Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: FRST-Analyse nach Crypto-Tool-Removal

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 12.11.2015, 11:10   #1
HtHNightwolf
 
FRST-Analyse nach Crypto-Tool-Removal - Standard

FRST-Analyse nach Crypto-Tool-Removal



Hallo liebes TB-Team,

ich habe hier einen (Firmen)-PC (ja, ich weiß was zu beachten ist bei Firme-PCs), bei dem ich mit JRT, ADWCleaner, MBAM, ESET, MBAR und Kaspersky Boot-CD gereinigt habe.
Bis zum letzten Scan wurden jedes Mal noch bedrohliche Files gefunden und gelöscht.
Anschließend habe ich ein FRST-Log erstellt und möchte bitte, ob Ihr mit diesem mir helfen könnt, den PC endgültig zu reinigen.

Der Besitzer bzw. der Chef der Firma hat von mir bereits einen Hinweis auf die ehrenamtliche Tätigkeit und den ihn zu erwartenden Spende-Button bekommen

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by ***** (administrator) on SF200873 (12-11-2015 11:56:00)
Running from C:\Users\*****\Desktop\optional!\FRST
Loaded Profiles: ***** (Available Profiles: ***** & *****)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe
(IBM) C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe
(IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe
(Snow Software AB) C:\Program Files\INVENTORYCLIENT\client64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\CCM\CcmExec.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMeeting\1468\g2mstart.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\pnamain.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMeeting\1468\g2mcomm.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMeeting\1468\g2mlauncher.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\vapm.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtsCM] => C:\Windows\RTSCM64.EXE [168152 2014-09-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2858152 2014-12-30] (Synaptics Incorporated)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [GoToMeetingInstall1468] => C:\Program Files (x86)\Citrix\GoToMeeting\1468\G2MInstaller.exe [40304 2015-09-07] (Citrix Online, a division of Citrix Systems, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [701872 2013-01-24] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Client Access Service] => C:\Program Files (x86)\IBM\Client Access\cwbsvstr.exe [14336 2010-01-16] (IBM Corporation)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe [741360 2013-11-27] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IBM Lotus Notes Preloader] => C:\Program Files (x86)\IBM\Lotus\Notes\nntspreld.exe [20360 2010-08-11] (IBM Corp)
HKLM-x32\...\Run: [ Malwarebytes Anti-Malware ] => C:\Program Files (x86)\ Malwarebytes Anti-Malware \BusinessMessaging.exe [3213824 2015-11-12] (Malwarebytes)
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 1
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-1251722036-3130526276-372249700-1388\...\Run: [GoToMeeting] => C:\Program Files (x86)\Citrix\GoToMeeting\1468\g2mstart.exe [40304 2015-09-07] (Citrix Online, a division of Citrix Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Online Plug-in.lnk [2015-09-07]
ShortcutTarget: Online Plug-in.lnk -> C:\Windows\Installer\{0F1F7A90-E71B-4E45-A066-2891619F22E1}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe ()
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 1 <======= ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM] => prx.*****.network:8080
ProxyServer: [HKLM-x32] => prx.*****.network:8080
AutoConfigURL: [HKLM] => prx.*****.network:8080
Tcpip\Parameters: [DhcpNameServer] 10.6.0.10 10.250.1.11
Tcpip\..\Interfaces\{311262BB-9EDF-47AE-8B95-7BD07940E760}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{A0A588AA-3CBC-4A68-8FBF-DCF470F8AC75}: [DhcpNameServer] 10.6.0.10 10.250.1.11

