icemannii | 15.01.2015 19:21 | Website mit unerwünschten Werbung/Befragung Nach der Neu-Installieren und arbeiten mit meiner Webseite poppte ein unerwünschte Befragung auf und auf der Webseite kommen unerwünschte Werbung: "Es könnte Sie auch interessieren."
Ein anderer Notebook zeigt diesen Effekt nicht. Es muss also am Notebook liegen.
Acer Aspir 1810TZ mit Win 7 Home Premium SP1 64bit
mit MS Security Essentiell geschützt
Ich habe in den Addons folgende Einträge gesehen:
soaVernEt
eeaSytoshop welche aktiviert sind. Diese konnte ich nicht deaktivieren.
Habe dann Malwarebytes Anti-Malware laufen gelassen: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 14.01.2015
Suchlauf-Zeit: 18:52:20
Logdatei: F114_s_proto.txt
Administrator: Ja
Version: 2.00.4.1028
Malware Datenbank: v2015.01.14.08
Rootkit Datenbank: v2015.01.07.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: User
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 425251
Verstrichene Zeit: 21 Min, 4 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente erkannt)
Module: 0
(Keine schädliche Elemente erkannt)
Registrierungsschlüssel: 4
PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WOW6432NODE\InstallIQ, In Quarantäne, [ee6249ae0287b2848c737d2f7291dc24],
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{f66fd764}, In Quarantäne, [5ef2aa4d4b3ecd69f8f84e40dc279b65],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-277168032-2276531388-1211162667-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [8dc3ba3d44454bebc9fbfdb552b18080],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-277168032-2276531388-1211162667-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [c18f3dbafb8e49ed1abd65639074639d],
Registrierungswerte: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-277168032-2276531388-1211162667-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, zr2X2X1G1S1F2V1S2Q0V, In Quarantäne, [c18f3dbafb8e49ed1abd65639074639d]
Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)
Ordner: 4
Rogue.Multiple, C:\ProgramData\1078601655, In Quarantäne, [0a469d5a1b6e72c4d605fb2bf40f25db],
PUP.Optional.OpenCandy, C:\Users\User\AppData\Roaming\OpenCandy, In Quarantäne, [afa173845930fc3acf9e0135b350cc34],
PUP.Optional.OpenCandy, C:\Users\User\AppData\Roaming\OpenCandy\7DC0F84CA84B420588BEC40047E6007A, In Quarantäne, [afa173845930fc3acf9e0135b350cc34],
PUP.Optional.FileTypeAssistant, C:\Program Files (x86)\File Type Assistant, In Quarantäne, [cc8462953f4abb7b5ff585d5a65dd42c],
Dateien: 4
PUP.Optional.DownloadAssistant, C:\Users\User\AppData\Local\Temp\JavaPlatformSEUpdateSetup.exe, In Quarantäne, [ea66768143463ff7b6a66d7d629f8e72],
PUP.Optional.BPlug, C:\Users\User\AppData\Local\Temp\is1957915176\1FBF57E8_stp.EXE, In Quarantäne, [f06017e06e1b4ee88fe8daf2cb369868],
Rogue.Multiple, C:\ProgramData\1078601655\BITC015.tmp, In Quarantäne, [0a469d5a1b6e72c4d605fb2bf40f25db],
PUP.Optional.OpenCandy, C:\Users\User\AppData\Roaming\OpenCandy\7DC0F84CA84B420588BEC40047E6007A\TuneUpUtilities2013-2200214_de-DE.exe, In Quarantäne, [afa173845930fc3acf9e0135b350cc34],
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end) und nachherAdwCleaner_4.107 Code:
# AdwCleaner v4.107 - Bericht erstellt am 14/01/2015 um 19:50:12
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-13.2 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : User - CHCSEW08
# Gestartet von : C:\Users\User\Desktop\AdwCleaner_4.107.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FinalMediaPlayer.lnk
Datei Gefunden : C:\Users\User\Desktop\FinalMediaPlayer.lnk
Ordner Gefunden : C:\Program Files (x86)\eeaSytoshop
Ordner Gefunden : C:\Program Files (x86)\FinalMediaPlayer
Ordner Gefunden : C:\ProgramData\79181875e6c1c3d3
Ordner Gefunden : C:\ProgramData\apn
Ordner Gefunden : C:\ProgramData\eeaSytoshop
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalMediaPlayer
Ordner Gefunden : C:\Save
Ordner Gefunden : C:\Users\User\AppData\Local\FileTypeAssistant
Ordner Gefunden : C:\Users\User\AppData\Local\FinalMediaPlayer
Ordner Gefunden : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\labjkcebgnimjebenanfbledhaaokpke
Ordner Gefunden : C:\Users\User\AppData\Roaming\FinalMediaPlayer
Ordner Gefunden : C:\Users\User\Documents\Optimizer Pro
***** [ Tasks ] *****
Task Gefunden : Final Media Player Update Checker
