD () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-11-14 20:12 - 2014-03-18 10:54 - 00000369 _____ () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-11-14 20:12 - 2014-03-18 10:54 - 00000369 _____ () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-11-14 20:12 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-14 20:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-14 20:08 - 2014-11-24 20:20 - 01206975 _____ () C:\Windows\WindowsUpdate.log
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Programme
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Dokumente und Einstellungen

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-24 20:21 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-11-24 20:10 - 2014-07-07 04:24 - 00001867 _____ () C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk
2014-11-24 20:07 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-11-23 13:09 - 2013-08-22 15:46 - 00027159 _____ () C:\Windows\setupact.log
2014-11-23 13:04 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-23 13:04 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-11-18 17:11 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-11-15 12:09 - 2014-05-12 12:11 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-11-14 23:06 - 2014-07-07 04:21 - 00000000 ____D () C:\Users\Public\CyberLink
2014-11-14 22:27 - 2014-07-07 04:10 - 00000000 ____D () C:\ProgramData\CyberLink
2014-11-14 20:55 - 2014-07-07 04:22 - 00000000 ____D () C:\ProgramData\McAfee
2014-11-14 20:51 - 2014-05-12 12:32 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-11-14 20:50 - 2014-05-12 21:25 - 00826688 _____ () C:\Windows\system32\perfh010.dat
2014-11-14 20:50 - 2014-05-12 21:25 - 00171478 _____ () C:\Windows\system32\perfc010.dat
2014-11-14 20:50 - 2014-05-12 21:18 - 00800954 _____ () C:\Windows\system32\perfh007.dat
2014-11-14 20:50 - 2014-05-12 21:18 - 00174458 _____ () C:\Windows\system32\perfc007.dat
2014-11-14 20:50 - 2014-05-12 21:10 - 00835518 _____ () C:\Windows\system32\perfh00C.dat
2014-11-14 20:50 - 2014-05-12 21:10 - 00173998 _____ () C:\Windows\system32\perfc00C.dat
2014-11-14 20:50 - 2014-03-18 10:53 - 03930712 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-14 20:22 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-11-14 20:13 - 2014-07-07 04:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2014-11-14 20:13 - 2014-05-12 12:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-11-14 20:13 - 2014-05-12 12:31 - 00000000 ___RD () C:\Program Files (x86)\Online Services
2014-11-14 20:13 - 2014-05-12 12:15 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2014-11-14 20:13 - 2014-05-12 12:14 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2014-11-14 20:13 - 2014-04-01 02:07 - 00000000 ___HD () C:\SYSTEM.SAV
2014-11-14 18:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-11-14 17:59 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT
2014-11-14 17:59 - 2013-08-22 14:36 - 00000000 __RHD () C:\Users\Default
2014-11-14 17:58 - 2014-04-02 11:25 - 00000000 ____D () C:\Windows\Panther

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-04-02 10:25

==================== End Of Log ============================
--- --- ---

--- --- ---




Das frische Addition Log:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-11-2014
Ran by XXXXXX at 2014-11-24 20:22:00
Running from F:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 6.223.215.5 - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9130 - Broadcom Corporation)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3604 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.2 (HKLM-x32\...\{412F6426-A3C7-11E3-8A71-00163E98E7D6}) (Version: 5.2.0.2951 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FarmVille 2 (HKU\S-1-5-21-500690503-1980189136-1725906662-1001\...\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b) (Version: 1.0.4.55785 - Pokki)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{F90A86C9-7779-47DD-AC06-8EE832C55F55}) (Version: 6.0.18.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{082B1425-0F24-43FA-9B64-E8F617B0AD3B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{36F80C5F-DC0D-4DF4-AF09-DC1867F0EB0A}) (Version: 2.4.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{8B4EA042-9E21-46FB-8286-225F4D51CC52}) (Version: 4.2.41.2710 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 12.8.907 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.40 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.)
Start Menu (HKU\S-1-5-21-500690503-1980189136-1725906662-1001\...\Pokki) (Version: 0.269.2.437 - Pokki)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.5.2 - Synaptics Incorporated)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App für HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05F46FEC-6D89-4105-B2C0-A24B065FC7FB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2014-01-13] (Hewlett-Packard Company)
Task: {0DC251C3-64B6-484E-902A-85CABA7078DD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {17BE34B1-2451-4E35-BA57-F8E2F84E33DF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {3A775E34-C624-49DC-BD84-8AB7E0E1E5F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {50A1836A-D1C0-4B99-B80F-90C8F9C06EAD} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.)
Task: {AE46274E-9561-4D16-AA2C-77C7A12089AE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {CAB64DB4-A2BD-4582-9CE6-9F3F5DC8BF44} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {E0C52568-2A67-47C6-9CBF-444367D38298} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)

