Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-01-2015
Ran by StandartAdmin at 2015-01-15 16:56:14
Running from C:\Users\StandartAdmin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Eraser 6.2.0.2962 (HKLM\...\{03983F45-ED4B-4541-B00B-F31565F0756B}) (Version: 6.2.2962 - The Eraser Project)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
mystartsearch uninstall (HKLM\...\mystartsearch uninstall) (Version: - mystartsearch) <==== ATTENTION
NETGEAR A6100 Genie (HKLM\...\InstallShield_{15D27BA3-6CCD-4848-8925-07EF083492AD}) (Version: 1.0.0.12 - NETGEAR)
NETGEAR A6100 Genie (Version: 1.0.0.12 - NETGEAR) Hidden
PriceFountain (remove only) (HKU\S-1-5-21-994520407-3949958976-4116058162-1000\...\PriceFountain) (Version: 1.0.8.6 - Price Fountain)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Update for PriceFountain (HKU\S-1-5-21-994520407-3949958976-4116058162-1000\...\Price Fountain) (Version: - Update for PriceFountain) <==== ATTENTION
Wajam (HKLM\...\WaInterEnhance) (Version: 2.21.2.32 (i2.6) - WaInterEnhance) <==== ATTENTION
WinRAR 5.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
14-01-2015 15:53:06 Installiert NETGEAR A6100 Genie
14-01-2015 16:17:40 Windows Vista™ Service Pack 2
15-01-2015 15:47:56 Windows Update
15-01-2015 16:48:16 Installed Eraser 6.2.0.2962
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {9450E27A-FFB4-4A98-9801-D1C36A285EC7} - System32\Tasks\Price Fountain => C:\Users\StandartAdmin\AppData\Roaming\PriceFountain\UpdateProc\UpdateTask.exe [2015-01-15] () <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Price Fountain.job => C:\Users\STANDA~1\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2015-01-05 17:14 - 2015-01-05 17:14 - 00312320 _____ () C:\Program Files\WaInterEnhance\WaInterEnhance Internet Enhancer\InternetEnhancerService.exe
2015-01-05 17:14 - 2015-01-05 17:14 - 00083456 _____ () C:\Program Files\WaInterEnhance\WaInterEnhance Internet Enhancer\InternetEnhancer.exe
2013-07-17 11:57 - 2013-07-17 11:57 - 00094208 _____ () C:\Program Files\NETGEAR\A6100\Realtek.dll
2012-11-06 09:47 - 2012-11-06 09:47 - 00114688 _____ () C:\Program Files\NETGEAR\A6100\EnumDevLib.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: 5cd8f17f4086744065eb0992a09e05a2 => "C:\Users\StandartAdmin\AppData\Local\Temp\Trojan.exe" ..
========================= Accounts: ==========================
Administrator (S-1-5-21-994520407-3949958976-4116058162-500 - Administrator - Disabled)
Gast (S-1-5-21-994520407-3949958976-4116058162-501 - Limited - Disabled)
StandartAdmin (S-1-5-21-994520407-3949958976-4116058162-1000 - Administrator - Enabled) => C:\Users\StandartAdmin
==================== Faulty Device Manager Devices =============
Name: Standard-VGA-Grafikkarte
Description: Standard-VGA-Grafikkarte
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardgrafikkartentypen)
Service: vga
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Videocontroller
Description: Videocontroller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Serieller PCI-Anschluss
Description: Serieller PCI-Anschluss
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: ========================= Code:
Application errors:
==================
Error: (01/15/2015 04:27:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/15/2015 04:26:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung cmdshell.exe, Version 4.0.1.1615, Zeitstempel 0x54a0adf1, fehlerhaftes Modul cmdshell.exe, Version 4.0.1.1615, Zeitstempel 0x54a0adf1, Ausnahmecode 0xc0000409, Fehleroffset 0x000054cf,
Prozess-ID 0xbf0, Anwendungsstartzeit cmdshell.exe0.
Error: (01/15/2015 03:21:59 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (3552) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.
Error: (01/15/2015 03:20:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/14/2015 04:43:31 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp63800706f7
Error: (01/14/2015 04:43:31 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp63800706f7
Error: (01/14/2015 03:53:05 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {e301f154-57f8-4308-96c4-d27c73d3070b}
Error: (01/14/2015 03:46:39 PM) (Source: Windows Search Service Profile Notification) (EventID: 2) (User: )
Description: Die indizierten Daten des Windows-Suchdiensts für den Benutzer 'Home-PC\Administrator' können im Zuge der Löschung des Benutzerprofils nicht entfernt werden. Fehlercode 0x80070015.
Das Gerät ist nicht bereit.
.
Error: (01/14/2015 03:46:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (01/15/2015 04:27:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Realtek8723AU
Error: (01/15/2015 03:22:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Realtek8723AU
Error: (01/15/2015 03:20:08 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 10.0.0.3 für die Netzwerkkarte mit der Netzwerkadresse 6CB0CE0CD8E0 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).
Error: (01/14/2015 03:46:18 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
Error: (01/14/2015 03:33:14 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
Microsoft Office Sessions:
=========================
Error: (01/15/2015 04:27:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/15/2015 04:26:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: cmdshell.exe4.0.1.161554a0adf1cmdshell.exe4.0.1.161554a0adf1c0000409000054cfbf001d030d7b24b5f07
Error: (01/15/2015 03:21:59 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail3552WindowsMail0:
Error: (01/15/2015 03:20:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/14/2015 04:43:31 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp63800706f7
Error: (01/14/2015 04:43:31 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp63800706f7
Error: (01/14/2015 03:53:05 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {e301f154-57f8-4308-96c4-d27c73d3070b}
Error: (01/14/2015 03:46:39 PM) (Source: Windows Search Service Profile Notification) (EventID: 2) (User: )
Description: Home-PC\Administrator0x80070015Das Gerät ist nicht bereit.
Error: (01/14/2015 03:46:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2015-01-15 16:56:07.014
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-15 16:56:06.999
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-15 16:56:06.983
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-15 16:56:06.983
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-15 16:56:06.734
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-15 16:56:06.702
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-15 16:56:06.687
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-15 16:56:06.640
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-14 16:17:10.856
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-14 16:17:10.840
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz
Percentage of memory in use: 66%
Total physical RAM: 875.49 MB
Available physical RAM: 290.95 MB
Total Pagefile: 2015.35 MB
Available Pagefile: 1348.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1918.55 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:149.05 GB) (Free:138.05 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: B0000000)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
==================== End Of Log ============================ |