Internet Explorer:
==================
HKU\S-1-5-21-1251722036-3130526276-372249700-1388\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://intranet.*****.network/
HKU\S-1-5-21-1251722036-3130526276-372249700-1388\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://intranet.*****.network/
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-09-07] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-09-07] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-09-07] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-09-07] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-09-07] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-09-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-09-07] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-09-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-09-07] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe [741360 2013-11-27] (Kaspersky Lab ZAO)
S3 Cwbrxd; C:\Windows\cwbrxd.exe [94208 2010-01-16] (IBM Corporation) [File not signed]
S2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [130664 2015-03-19] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-11-25] (Intel Corporation)
R2 klnagent; C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe [132600 2013-11-18] (Kaspersky Lab ZAO)
R2 Lotus Notes Diagnostics; C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe [3417480 2010-08-11] (IBM)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
S3 smstsmgr; C:\Windows\SysWOW64\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
R2 SnowInventoryClient; C:\Program Files\INVENTORYCLIENT\client64.exe [4816384 2014-12-07] (Snow Software AB) [File not signed]
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [47504 2014-06-30] (Synaptics Incorporated)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [142136 2015-01-13] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1448248 2015-01-13] (Motorola Solutions, Inc.)
S3 dc21x4vm; C:\Windows\System32\DRIVERS\dc21x4vm.sys [57344 2009-06-10] (Microsoft Corp.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [489752 2014-07-15] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [30960 2014-12-09] (Intel Corporation)
S3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [250608 2015-02-24] (Intel Corporation)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-09-05] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [98400 2015-09-07] (Kaspersky Lab ZAO)
R1 KLFLTDEV; C:\Windows\System32\DRIVERS\klfltdev.sys [30816 2013-07-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [661600 2015-09-07] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2012-11-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177760 2013-07-01] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3437848 2014-12-19] (Intel Corporation)
R3 prepdrvr; C:\Windows\SysWOW64\CCM\prepdrv.sys [26992 2009-09-18] (Microsoft Corporation)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [466136 2014-01-14] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [2599128 2014-09-11] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [31912 2014-12-30] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [32936 2014-12-30] (Synaptics Incorporated)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-12 11:55 - 2015-11-12 11:56 - 00000000 ____D C:\FRST
2015-11-12 11:55 - 2015-11-12 11:55 - 00000000 ____D C:\Users\*****\Desktop\optional!
2015-11-12 11:51 - 2015-11-12 11:51 - 08156072 _____ (TeamViewer GmbH) C:\Users\*****\Downloads\TeamViewer_Setup.exe
2015-11-12 11:51 - 2015-11-12 11:51 - 00001180 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2015-11-12 11:51 - 2015-11-12 11:51 - 00001168 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2015-11-12 11:51 - 2015-11-12 11:51 - 00000000 ____D C:\Users\*****\AppData\Roaming\TeamViewer
2015-11-12 11:51 - 2015-11-12 11:51 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-11-12 11:45 - 2015-11-12 12:47 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2015-11-12 09:11 - 2015-11-12 09:20 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-11-12 09:10 - 2015-11-12 09:20 - 00000000 ____D C:\Users\*****\Desktop\mbar
2015-11-12 08:47 - 2015-11-12 08:47 - 00000000 ____D C:\Program Files (x86)\ESET
2015-11-12 08:44 - 2015-11-12 08:44 - 00111728 _____ C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-12 08:41 - 2015-11-12 10:39 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-11-12 08:41 - 2015-11-12 09:24 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-12 08:41 - 2015-11-12 09:11 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-12 08:41 - 2015-11-12 08:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-11-12 08:41 - 2015-11-12 08:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-12 08:41 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-12 08:41 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-10 10:26 - 2015-11-10 10:26 - 00002163 _____ C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SuperOffice 7 253.lnk
2015-11-10 10:26 - 2015-11-10 10:26 - 00002145 _____ C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2015-11-10 10:26 - 2015-11-10 10:26 - 00002141 _____ C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Explorer.lnk
2015-11-10 10:26 - 2015-11-10 10:26 - 00000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-11-10 10:26 - 2015-11-10 10:26 - 00000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lotus Notes
2015-11-10 10:26 - 2015-11-10 10:26 - 00000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diver
2015-11-10 10:26 - 2015-11-10 10:26 - 00000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AS400
2015-10-25 21:59 - 2015-10-25 22:15 - 00000000 ____D C:\Users\*****\Desktop\***** ***** PRESENTATION
2015-10-17 15:39 - 2015-10-17 15:39 - 00000000 ____H C:\Users\*****\Documents\Default.rdp
2015-10-17 15:27 - 2015-10-17 15:27 - 00000000 ____D C:\Users\*****\AppData\Local\Cisco
2015-10-14 08:53 - 2015-10-14 08:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-12 11:53 - 2015-09-07 09:05 - 01573316 _____ C:\Windows\WindowsUpdate.log
2015-11-12 11:50 - 2015-09-07 13:18 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-11-12 11:50 - 2015-09-07 09:04 - 00000136 _____ C:\Windows\system32\config\netlogon.ftl
2015-11-12 11:50 - 2015-09-07 09:03 - 00000000 ____D C:\ProgramData\Validity
2015-11-12 11:50 - 2015-01-16 13:54 - 00000396 _____ C:\Windows\SMSCFG.INI
2015-11-12 11:50 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-12 11:50 - 2009-07-14 05:51 - 00043902 _____ C:\Windows\setupact.log
2015-11-12 10:41 - 2010-11-21 04:47 - 00024560 _____ C:\Windows\PFRO.log
2015-11-12 10:19 - 2015-09-07 12:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-12 09:09 - 2009-07-14 06:13 - 00783834 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-12 08:48 - 2009-07-14 05:45 - 00019104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-12 08:48 - 2009-07-14 05:45 - 00019104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-12 08:37 - 2015-09-07 10:19 - 00000000 ____D C:\Users\*****
2015-11-10 10:26 - 2015-09-08 13:01 - 00000000 ___SD C:\Users\*****\Desktop\***** Hosted Applications
2015-11-09 14:30 - 2015-09-16 08:54 - 00000000 ____D C:\Users\*****\AppData\Local\CutePDF Writer
2015-10-25 14:08 - 2015-09-07 09:32 - 00018646 __RSH C:\Users\*****\ntuser.pol
2015-10-25 14:08 - 2015-09-07 09:32 - 00000000 ____D C:\Users\*****