==================== Loaded Modules (whitelisted) =============

2014-03-28 12:31 - 2014-03-28 12:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 12:27 - 2014-03-28 12:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 12:27 - 2014-03-28 12:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 12:27 - 2014-03-28 12:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 12:48 - 2014-03-28 12:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 12:48 - 2014-03-28 12:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-12-04 07:44 - 2013-12-04 07:44 - 00200168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-12-04 07:44 - 2013-12-04 07:44 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-12-04 07:44 - 2013-12-04 07:44 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-03-28 12:36 - 2014-03-28 12:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-02-12 13:13 - 2014-02-12 13:13 - 00033056 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe
2014-11-14 20:12 - 2014-01-17 17:32 - 00569856 _____ () C:\Users\XXXXXX\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2014-11-14 20:12 - 2014-01-17 17:32 - 01400846 _____ () C:\Users\XXXXXX\AppData\Local\Pokki\Engine\avcodec-54.dll
2014-11-14 20:12 - 2014-01-17 17:32 - 00151054 _____ () C:\Users\XXXXXX\AppData\Local\Pokki\Engine\avutil-51.dll
2014-11-14 20:12 - 2014-01-17 17:32 - 00222734 _____ () C:\Users\XXXXXX\AppData\Local\Pokki\Engine\avformat-54.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\XXXXXX\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-500690503-1980189136-1725906662-500 - Administrator - Disabled)
Gast (S-1-5-21-500690503-1980189136-1725906662-501 - Limited - Disabled)
XXXXXX (S-1-5-21-500690503-1980189136-1725906662-1001 - Administrator - Enabled) => C:\Users\XXXXXX
HomeGroupUser$ (S-1-5-21-500690503-1980189136-1725906662-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/24/2014 08:08:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HPMSGSVC.exe, Version: 1.1.4.0, Zeitstempel: 0x53328331
Name des fehlerhaften Moduls: HPMSGSVC.exe, Version: 1.1.4.0, Zeitstempel: 0x53328331
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002469
ID des fehlerhaften Prozesses: 0xa48
Startzeit der fehlerhaften Anwendung: 0xHPMSGSVC.exe0
Pfad der fehlerhaften Anwendung: HPMSGSVC.exe1
Pfad des fehlerhaften Moduls: HPMSGSVC.exe2
Berichtskennung: HPMSGSVC.exe3
Vollständiger Name des fehlerhaften Pakets: HPMSGSVC.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: HPMSGSVC.exe5

Error: (11/23/2014 01:05:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HPMSGSVC.exe, Version: 1.1.4.0, Zeitstempel: 0x53328331
Name des fehlerhaften Moduls: HPMSGSVC.exe, Version: 1.1.4.0, Zeitstempel: 0x53328331
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002469
ID des fehlerhaften Prozesses: 0xc94
Startzeit der fehlerhaften Anwendung: 0xHPMSGSVC.exe0
Pfad der fehlerhaften Anwendung: HPMSGSVC.exe1
Pfad des fehlerhaften Moduls: HPMSGSVC.exe2
Berichtskennung: HPMSGSVC.exe3
Vollständiger Name des fehlerhaften Pakets: HPMSGSVC.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: HPMSGSVC.exe5