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gefunden : HKCU\Software\Bitberry
Schlüssel Gefunden : HKCU\Software\Bitberry Software
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c5159ec1-0fa7-46f8-b89d-e60feee1f591}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5159ec1-0fa7-46f8-b89d-e60feee1f591}
Schlüssel Gefunden : HKCU\Software\Optimizer Pro
Schlüssel Gefunden : [x64] HKCU\Software\Bitberry
Schlüssel Gefunden : [x64] HKCU\Software\Bitberry Software
Schlüssel Gefunden : [x64] HKCU\Software\Optimizer Pro
Schlüssel Gefunden : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gefunden : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gefunden : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{c5159ec1-0fa7-46f8-b89d-e60feee1f591}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Pc5159ec1_0fa7_46f8_b89d_e60feee1f591_.Pc5159ec1_0fa7_46f8_b89d_e60feee1f591_
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Pc5159ec1_0fa7_46f8_b89d_e60feee1f591_.Pc5159ec1_0fa7_46f8_b89d_e60feee1f591_.9
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{c5159ec1-0fa7-46f8-b89d-e60feee1f591}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{532970A2-464B-73CB-BBC4-F209EAD3EEBE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{614925F9-841A-53FE-A28F-DC30FA07239B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FinalMediaPlayer_is1
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{c5159ec1-0fa7-46f8-b89d-e60feee1f591}
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Google Chrome v39.0.2171.95
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gefunden [Extension] : labjkcebgnimjebenanfbledhaaokpke
*************************
AdwCleaner[R0].txt - [3773 octets] - [14/01/2015 19:50:12]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3833 octets] ##########
bereinigt: Code:
# AdwCleaner v4.107 - Bericht erstellt am 14/01/2015 um 19:55:17
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-13.2 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : User - CHCSEW08
# Gestartet von : C:\Users\User\Desktop\AdwCleaner_4.107.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Save
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\eeaSytoshop
Ordner Gelöscht : C:\ProgramData\79181875e6c1c3d3
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalMediaPlayer
Ordner Gelöscht : C:\Program Files (x86)\FinalMediaPlayer
Ordner Gelöscht : C:\Program Files (x86)\eeaSytoshop
Ordner Gelöscht : C:\Users\User\AppData\Local\FileTypeAssistant
Ordner Gelöscht : C:\Users\User\AppData\Local\FinalMediaPlayer
Ordner Gelöscht : C:\Users\User\AppData\Roaming\FinalMediaPlayer
Ordner Gelöscht : C:\Users\User\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\labjkcebgnimjebenanfbledhaaokpke
Datei Gelöscht : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FinalMediaPlayer.lnk
Datei Gelöscht : C:\Users\User\Desktop\FinalMediaPlayer.lnk
***** [ Tasks ] *****
Task Gelöscht : Final Media Player Update Checker
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Pc5159ec1_0fa7_46f8_b89d_e60feee1f591_.Pc5159ec1_0fa7_46f8_b89d_e60feee1f591_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Pc5159ec1_0fa7_46f8_b89d_e60feee1f591_.Pc5159ec1_0fa7_46f8_b89d_e60feee1f591_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{c5159ec1-0fa7-46f8-b89d-e60feee1f591}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5159ec1-0fa7-46f8-b89d-e60feee1f591}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c5159ec1-0fa7-46f8-b89d-e60feee1f591}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{c5159ec1-0fa7-46f8-b89d-e60feee1f591}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{c5159ec1-0fa7-46f8-b89d-e60feee1f591}
Schlüssel Gelöscht : HKCU\Software\Bitberry Software
Schlüssel Gelöscht : HKCU\Software\Bitberry
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{614925F9-841A-53FE-A28F-DC30FA07239B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FinalMediaPlayer_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{532970A2-464B-73CB-BBC4-F209EAD3EEBE}
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Google Chrome v39.0.2171.95
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : labjkcebgnimjebenanfbledhaaokpke
*************************
AdwCleaner[R0].txt - [3929 octets] - [14/01/2015 19:50:12]