==================== Files in the root of some directories =======

2015-09-07 09:03 - 2015-09-07 09:03 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\*****\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\*****ss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-10 12:28

==================== End of FRST.txt ============================
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by **** (2015-11-12 11:56:18)
Running from C:\Users\****\Desktop\optional!\FRST
Windows 7 Enterprise Service Pack 1 (X64) (2015-09-07 08:08:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2480652040-179849819-3890630671-500 - Administrator - Enabled)
Guest (S-1-5-21-2480652040-179849819-3890630671-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Endpoint Security 10 for Windows (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Endpoint Security 10 for Windows (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Endpoint Security 10 for Windows (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Microsoft Office 2013“ tikrinimo įrankiai – lietuvių k. (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 18 ActiveX (HKLM-x32\...\{A4488E5C-1022-432A-8066-72E1C4023310}) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\{A580818A-6519-4120-AB1C-F4F6FCFAA7D0}) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\{58597FDC-CDF0-4760-A57C-250DF09F4A21}) (Version: 12.0.2.122 - Adobe Systems, Inc)
Apple Application Support (64-Bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDBurnerXP (HKLM-x32\...\{E1FD2C1D-EA9C-4613-86B8-86270405D2EA}) (Version: 4.3.9.2809 - Canneverbe Limited)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.02040 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.02040 - Cisco Systems, Inc.) Hidden
Cisco AnyConnect Start Before Login Module (HKLM-x32\...\{647CB20E-E2CD-4096-B33C-BA3B95B7A4EC}) (Version: 3.1.02040 - Cisco Systems, Inc.)
Citrix Online Plug-in (DV) (HKLM-x32\...\{678094A1-6250-476B-9AFF-4376E48F135C}) (Version: 12.1.0.30 - Citrix Systems, Inc.)
Citrix Online Plug-in (HDX) (HKLM-x32\...\{FA365307-1963-4D16-BD44-113C8F037AAD}) (Version: 12.1.0.30 - Citrix Systems, Inc.)
Citrix Online Plug-in (PNA) (HKLM-x32\...\{0F1F7A90-E71B-4E45-A066-2891619F22E1}) (Version: 12.1.0.30 - Citrix Systems, Inc.)
Citrix Online Plug-in (SSON) (HKLM-x32\...\{2CF4F553-5E00-42DC-85AB-9A1A29C7D9D2}) (Version: 12.1.0.30 - Citrix Systems, Inc.)
Citrix Online Plug-in (USB) (HKLM-x32\...\{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}) (Version: 12.1.0.30 - Citrix Systems, Inc.)
Citrix Online Plug-in (Web) (HKLM-x32\...\{199C20D6-10D3-4210-B361-4760209F56AE}) (Version: 12.1.0.30 - Citrix Systems, Inc.)
Configuration Manager Client (x32 Version: 4.00.6487.2000 - Microsoft Corporation) Hidden
Công cụ Soát lỗi Microsoft Office 2013 - Tiếng Việt (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
CutePDF Writer (HKLM\...\{B535FC60-4B87-463B-B0FD-F15DA126DC82}) (Version: 2.8.0.5 - Acro Software Inc.)
Eines de correcció del Microsoft Office 2013: català (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Ferramentas de Verificação do Microsoft Office 2013 - Português (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Ferramentas de verificación de Microsoft Office 2013 - Galego (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