Error: (11/23/2014 01:04:22 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWmiHelper::ConnectToWMIServer  Could not connect. Error code = 0x80070424

Error: (11/23/2014 01:04:22 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWmiHelper::ConnectToWMIServer  Could not connect. Error code = 0x80070424

Error: (11/19/2014 09:27:39 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWmiHelper::ConnectToWMIServer  Could not connect. Error code = 0x80070424

Error: (11/19/2014 09:27:39 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWmiHelper::ConnectToWMIServer  Could not connect. Error code = 0x80070424

Error: (11/19/2014 09:11:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 97047

Error: (11/19/2014 09:11:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 97047

Error: (11/19/2014 09:11:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/19/2014 09:07:56 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWmiHelper::ConnectToWMIServer  Could not connect. Error code = 0x80070424


System errors:
=============
Error: (11/23/2014 01:13:36 PM) (Source: DCOM) (EventID: 10010) (User: SALEMI)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (11/23/2014 01:13:36 PM) (Source: DCOM) (EventID: 10010) (User: SALEMI)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (11/23/2014 01:07:52 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Sicherheitscenter" ist von folgendem Dienst abhängig: winmgmt. Dieser Dienst ist möglicherweise nicht installiert.

Error: (11/23/2014 01:04:21 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "IP-Hilfsdienst" ist von folgendem Dienst abhängig: winmgmt. Dieser Dienst ist möglicherweise nicht installiert.

Error: (11/23/2014 01:04:10 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎19.‎11.‎2014 um 21:27:28 unerwartet heruntergefahren.

Error: (11/19/2014 09:27:38 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "IP-Hilfsdienst" ist von folgendem Dienst abhängig: winmgmt. Dieser Dienst ist möglicherweise nicht installiert.

Error: (11/19/2014 09:27:28 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎19.‎11.‎2014 um 21:19:43 unerwartet heruntergefahren.

Error: (11/19/2014 09:07:56 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "IP-Hilfsdienst" ist von folgendem Dienst abhängig: winmgmt. Dieser Dienst ist möglicherweise nicht installiert.

Error: (11/18/2014 05:47:49 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "IP-Hilfsdienst" ist von folgendem Dienst abhängig: winmgmt. Dieser Dienst ist möglicherweise nicht installiert.

Error: (11/18/2014 05:47:38 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎18.‎11.‎2014 um 17:23:04 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (11/24/2014 08:08:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HPMSGSVC.exe1.1.4.053328331HPMSGSVC.exe1.1.4.053328331c000000500002469a4801d00819ff887f3dC:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exeC:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe3e6fc6d3-740d-11e4-826e-9cad97cd769c

Error: (11/23/2014 01:05:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HPMSGSVC.exe1.1.4.053328331HPMSGSVC.exe1.1.4.053328331c000000500002469c9401d00715d44c7d38C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exeC:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe144a4d69-7309-11e4-826e-9cad97cd769c

Error: (11/23/2014 01:04:22 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWmiHelper::ConnectToWMIServer  Could not connect. Error code = 0x80070424

Error: (11/23/2014 01:04:22 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWmiHelper::ConnectToWMIServer  Could not connect. Error code = 0x80070424

Error: (11/19/2014 09:27:39 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWmiHelper::ConnectToWMIServer  Could not connect. Error code = 0x80070424

Error: (11/19/2014 09:27:39 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWmiHelper::ConnectToWMIServer  Could not connect. Error code = 0x80070424

Error: (11/19/2014 09:11:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 97047

Error: (11/19/2014 09:11:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 97047

Error: (11/19/2014 09:11:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/19/2014 09:07:56 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWmiHelper::ConnectToWMIServer  Could not connect. Error code = 0x80070424


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU N3530 @ 2.16GHz
Percentage of memory in use: 47%
Total physical RAM: 3988.09 MB
Available physical RAM: 2074.86 MB
Total Pagefile: 5396.09 MB
Available Pagefile: 3474.84 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:444.28 GB) (Free:415.33 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.46 GB) (Free:2.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (INTENSO) (Removable) (Total:14.44 GB) (Free:14.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 99E17B67)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 14.5 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.