AdwCleaner[S0].txt - [3679 octets] - [14/01/2015 19:55:17]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3739 octets] ########## Hier noch die entsprechenden Logs von FRST64: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015
Ran by User (administrator) on CHCSEW08 on 15-01-2015 18:18:54
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User & NTWS_Admin & icemanii)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Visioneer Inc.) C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(LINE Corporation) C:\Program Files (x86)\Naver\LINE\Line.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Ghisler Software GmbH) C:\Program Files (x86)\totalcmd\TOTALCMD64.EXE
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Users\User\Desktop\Defogger.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-277168032-2276531388-1211162667-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-277168032-2276531388-1211162667-1000\...\Run: [SkyDrive] => C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-08] (Microsoft Corporation)
HKU\S-1-5-21-277168032-2276531388-1211162667-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-277168032-2276531388-1211162667-1000\...\Run: [Line] => C:\Program Files (x86)\Naver\LINE\Line.exe [3998568 2014-12-18] (LINE Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-277168032-2276531388-1211162667-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.fridaycoffee.ch/
HKU\S-1-5-21-277168032-2276531388-1211162667-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 62.2.17.61 62.2.24.158 62.2.17.60 62.2.24.162
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-24]
CHR Extension: (YouTube Auto Wide) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nilidoodajjnlapacccmliohagelpanf [2015-01-14]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-27]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 f66fd764; c:\Program Files (x86)\ZPro\ZPro.dll [2233344 2015-01-14] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 OneTouch 4.0 Monitor; C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe [231936 2013-12-09] (Visioneer Inc.) [File not signed]
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WiselinkPro; C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [3007488 2010-02-17] () [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-15 18:18 - 2015-01-15 18:19 - 00012507 _____ () C:\Users\User\Desktop\FRST.txt
2015-01-15 18:18 - 2015-01-15 18:18 - 00000000 ____D () C:\FRST
2015-01-15 18:17 - 2015-01-15 18:17 - 00000470 _____ () C:\Users\User\Desktop\defogger_disable.log
2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _____ () C:\Users\User\defogger_reenable
2015-01-15 12:23 - 2015-01-15 12:23 - 00050477 _____ () C:\Users\User\Desktop\Defogger.exe
2015-01-15 12:22 - 2015-01-15 12:22 - 00380416 _____ () C:\Users\User\Desktop\fnbz45ub.exe
2015-01-15 12:18 - 2015-01-15 12:18 - 02125312 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-01-14 20:36 - 2015-01-15 11:15 - 00000000 ____D () C:\Save
2015-01-14 19:49 - 2015-01-14 20:06 - 00000000 ____D () C:\AdwCleaner
2015-01-14 19:48 - 2015-01-14 19:48 - 02191360 _____ () C:\Users\User\Desktop\AdwCleaner_4.107.exe
2015-01-14 18:51 - 2015-01-15 18:00 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 18:50 - 2015-01-14 18:50 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-14 18:50 - 2015-01-14 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-14 18:50 - 2015-01-14 18:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-14 18:50 - 2015-01-14 18:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-14 18:50 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-14 18:50 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-14 18:50 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-14 12:52 - 2015-01-14 12:52 - 00000000 ____D () C:\Program Files (x86)\soaVernEt
2015-01-14 12:03 - 2015-01-14 12:56 - 00000000 ____D () C:\ProgramData\soaVernEt
2015-01-14 11:53 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 11:53 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 11:53 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 11:53 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 11:53 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 11:53 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 11:53 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 11:53 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 11:53 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 11:53 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 11:53 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 11:53 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 11:53 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 11:41 - 2015-01-14 11:41 - 00000000 ____D () C:\Program Files (x86)\ZPro