GoToMeeting 6.3.0.1468 (HKLM-x32\...\GoToMeeting) (Version: 6.3.0.1468 - CitrixOnline)
GoToMeeting 6.3.1468 IT Installer (x32 Version: 6.3.1468 - Citrix) Hidden
IBM i Access for Windows 7.1 (HKLM\...\{31E11496-1F84-4DCC-B07A-369B40B8B4A7}) (Version: 07.01.0001 - IBM)
IBM i Access for Windows MRI (x32 Version: 07.01.0000 - IBM) Hidden
Intel(R) Wireless Bluetooth(R)(patch version 17.1.1509.681) (HKLM\...\{302600C1-6BDF-4FD1-1501-148929CC1385}) (Version: 17.1.1501.0514 - Intel Corporation)
iTunes (HKLM\...\{4046F74A-28F8-48C6-A5D3-2AFC472574C1}) (Version: 12.2.0.145 - Apple Inc.)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Kaspersky Endpoint Security 10 for Windows (HKLM\...\{04CF7FBD-E56C-446D-8FC9-DD444BDBEE8E}) (Version: 10.2.1.23 - Kaspersky Lab)
Kaspersky Security Center Network Agent (HKLM-x32\...\InstallWIX_{BCF4CF24-88AB-45E1-A6E6-40C8278A70C5}) (Version: 10.1.249 - Kaspersky Lab)
Kaspersky Security Center Network Agent (x32 Version: 10.1.249 - Kaspersky Lab) Hidden
Korrekturredskaber til Microsoft Office 15 – Dansk (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Korrekturverktøy for Microsoft Office 2013 – Norsk (nynorsk) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.09.03 - )
Lotus Notes 8.5.2 (HKLM-x32\...\{07C69B3A-62B3-41BF-82EE-B3A87BD6EA0C}) (Version: 8.52.10222 - IBM)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 Proofing Tools Kit Service Pack 1 (SP1) (HKLM\...\{90140000-004B-0000-1000-0000000FF1CE}_Office14.PROOFKIT_{BDC40483-62A4-4AEF-B031-1EFFCE45F92C}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Proofing Tools Kit Compilation 2010 (HKLM\...\Office14.PROOFKIT) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Proofing Tools Kit Compilation 2013 (HKLM\...\Office15.PROOFKIT) (Version: 15.0.4481.1005 - Microsoft Corporation)
Microsoft Outlook 2013 (HKLM\...\Office15.OUTLOOK) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.51.01 - )
Orodja za preverjanje za Microsoft Office 2013 – slovenščina (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7368 - Realtek Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Snow Inventory Client (64-bit) (HKLM\...\{C131CCCA-56E1-4636-87C1-A2B2F407AB08}) (Version: 3.7.02 - Snow Software AB)
****QS (HKLM-x32\...\{C7D08C97-F8FA-41BC-8E21-2DE9401B0525}) (Version: 7.0.12979.0 - **** ****)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.27.20 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
VLC media player (HKLM-x32\...\{E414C776-FAA3-48FB-A4DE-CC13D65D99D1}) (Version: 1.1.4 - VideoLan Project)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Εργαλεία γλωσσικού ελέγχου του Microsoft Office 2013 - Ελληνικά (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Засоби перевірки правопису Microsoft Office 2013 – Українська версія (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Средства проверки правописания Microsoft Office 2013 — русский (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
כלי ההגהה של Microsoft Office 2013 - עברית (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1251722036-3130526276-372249700-1388_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points =========================