==================== End Of Log ============================

Ja, McAffee läuft....

Bootsektor 24.11.2014 22:09
Na, da hats den winmgmt aber mal wieder komplett zerbröselt.... :)

Schritt 1
Bitte diese reg Datei runterladen und ausführen.

PC neu starten, neues Log mit FSS

Schritt 2
Mache nochmal einen neuen Scan mit Farbars Service Scanner, du brauchst ihn dir nicht nochmals downloaden.
Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.



magigstar 26.11.2014 19:29
Ok, Datei wurde aktiviert und Notebook neu gestartet...

Hier das FRST:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by XXXXX (administrator) on SALEMI on 26-11-2014 19:23:05
Running from F:\
Loaded Profile: XXXXX (Available profiles: XXXXX)
Platform: Windows 8.1 (Update 1) (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17031_none_fa50b3979b1bcb4a\TiWorker.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\livecomm.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Pokki) C:\Users\XXXXX\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Pokki) C:\Users\XXXXX\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\XXXXX\AppData\Local\Pokki\Engine\HostAppService.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2811120 2014-03-13] (Synaptics Incorporated)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-500690503-1980189136-1725906662-1001\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-500690503-1980189136-1725906662-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
HKU\S-1-5-21-500690503-1980189136-1725906662-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT14/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT14/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT14/4
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPNTDFJS
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPNTDFJS
SearchScopes: HKLM -> {764F2118-8996-44BA-89D4-8FD6D728EA21} URL = http://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 -> {764F2118-8996-44BA-89D4-8FD6D728EA21} URL = http://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-500690503-1980189136-1725906662-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPNTDFJS
SearchScopes: HKU\S-1-5-21-500690503-1980189136-1725906662-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPNTDFJS
SearchScopes: HKU\S-1-5-21-500690503-1980189136-1725906662-1001 -> {764F2118-8996-44BA-89D4-8FD6D728EA21} URL = http://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-07-07]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent)
U2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-11-28] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-14] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-11-26] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-12-05] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [184800 2013-12-05] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [190704 2014-03-13] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2014-05-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-05-12] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7517872 2014-07-07] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 BtwSerialBus; C:\Windows\System32\drivers\BtwSerialBus.sys [150744 2013-09-09] (Broadcom Corporation.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-12-05] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-11] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-12-05] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-12-05] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2013-12-05] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-12-05] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782616 2013-12-05] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-12-05] (McAfee, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-04] (Realtek Semiconductor Corp.)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [466136 2014-01-14] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-03-13] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-03-13] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2014-05-12] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-26 19:18 - 2014-11-26 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-11-24 20:16 - 2014-11-26 19:18 - 00000564 _____ () C:\Users\XXXXX\Desktop\Bundespolizei-Trojaner wegkriegen - Seite 2 - Trojaner-Board.website
2014-11-22 22:31 - 2014-11-26 19:23 - 00000000 ____D () C:\FRST
2014-11-15 12:09 - 2014-11-15 12:09 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-15 12:09 - 2014-11-15 12:09 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-14 23:07 - 2014-11-14 23:07 - 00000000 ____D () C:\Users\XXXXX\Documents\Avatar