2014-12-26 14:27 - 2014-12-26 14:27 - 01010507 _____ () C:\Users\User\Downloads\FotoGalerie_v72.zip
2014-12-24 10:54 - 2014-12-24 10:54 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-24 10:13 - 2014-09-14 11:55 - 08651384 _____ (Bitberry Software ) C:\Users\User\Downloads\FinalMediaPlayer2014U1Setup.exe
2014-12-20 20:01 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-20 20:01 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 13:00 - 2014-12-17 12:55 - 00599288 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwampfl.sys
2014-12-17 12:58 - 2014-12-17 12:58 - 00000000 ____D () C:\Users\User\Documents\Bluetooth-Exchange-Ordner
2014-12-17 12:58 - 2014-12-17 12:58 - 00000000 ____D () C:\Users\User\AppData\Local\Broadcom
2014-12-17 12:57 - 2014-12-17 12:57 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Problem Report.lnk
2014-12-17 12:57 - 2014-12-17 12:57 - 00001109 _____ () C:\Users\Public\Desktop\Bluetooth Problem Report.lnk
2014-12-17 12:56 - 2014-12-17 12:55 - 00210984 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys
2014-12-17 12:56 - 2014-12-17 12:55 - 00184144 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys
2014-12-17 12:56 - 2014-12-17 12:55 - 00039976 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwl2cap.sys
2014-12-17 12:56 - 2014-12-17 12:55 - 00021544 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys
2014-12-17 12:55 - 2014-12-17 12:55 - 00000000 ____D () C:\Program Files\WIDCOMM
2014-12-17 09:02 - 2014-12-17 09:02 - 00000000 ____D () C:\Windows\system32\appraiser
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-15 18:18 - 2013-07-11 20:47 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-01-15 18:03 - 2014-04-09 18:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-15 18:02 - 2009-07-14 05:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 18:02 - 2009-07-14 05:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 18:00 - 2013-07-08 19:48 - 01181403 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 17:59 - 2013-07-10 15:45 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-15 14:35 - 2013-08-15 11:34 - 00005940 _____ () C:\fpRedmon.log
2015-01-15 14:35 - 2013-07-11 21:12 - 00000000 ____D () C:\Users\User\AppData\Local\FreePDF_XP
2015-01-15 14:35 - 2013-07-08 20:37 - 00000000 ____D () C:\Aabb
2015-01-15 13:03 - 2014-04-09 18:55 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-15 13:03 - 2013-07-11 21:07 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-15 13:03 - 2013-07-11 21:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-15 12:01 - 2013-07-11 20:45 - 00000000 ___RD () C:\Users\User\SkyDrive
2015-01-15 12:00 - 2013-07-10 15:45 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-15 12:00 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 12:00 - 2009-07-14 05:51 - 00064325 _____ () C:\Windows\setupact.log
2015-01-15 11:22 - 2013-07-31 14:03 - 00000000 ____D () C:\Temp
2015-01-14 20:12 - 2011-04-12 08:43 - 00699440 _____ () C:\Windows\system32\perfh007.dat
2015-01-14 20:12 - 2011-04-12 08:43 - 00149548 _____ () C:\Windows\system32\perfc007.dat
2015-01-14 20:12 - 2009-07-14 06:13 - 01619700 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 20:08 - 2010-11-21 04:47 - 00030282 _____ () C:\Windows\PFRO.log
2015-01-14 19:19 - 2013-07-08 20:45 - 00000000 ____D () C:\Windows\Panther
2015-01-14 12:25 - 2013-07-13 09:48 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 12:20 - 2013-07-08 21:10 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-11 15:45 - 2013-08-08 11:34 - 00000000 ____D () C:\scan
2015-01-05 20:03 - 2014-12-08 13:57 - 00001063 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk
2015-01-05 20:03 - 2014-12-08 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE
2014-12-31 12:14 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-24 10:14 - 2013-07-22 20:40 - 00001109 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\FinalMediaPlayer.lnk