22-09-2015 09:45:09 Scheduled Checkpoint
29-09-2015 10:24:55 Scheduled Checkpoint
06-10-2015 11:22:17 Scheduled Checkpoint
14-10-2015 11:28:33 Scheduled Checkpoint
26-10-2015 12:09:16 Scheduled Checkpoint
03-11-2015 12:25:52 Scheduled Checkpoint
10-11-2015 12:35:26 Scheduled Checkpoint
12-11-2015 08:36:52 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {063B2867-5B94-478E-B13E-CDAD33B71EC7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {17660999-E6FD-4109-AEAA-FDC162A5C056} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {32D4BFE7-F0B4-4D53-AB82-7FD93118003E} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-09-01] (Realtek Semiconductor)
Task: {413502AD-94B3-4AC2-8D86-03A8B16D7682} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-10-07] (Realtek Semiconductor)
Task: {829A49A2-EE30-42DE-A0A0-4D6F56EAAB13} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-07] (Adobe Systems Incorporated)
Task: {94B28468-6756-4EC0-A027-BF6B088D99C3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {EB0D0DB4-0DE3-4DAA-9CD6-DCB8734660A2} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-09-01] (Realtek Semiconductor)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2009-11-05 07:40 - 2009-11-05 07:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2015-05-15 15:26 - 2015-05-15 15:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 15:26 - 2015-05-15 15:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-01-24 08:34 - 2013-01-24 08:34 - 00063408 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1251722036-3130526276-372249700-1388\Control Panel\Desktop\\Wallpaper -> C:\Users\****\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.6.0.10 - 10.250.1.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{33442E8E-A26D-43ED-81F1-B4FB8F4BA07A}] => (Allow) LPort=15000
FirewallRules: [{11331A4F-BE84-4A9E-8F74-4843916F13FD}] => (Allow) LPort=15000
FirewallRules: [{1BCC3139-E547-4024-8B05-9440FF7B4E66}] => (Allow) LPort=15000
FirewallRules: [{942253DA-72CE-487C-9D26-198AB0A037F9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E9A6FFEE-BBF1-49DE-BFB3-AFDED690D3BB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{30568151-E54C-4AAF-814E-A23525081F08}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DDABDD30-5BA8-4C12-9FB6-1E08B3D25588}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{572EF87F-0BED-41C3-A50F-210754082E9D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{088B4622-687F-49DD-AE61-462C4C082181}] => (Allow) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagwds.exe
FirewallRules: [{6DCB089D-0B93-4678-85A1-78A614911926}] => (Allow) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagwds.exe
FirewallRules: [{4C159519-4170-4707-A0AA-27A2382CD737}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{B65D28FD-E188-4818-95B1-3DD49DD24633}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{5ADF4C48-94F6-4A1F-A611-410B7BDC9E89}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{62B72F83-1BD8-422B-8938-2AABEA2F6B88}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{52640B07-B30F-4124-92E4-C0C219445AF6}] => (Allow) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagwds.exe
FirewallRules: [{53319798-06DB-4427-87C5-4447D5EB48A5}] => (Allow) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagwds.exe
FirewallRules: [{4614EFA7-4D11-49FE-B74A-F3EC86A252DA}] => (Allow) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagwds.exe
FirewallRules: [{2F082232-DF59-4007-9EC9-8AC6A066ED9F}] => (Allow) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagwds.exe

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2015 11:50:44 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2015 11:50:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2015 11:50:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2015 11:50:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2015 11:50:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2015 11:50:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2015 11:50:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2015 11:50:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2015 11:50:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2015 11:50:31 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (11/12/2015 11:50:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using L****)

Error: (11/12/2015 11:50:29 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{1CCB96F4-B8AD-4B43-9688-B273F58E0910}{AD65A69D-3831-40D7-9629-9B0B50A93843}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using L****)

Error: (11/12/2015 11:50:22 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom

Error: (11/12/2015 11:50:21 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (11/12/2015 11:50:21 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain **** due to the following: 
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (11/12/2015 11:50:18 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:42:14 on ‎12.‎11.‎2015 was unexpected.

Error: (11/12/2015 10:41:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using L****)