2014-11-14 23:07 - 2014-11-14 23:07 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\CyberLink
2014-11-14 22:38 - 2014-11-24 20:08 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\CrashDumps
2014-11-14 20:50 - 2014-11-14 20:50 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\hpqlog
2014-11-14 20:48 - 2014-11-26 19:22 - 00002166 _____ () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
2014-11-14 20:48 - 2014-11-14 20:49 - 00002494 _____ () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FarmVille 2.lnk
2014-11-14 20:48 - 2014-11-14 20:48 - 00002337 _____ () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-11-14 20:47 - 2014-11-14 20:47 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Evernote
2014-11-14 20:29 - 2014-11-14 20:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-11-14 20:19 - 2014-11-24 20:13 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{95DAEC24-B717-4178-B6C4-ECE1152688E9}
2014-11-14 20:19 - 2014-11-24 20:12 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-500690503-1980189136-1725906662-1001
2014-11-14 20:19 - 2014-11-14 20:19 - 00000000 __SHD () C:\Users\XXXXX\AppData\Local\EmieUserList
2014-11-14 20:19 - 2014-11-14 20:19 - 00000000 __SHD () C:\Users\XXXXX\AppData\Local\EmieSiteList
2014-11-14 20:18 - 2014-11-14 20:18 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\Macromedia
2014-11-14 20:17 - 2014-11-26 19:22 - 00000000 __RDO () C:\Users\XXXXX\OneDrive
2014-11-14 20:17 - 2014-11-14 20:17 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\Hewlett-Packard
2014-11-14 20:15 - 2014-11-24 20:10 - 00000000 ____D () C:\Users\XXXXX\Documents\Youcam
2014-11-14 20:15 - 2014-11-14 23:06 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\CyberLink
2014-11-14 20:14 - 2014-11-14 20:50 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Hewlett-Packard
2014-11-14 20:14 - 2014-11-14 20:14 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-14 20:13 - 2014-11-14 20:36 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Packages
2014-11-14 20:13 - 2014-11-14 20:13 - 00001457 _____ () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-14 20:13 - 2014-11-14 20:13 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\Synaptics
2014-11-14 20:13 - 2014-11-14 20:13 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\Adobe
2014-11-14 20:13 - 2014-11-14 20:13 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\VirtualStore
2014-11-14 20:13 - 2014-07-07 04:19 - 00002249 _____ () C:\Users\Public\Desktop\Snapfish Fotos.lnk
2014-11-14 20:12 - 2014-11-26 19:17 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Pokki
2014-11-14 20:12 - 2014-11-18 17:09 - 00000000 ____D () C:\Users\XXXXX
2014-11-14 20:12 - 2014-11-14 20:12 - 00000020 ___SH () C:\Users\XXXXX\ntuser.ini
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\Vorlagen
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\Startmenü
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\Netzwerkumgebung
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\Lokale Einstellungen
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\Eigene Dateien
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\Druckumgebung
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\Documents\Eigene Musik
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\Documents\Eigene Bilder
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\AppData\Local\Verlauf
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\AppData\Local\Anwendungsdaten
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 _SHDL () C:\Users\XXXXX\Anwendungsdaten
2014-11-14 20:12 - 2014-05-12 21:49 - 00000000 ___RD () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-14 20:12 - 2014-05-12 12:11 - 00000000 ___HD () C:\Users\XXXXX\Documents\hp.system.package.metadata
2014-11-14 20:12 - 2014-03-18 11:06 - 00000000 ___RD () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-11-14 20:12 - 2014-03-18 10:54 - 00000369 _____ () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-11-14 20:12 - 2014-03-18 10:54 - 00000369 _____ () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-11-14 20:12 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-14 20:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-14 20:08 - 2014-11-26 19:21 - 01301547 _____ () C:\Windows\WindowsUpdate.log
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Programme
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-11-14 17:59 - 2014-11-14 17:59 - 00000000 _SHDL () C:\Dokumente und Einstellungen