2014-12-20 20:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-17 13:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-17 12:58 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-17 09:10 - 2013-07-10 15:45 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-17 09:02 - 2014-05-09 09:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-17 09:02 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-17 09:02 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\FinalMediaPlayerSetup.exe
C:\Users\User\AppData\Local\Temp\i4jdel0.exe
C:\Users\User\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\npp.6.6.3.Installer.exe
C:\Users\User\AppData\Local\Temp\optprosetup.exe
C:\Users\User\AppData\Local\Temp\SkypeSetup.exe
C:\Users\User\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-05 21:32
==================== End Of Log ============================ Addition: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015
Ran by User at 2015-01-15 18:19:55
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Buildtools-Sprachressourcen - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Buildtools-Sprachressourcen - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CrystalDiskInfo 5.6.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.6.2 - Crystal Dew World)
Dev-PHP (HKLM-x32\...\DevPHP) (Version: 2.6.1.29 - Dev-PHP Team)
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
Erforderliche Komponenten für SSDT (HKLM-x32\...\{3FF082A7-A5DE-4BDA-B56A-1D2BEFD617A3}) (Version: 11.1.3000.0 - Microsoft Corporation)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript 8.71 (HKLM-x32\...\GPL Ghostscript 8.71) (Version: - )
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
LINE (HKLM-x32\...\LINE) (Version: 3.9.0.172 - LINE Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-277168032-2276531388-1211162667-1000\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{F09DEB00-9F41-4BC9-BA81-9F131B12B3D5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{D4E30517-FE6F-491E-942F-AE10E1B18F38}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{B4EDAE03-DB34-4DD0-BA7E-2ED80DEA50B1}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{269A8DF6-BBDA-441F-932B-233F9B746D72}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{EC75BD20-F9CA-4E77-825F-ABD77E95BE91}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{0BF65908-D137-4A9E-B7C9-78F32F74F6FD}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{93945D16-4C3D-433E-B7E4-3D0D86B284C8}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{6F173435-3F19-4043-BA3D-A46AA8472859}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL-Sprachdienst (HKLM-x32\...\{1D812D86-D8EF-41AC-A518-BA12E1913747}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (12.0.30919.1) (HKLM-x32\...\{7CC03C58-3471-43D2-A251-EC9AE225E772}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (12.0.30919.1) (HKLM-x32\...\{BCB8A870-2B3D-4CC0-87D6-F931E065AC0C}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 für Windows Desktop - DEU (HKLM-x32\...\{31e4d2a5-b246-4c2d-a7fb-aee157c26b02}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{43341417-7882-4F34-8390-53DFD00F6C0F}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{24440413-490E-41CA-BD33-0B30FD3EBE3A}) (Version: 11.1.3366.16 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.3 - Notepad++ Team)
OneTouch 4.6 (HKLM-x32\...\{AF8B1525-17EF-4D2E-A018-8D79CE260BA8}) (Version: 4.6.1913.12093 - Visioneer Inc.)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
Private Tax 2013 1.3.0 (HKLM-x32\...\0579-4231-5684-8562) (Version: 1.3.0 - Information Factory AG)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
SAMSUNG PC Share Manager (HKLM-x32\...\InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}) (Version: 2.3.0 - SAMSUNG)
SAMSUNG PC Share Manager (x32 Version: 2.3.0 - SAMSUNG) Hidden
SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version: - )
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{B9824225-2055-4700-BCD4-64B25EC88264}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5800 - Broadcom Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Xerox TS100 Driver (HKLM-x32\...\{9B575496-A9BD-4C5E-8748-5C41ECCDA795}) (Version: 4.6.12291 - Visioneer Inc.)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-277168032-2276531388-1211162667-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-277168032-2276531388-1211162667-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-277168032-2276531388-1211162667-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-277168032-2276531388-1211162667-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-277168032-2276531388-1211162667-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