Error: (11/12/2015 10:41:16 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (11/12/2015 10:41:16 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain **** due to the following: 
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (11/12/2015 09:03:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz
Percentage of memory in use: 23%
Total physical RAM: 7888.23 MB
Available physical RAM: 6018.7 MB
Total Virtual: 15774.65 MB
Available Virtual: 13807.3 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:119.24 GB) (Free:30.53 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Removable) (Total:14.48 GB) (Free:14.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 8098D250)
Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.5 GB) (Disk ID: 0633F112)
Partition 1: (Active) - (Size=14.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Enterprise x64
Ran by hamshe on 12.11.2015 at  8:36:51,36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}



~~~ Files

Successfully deleted: [File] C:\Windows\SysWOW64\REN9645.tmp



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\ask.com





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.11.2015 at  8:38:46,55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 12.11.2015
Scan Time: 08:42
Logfile: MBAM.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.11.12.01
Rootkit Database: v2015.11.04.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: *****

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 373143
Time Elapsed: 3 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 2
PUM.Optional.NoChangingWallpaper, HKU\S-1-5-21-1251722036-3130526276-372249700-21520\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ACTIVEDESKTOP|NoChangingWallPaper, 1, Good: (0), Bad: (1),Replaced,[39e85d20870484b2aa35cb86e51f54ac]
PUM.Optional.NoSMHelp, HKU\S-1-5-21-1251722036-3130526276-372249700-21520\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSMHelp, 1, Good: (0), Bad: (1),Replaced,[73ae3c4155363ef823dd331f0afafd03]

Folders: 0
(No malicious items detected)

Files: 1
Trojan.Upatre, C:\$Recycle.Bin\S-1-5-21-1251722036-3130526276-372249700-21520\$ROIKQQI.zip, Quarantined, [071a5f1e3f4c6cca8047064457aa9f61], 

Physical Sectors: 0
(No malicious items detected)


(end)
         
MBAM, MBAR, JRT, ADWCleaner und co. melden jetzt im neuen Durchlauf alle 0 Funde

Alt 12.11.2015, 12:50   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
FRST-Analyse nach Crypto-Tool-Removal - Standard

FRST-Analyse nach Crypto-Tool-Removal



Hi,

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________

__________________

Alt 12.11.2015, 13:37   #3
HtHNightwolf
 
FRST-Analyse nach Crypto-Tool-Removal - Standard

FRST-Analyse nach Crypto-Tool-Removal



Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2015.11.12.03
  rootkit: v2015.11.04.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18015
**** :: ******* [administrator]

12.11.2015 14:29:55
mbar-log-2015-11-12 (14-29-55).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 373979
Time elapsed: 5 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
__________________

Alt 12.11.2015, 14:12   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
FRST-Analyse nach Crypto-Tool-Removal - Standard

FRST-Analyse nach Crypto-Tool-Removal



Die FRST-Logs sollten auch so passen. Da steht zwar ein paar mal attention, aber das dürften legitime firmenrelevante Einstellung sein. Ich würde da nix fixen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu FRST-Analyse nach Crypto-Tool-Removal
adobe, adware, besitzer, bonjour, browser, computer, cpu, defender, desktop, device driver, dnsapi.dll, explorer, failed, flash player, kaspersky, mozilla, realtek, registry, rundll, scan, security, services.exe, software, svchost.exe, system, temp, usb, windows



Ähnliche Themen: FRST-Analyse nach Crypto-Tool-Removal


  1. Wichtige Daten Verschwunden nach Junkware Removal Tool
    Log-Analyse und Auswertung - 05.08.2014 (5)
  2. Logfile nach Beseitigung (?) MS Removal Tool
    Log-Analyse und Auswertung - 13.07.2011 (23)
  3. erst ms removal tool und nun sheur3
    Log-Analyse und Auswertung - 23.06.2011 (22)
  4. Ms Removal tool
    Plagegeister aller Art und deren Bekämpfung - 22.05.2011 (1)
  5. Backup nach MS Removal Tool
    Plagegeister aller Art und deren Bekämpfung - 17.05.2011 (4)
  6. MS Removal Tool - dwn.exe + csrss.exe
    Plagegeister aller Art und deren Bekämpfung - 16.05.2011 (11)
  7. Startmenü leer nach MS Removal Tool
    Plagegeister aller Art und deren Bekämpfung - 13.05.2011 (14)
  8. Befall mit MS Removal Tool
    Log-Analyse und Auswertung - 26.04.2011 (18)
  9. MS Removal Tool auf Vista
    Log-Analyse und Auswertung - 17.04.2011 (19)
  10. Trojaner, Viren und MS Removal Tool etc.
    Antiviren-, Firewall- und andere Schutzprogramme - 16.04.2011 (8)
  11. MS Removal Tool
    Plagegeister aller Art und deren Bekämpfung - 13.04.2011 (23)
  12. MS Removal Tool entfernen
    Anleitungen, FAQs & Links - 27.03.2011 (2)
  13. Conficker/ cleanup tool oder removal tool ?
    Plagegeister aller Art und deren Bekämpfung - 23.04.2009 (0)
  14. boot - removal tool
    Plagegeister aller Art und deren Bekämpfung - 31.01.2007 (4)
  15. Removal Tool zum Entfernen des 1&1 Trojaners ist da!
    Plagegeister aller Art und deren Bekämpfung - 13.01.2007 (1)

Zum Thema FRST-Analyse nach Crypto-Tool-Removal - Hallo liebes TB-Team, ich habe hier einen (Firmen)-PC (ja, ich weiß was zu beachten ist bei Firme-PCs), bei dem ich mit JRT, ADWCleaner, MBAM, ESET, MBAR und Kaspersky Boot-CD gereinigt - FRST-Analyse nach Crypto-Tool-Removal...
Archiv
Du betrachtest: FRST-Analyse nach Crypto-Tool-Removal auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.