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-26 19:22 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-11-26 19:21 - 2013-08-22 15:46 - 00027300 _____ () C:\Windows\setupact.log
2014-11-26 19:21 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-26 19:20 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-11-26 19:18 - 2014-07-07 04:24 - 00001867 _____ () C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk
2014-11-26 19:15 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-11-23 13:04 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-11-15 12:09 - 2014-05-12 12:11 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-11-14 23:06 - 2014-07-07 04:21 - 00000000 ____D () C:\Users\Public\CyberLink
2014-11-14 22:27 - 2014-07-07 04:10 - 00000000 ____D () C:\ProgramData\CyberLink
2014-11-14 20:55 - 2014-07-07 04:22 - 00000000 ____D () C:\ProgramData\McAfee
2014-11-14 20:51 - 2014-05-12 12:32 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-11-14 20:50 - 2014-05-12 21:25 - 00826688 _____ () C:\Windows\system32\perfh010.dat
2014-11-14 20:50 - 2014-05-12 21:25 - 00171478 _____ () C:\Windows\system32\perfc010.dat
2014-11-14 20:50 - 2014-05-12 21:18 - 00800954 _____ () C:\Windows\system32\perfh007.dat
2014-11-14 20:50 - 2014-05-12 21:18 - 00174458 _____ () C:\Windows\system32\perfc007.dat
2014-11-14 20:50 - 2014-05-12 21:10 - 00835518 _____ () C:\Windows\system32\perfh00C.dat
2014-11-14 20:50 - 2014-05-12 21:10 - 00173998 _____ () C:\Windows\system32\perfc00C.dat
2014-11-14 20:50 - 2014-03-18 10:53 - 03930712 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-14 20:22 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-11-14 20:13 - 2014-07-07 04:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2014-11-14 20:13 - 2014-05-12 12:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-11-14 20:13 - 2014-05-12 12:31 - 00000000 ___RD () C:\Program Files (x86)\Online Services
2014-11-14 20:13 - 2014-05-12 12:15 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2014-11-14 20:13 - 2014-05-12 12:14 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2014-11-14 20:13 - 2014-04-01 02:07 - 00000000 ___HD () C:\SYSTEM.SAV
2014-11-14 18:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-11-14 17:59 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT
2014-11-14 17:59 - 2013-08-22 14:36 - 00000000 __RHD () C:\Users\Default
2014-11-14 17:58 - 2014-04-02 11:25 - 00000000 ____D () C:\Windows\Panther

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-04-02 10:25

==================== End Of Log ============================
--- --- ---

--- --- ---




Hier das Additional:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01
Ran by XXXXX at 2014-11-26 19:25:24
Running from F:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 6.223.215.5 - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9130 - Broadcom Corporation)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3604 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.2 (HKLM-x32\...\{412F6426-A3C7-11E3-8A71-00163E98E7D6}) (Version: 5.2.0.2951 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FarmVille 2 (HKU\S-1-5-21-500690503-1980189136-1725906662-1001\...\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b) (Version: 1.0.4.55785 - Pokki)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{F90A86C9-7779-47DD-AC06-8EE832C55F55}) (Version: 6.0.18.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{082B1425-0F24-43FA-9B64-E8F617B0AD3B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{36F80C5F-DC0D-4DF4-AF09-DC1867F0EB0A}) (Version: 2.4.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{8B4EA042-9E21-46FB-8286-225F4D51CC52}) (Version: 4.2.41.2710 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 12.8.907 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.40 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.)
Start Menu (HKU\S-1-5-21-500690503-1980189136-1725906662-1001\...\Pokki) (Version: 0.269.2.437 - Pokki)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.5.2 - Synaptics Incorporated)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App für HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05F46FEC-6D89-4105-B2C0-A24B065FC7FB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2014-01-13] (Hewlett-Packard Company)
Task: {0DC251C3-64B6-484E-902A-85CABA7078DD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {17BE34B1-2451-4E35-BA57-F8E2F84E33DF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {3A775E34-C624-49DC-BD84-8AB7E0E1E5F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {50A1836A-D1C0-4B99-B80F-90C8F9C06EAD} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.)
Task: {AE46274E-9561-4D16-AA2C-77C7A12089AE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {CAB64DB4-A2BD-4582-9CE6-9F3F5DC8BF44} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {E0C52568-2A67-47C6-9CBF-444367D38298} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)