26-11-2014 06:31:05 Windows Update
05-12-2014 11:00:18 Windows Update
09-12-2014 13:00:55 Windows Update
14-12-2014 12:00:17 Windows Update
14-12-2014 12:07:16 Windows Update
17-12-2014 12:56:48 Broadcom BTW Restore Point
20-12-2014 20:05:56 Windows Update
21-12-2014 17:00:36 Windows Update
26-12-2014 14:24:50 Windows Update
31-12-2014 13:52:13 Windows Update
04-01-2015 14:32:09 Windows Update
11-01-2015 15:49:57 Windows Update
14-01-2015 12:20:06 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2306E745-2AEC-4AE9-BD8C-87ED783A11E1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {3F3CD427-C39F-4BD4-9EDD-1AC4B50C4928} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {7379CD1D-0595-44A7-B9F0-6151B560886A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-15] (Adobe Systems Incorporated)
Task: {7FBE680E-7888-4E5F-828B-01F4EC7ABB98} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BBAC9F55-973F-4131-80A7-53684DAE4B66} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {E08DE478-A196-4D59-802C-F3905254A326} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-07-11 20:41 - 2010-06-17 19:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-01-15 12:23 - 2015-01-15 12:23 - 00050477 _____ () C:\Users\User\Desktop\Defogger.exe
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-08 22:51 - 2014-10-08 22:51 - 00081056 _____ () C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.dll
2014-10-08 22:51 - 2014-10-08 22:51 - 00081056 _____ () C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL
2014-11-13 06:54 - 2014-11-13 06:54 - 00113664 _____ () C:\Program Files (x86)\Naver\LINE\PlayerHelper.dll
2014-12-18 05:14 - 2014-12-18 05:14 - 03123048 _____ () C:\Program Files (x86)\Naver\LINE\ampkit_windows.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-277168032-2276531388-1211162667-500 - Administrator - Disabled)
Gast (S-1-5-21-277168032-2276531388-1211162667-501 - Limited - Disabled)
icemanii (S-1-5-21-277168032-2276531388-1211162667-1003 - Limited - Enabled) => C:\Users\icemanii
NTWS_Admin (S-1-5-21-277168032-2276531388-1211162667-1001 - Administrator - Enabled) => C:\Users\NTWS_Admin
NTWS_Admin_Duplikat (S-1-5-21-277168032-2276531388-1211162667-1002 - Administrator - Enabled)
User (S-1-5-21-277168032-2276531388-1211162667-1000 - Administrator - Enabled) => C:\Users\User
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/15/2015 05:59:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11769729
Error: (01/15/2015 05:59:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11769729
Error: (01/15/2015 05:59:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/15/2015 02:43:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14617
Error: (01/15/2015 02:43:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14617
Error: (01/15/2015 02:43:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/15/2015 02:43:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8361
Error: (01/15/2015 02:43:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8361
Error: (01/15/2015 02:43:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/15/2015 10:06:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 645313
System errors:
=============
Error: (01/15/2015 02:30:43 PM) (Source: DCOM) (EventID: 10016) (User: CHCSEW08)
Description: AnwendungsspezifischLokalAktivierung{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}CHCSEW08UserS-1-5-21-277168032-2276531388-1211162667-1000LocalHost (unter Verwendung von LRPC)
Error: (01/15/2015 02:30:43 PM) (Source: DCOM) (EventID: 10016) (User: CHCSEW08)
Description: AnwendungsspezifischLokalAktivierung{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}CHCSEW08UserS-1-5-21-277168032-2276531388-1211162667-1000LocalHost (unter Verwendung von LRPC)
Error: (01/15/2015 00:03:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Google Update-Dienst (gupdate)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/15/2015 00:02:21 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