==================== Loaded Modules (whitelisted) =============

2014-03-28 12:31 - 2014-03-28 12:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 12:27 - 2014-03-28 12:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 12:27 - 2014-03-28 12:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 12:27 - 2014-03-28 12:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 12:48 - 2014-03-28 12:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 12:48 - 2014-03-28 12:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-12-04 07:44 - 2013-12-04 07:44 - 00200168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-12-04 07:44 - 2013-12-04 07:44 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-12-04 07:44 - 2013-12-04 07:44 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-03-28 12:36 - 2014-03-28 12:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-11-14 20:12 - 2014-01-17 17:32 - 00569856 _____ () C:\Users\XXXXX\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2014-11-14 20:12 - 2014-01-17 17:32 - 01400846 _____ () C:\Users\XXXXX\AppData\Local\Pokki\Engine\avcodec-54.dll
2014-11-14 20:12 - 2014-01-17 17:32 - 00151054 _____ () C:\Users\XXXXX\AppData\Local\Pokki\Engine\avutil-51.dll
2014-11-14 20:12 - 2014-01-17 17:32 - 00222734 _____ () C:\Users\XXXXX\AppData\Local\Pokki\Engine\avformat-54.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\XXXXX\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-500690503-1980189136-1725906662-500 - Administrator - Disabled)
Gast (S-1-5-21-500690503-1980189136-1725906662-501 - Limited - Disabled)
XXXXX (S-1-5-21-500690503-1980189136-1725906662-1001 - Administrator - Enabled) => C:\Users\XXXXX
HomeGroupUser$ (S-1-5-21-500690503-1980189136-1725906662-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/26/2014 07:16:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HPMSGSVC.exe, Version: 1.1.4.0, Zeitstempel: 0x53328331
Name des fehlerhaften Moduls: HPMSGSVC.exe, Version: 1.1.4.0, Zeitstempel: 0x53328331
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002469
ID des fehlerhaften Prozesses: 0x127c
Startzeit der fehlerhaften Anwendung: 0xHPMSGSVC.exe0
Pfad der fehlerhaften Anwendung: HPMSGSVC.exe1
Pfad des fehlerhaften Moduls: HPMSGSVC.exe2
Berichtskennung: HPMSGSVC.exe3
Vollständiger Name des fehlerhaften Pakets: HPMSGSVC.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: HPMSGSVC.exe5

Error: (11/24/2014 08:27:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14953

Error: (11/24/2014 08:27:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14953

Error: (11/24/2014 08:27:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/24/2014 08:08:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HPMSGSVC.exe, Version: 1.1.4.0, Zeitstempel: 0x53328331
Name des fehlerhaften Moduls: HPMSGSVC.exe, Version: 1.1.4.0, Zeitstempel: 0x53328331
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002469
ID des fehlerhaften Prozesses: 0xa48
Startzeit der fehlerhaften Anwendung: 0xHPMSGSVC.exe0
Pfad der fehlerhaften Anwendung: HPMSGSVC.exe1
Pfad des fehlerhaften Moduls: HPMSGSVC.exe2
Berichtskennung: HPMSGSVC.exe3
Vollständiger Name des fehlerhaften Pakets: HPMSGSVC.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: HPMSGSVC.exe5

Error: (11/23/2014 01:05:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HPMSGSVC.exe, Version: 1.1.4.0, Zeitstempel: 0x53328331
Name des fehlerhaften Moduls: HPMSGSVC.exe, Version: 1.1.4.0, Zeitstempel: 0x53328331
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002469
ID des fehlerhaften Prozesses: 0xc94
Startzeit der fehlerhaften Anwendung: 0xHPMSGSVC.exe0
Pfad der fehlerhaften Anwendung: HPMSGSVC.exe1
Pfad des fehlerhaften Moduls: HPMSGSVC.exe2
Berichtskennung: HPMSGSVC.exe3
Vollständiger Name des fehlerhaften Pakets: HPMSGSVC.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: HPMSGSVC.exe5

Error: (11/23/2014 01:04:22 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWmiHelper::ConnectToWMIServer  Could not connect. Error code = 0x80070424

Error: (11/23/2014 01:04:22 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWmiHelper::ConnectToWMIServer  Could not connect. Error code = 0x80070424

Error: (11/19/2014 09:27:39 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWmiHelper::ConnectToWMIServer  Could not connect. Error code = 0x80070424

Error: (11/19/2014 09:27:39 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWmiHelper::ConnectToWMIServer  Could not connect. Error code = 0x80070424


System errors:
=============
Error: (11/26/2014 07:25:52 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (11/26/2014 07:25:43 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "McAfee Home Network" wurde nicht richtig gestartet.

Error: (11/26/2014 07:20:01 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (11/26/2014 07:19:20 PM) (Source: DCOM) (EventID: 10010) (User: SALEMI)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (11/26/2014 07:19:20 PM) (Source: DCOM) (EventID: 10010) (User: SALEMI)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (11/26/2014 07:19:15 PM) (Source: DCOM) (EventID: 10010) (User: SALEMI)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (11/26/2014 07:17:12 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {211EBA3A-EA5A-496B-A021-5C6BEB365E4C}

Error: (11/24/2014 08:27:34 PM) (Source: DCOM) (EventID: 10010) (User: SALEMI)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (11/24/2014 08:27:34 PM) (Source: DCOM) (EventID: 10010) (User: SALEMI)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (11/24/2014 08:27:33 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {211EBA3A-EA5A-496B-A021-5C6BEB365E4C}


Microsoft Office Sessions:
=========================
Error: (11/26/2014 07:16:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HPMSGSVC.exe1.1.4.053328331HPMSGSVC.exe1.1.4.053328331c000000500002469127c01d009a52175f60cC:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exeC:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe61258697-7598-11e4-826e-9cad97cd769c

Error: (11/24/2014 08:27:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14953

Error: (11/24/2014 08:27:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14953

Error: (11/24/2014 08:27:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/24/2014 08:08:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HPMSGSVC.exe1.1.4.053328331HPMSGSVC.exe1.1.4.053328331c000000500002469a4801d00819ff887f3dC:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exeC:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe3e6fc6d3-740d-11e4-826e-9cad97cd769c

Error: (11/23/2014 01:05:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HPMSGSVC.exe1.1.4.053328331HPMSGSVC.exe1.1.4.053328331c000000500002469c9401d00715d44c7d38C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exeC:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe144a4d69-7309-11e4-826e-9cad97cd769c

Error: (11/23/2014 01:04:22 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWmiHelper::ConnectToWMIServer  Could not connect. Error code = 0x80070424

Error: (11/23/2014 01:04:22 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWmiHelper::ConnectToWMIServer  Could not connect. Error code = 0x80070424

Error: (11/19/2014 09:27:39 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWmiHelper::ConnectToWMIServer  Could not connect. Error code = 0x80070424

Error: (11/19/2014 09:27:39 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWmiHelper::ConnectToWMIServer  Could not connect. Error code = 0x80070424


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU N3530 @ 2.16GHz
Percentage of memory in use: 39%
Total physical RAM: 3988.09 MB
Available physical RAM: 2403.48 MB
Total Pagefile: 5396.09 MB
Available Pagefile: 3866.34 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:444.28 GB) (Free:415.28 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.46 GB) (Free:2.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (INTENSO) (Removable) (Total:14.44 GB) (Free:14.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 99E17B67)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 14.5 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.

==================== End Of Log ============================


Der FSS Log:

Code:
Farbar Service Scanner Version: 21-07-2014
Ran by XXXXX (administrator) on 26-11-2014 at 19:30:27
Running from "F:\"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:32 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131