Error: (01/15/2015 00:01:48 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/15/2015 00:00:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (01/14/2015 08:09:57 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
Error: (01/14/2015 08:09:20 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/14/2015 08:08:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (01/14/2015 08:07:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%109
Microsoft Office Sessions:
=========================
Error: (01/15/2015 05:59:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11769729
Error: (01/15/2015 05:59:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11769729
Error: (01/15/2015 05:59:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/15/2015 02:43:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14617
Error: (01/15/2015 02:43:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14617
Error: (01/15/2015 02:43:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/15/2015 02:43:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8361
Error: (01/15/2015 02:43:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8361
Error: (01/15/2015 02:43:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/15/2015 10:06:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 645313
==================== Memory info ===========================
Processor: Genuine Intel(R) CPU U4100 @ 1.30GHz
Percentage of memory in use: 37%
Total physical RAM: 3998.91 MB
Available physical RAM: 2484.74 MB
Total Pagefile: 7996.01 MB
Available Pagefile: 5833.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:249.32 GB) (Free:164.28 GB) NTFS
Drive d: (Volume) (Fixed) (Total:253.9 GB) (Free:247.31 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 3F530E60)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=249.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=253.9 GB) - (Type=07 NTFS)
==================== End Of Log ============================ und dann GMER: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-15 18:47:38
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS727575A9E364 rev.JF4OA0D0 698.64GB
Running: fnbz45ub.exe; Driver: C:\Users\User\AppData\Local\Temp\uwldqpoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 448 fffff80002daa000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 495 fffff80002daa02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Naver\LINE\Line.exe[3512] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 0000000077b2000c 1 byte [C3]
.text C:\Program Files (x86)\Naver\LINE\Line.exe[3512] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 0000000077baf8ea 5 bytes JMP 0000000177b5d5c1
.text C:\Users\User\Desktop\Defogger.exe[6900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ca1465 2 bytes [CA, 75]
.text C:\Users\User\Desktop\Defogger.exe[6900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ca14bb 2 bytes [CA, 75]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{D3F87462-234E-4706-A1A4-6B434C6D43E3}\Connection@Name isatap.{625BCFB5-DC05-4311-9CE9-A580117D8639}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{C6A4F534-3FED-44BE-8BCA-BBC8DD3851A8}?\Device\{6444E375-C58E-43AA-B671-2F1512DE8E55}?\Device\{D3F87462-234E-4706-A1A4-6B434C6D43E3}?\Device\{EA83B2C9-76B0-4895-AF1E-C3233629D84C}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{C6A4F534-3FED-44BE-8BCA-BBC8DD3851A8}"?"{6444E375-C58E-43AA-B671-2F1512DE8E55}"?"{D3F87462-234E-4706-A1A4-6B434C6D43E3}"?"{EA83B2C9-76B0-4895-AF1E-C3233629D84C}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{C6A4F534-3FED-44BE-8BCA-BBC8DD3851A8}?\Device\TCPIP6TUNNEL_{6444E375-C58E-43AA-B671-2F1512DE8E55}?\Device\TCPIP6TUNNEL_{D3F87462-234E-4706-A1A4-6B434C6D43E3}?\Device\TCPIP6TUNNEL_{EA83B2C9-76B0-4895-AF1E-C3233629D84C}?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076a46706
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076a46706@cc909301e29e 0x58 0x82 0x47 0x84 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{D3F87462-234E-4706-A1A4-6B434C6D43E3}@InterfaceName isatap.{625BCFB5-DC05-4311-9CE9-A580117D8639}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{D3F87462-234E-4706-A1A4-6B434C6D43E3}@ReusableType 0
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076a46706 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076a46706@cc909301e29e 0x58 0x82 0x47 0x84 ...
---- EOF - GMER 2.1 ---- Danke für die Hilfe
icemannii |