GSR-Wurm | 05.02.2015 11:43 | So, anbei alle neuen Logfiles:
MBAM: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 05.02.2015
Suchlauf-Zeit: 10:37:26
Logdatei: MBAM_Bedrohungssuchlauf_Logfile_2.txt
Administrator: Ja
Version: 2.00.4.1028
Malware Datenbank: v2015.02.05.04
Rootkit Datenbank: v2015.02.03.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: *****
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 392874
Verstrichene Zeit: 33 Min, 52 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente erkannt)
Module: 0
(Keine schädliche Elemente erkannt)
Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)
Registrierungswerte: 0
(Keine schädliche Elemente erkannt)
Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)
Ordner: 0
(Keine schädliche Elemente erkannt)
Dateien: 0
(Keine schädliche Elemente erkannt)
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end) ADWCleaner: Code:
# AdwCleaner v4.109 - Bericht erstellt am 05/02/2015 um 11:16:02
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-02-04.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : **** - ****-HP
# Gestartet von : C:\Users\****\Desktop\adwcleaner_4.109.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v35.0.1 (x86 de)
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [11571 octets] - [03/02/2015 21:34:58]
AdwCleaner[R1].txt - [1279 octets] - [03/02/2015 22:14:13]
AdwCleaner[R2].txt - [1050 octets] - [05/02/2015 11:13:56]
AdwCleaner[S0].txt - [11052 octets] - [03/02/2015 22:00:15]
AdwCleaner[S1].txt - [1367 octets] - [03/02/2015 22:16:53]
AdwCleaner[S2].txt - [973 octets] - [05/02/2015 11:16:02]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1032 octets] ########## JRT: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional x64
Ran by ***** on 05.02.2015 at 11:25:34,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
~~~ FireFox
Successfully deleted: [Folder] C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\e30q0ddg.default\smartbar
Successfully deleted the following from C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\e30q0ddg.default\prefs.js
user_pref("CT3281675.1000082.isPlayDisplay", "true");
user_pref("CT3281675.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.
user_pref("CT3281675.1000234.TWC_TMP_city", "KONSTANZ");
user_pref("CT3281675.1000234.TWC_TMP_country", "DE");
user_pref("CT3281675.1000234.TWC_country", "GERMANY");
user_pref("CT3281675.1000234.TWC_locId", "GMXX0254");
user_pref("CT3281675.1000234.TWC_location", "Konstanz, Germany");
user_pref("CT3281675.1000234.TWC_region", "DE");
user_pref("CT3281675.1000234.TWC_temp_dis", "c");
user_pref("CT3281675.1000234.TWC_wind_dis", "kmh");
user_pref("CT3281675.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3281675.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3281675.FF19Solved", "true");
user_pref("CT3281675.FirstTime", "true");
user_pref("CT3281675.FirstTimeFF3", "true");
user_pref("CT3281675.UserID", "UN22155619712977077");
user_pref("CT3281675.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT3281675.autoDisableScopes", -1);
user_pref("CT3281675.browser.search.defaultthis.engineName", true);
user_pref("CT3281675.countryCode", "DE");
user_pref("CT3281675.defaultSearch", "true");
user_pref("CT3281675.enableAlerts", "true");
user_pref("CT3281675.enableSearchFromAddressBar", "true");
user_pref("CT3281675.firstTimeDialogOpened", "true");
user_pref("CT3281675.fixPageNotFoundError", "true");
user_pref("CT3281675.fixPageNotFoundErrorByUser", "true");
user_pref("CT3281675.fixPageNotFoundErrorInHidden", "true");
user_pref("CT3281675.fixUrls", true);
user_pref("CT3281675.fullUserID", "UN22155619712977077.IN.20130729224616");
user_pref("CT3281675.homepageuserchanged", true);
user_pref("CT3281675.installDate", "29/07/2013 22:46:16");
user_pref("CT3281675.installId", "stub.exe");
user_pref("CT3281675.installSessionId", "{D151678F-D130-49FF-851D-BC0F81D18613}");
user_pref("CT3281675.installSp", "TRUE");
user_pref("CT3281675.installUsage", "2013-07-29T23:46:21.5346961+03:00");
user_pref("CT3281675.installUsageEarly", "2013-07-29T23:46:20.458303+03:00");
user_pref("CT3281675.installerVersion", "1.5.4.4");
user_pref("CT3281675.isCheckedStartAsHidden", true);
user_pref("CT3281675.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3281675.isFirstTimeToolbarLoading", "false");
user_pref("CT3281675.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT3281675.keyword", true);
user_pref("CT3281675.lastVersion", "10.16.70.5");
user_pref("CT3281675.mam_gk_calledSetupService.enc", "MQ==");
user_pref("CT3281675.mam_gk_currentVersion.enc", "MS45LjAuNA==");
user_pref("CT3281675.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
user_pref("CT3281675.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
user_pref("CT3281675.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNDZfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoi
user_pref("CT3281675.migrateAppsAndComponents", true);
user_pref("CT3281675.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.youtube.com%2F\",\"EB_MAIN_FRAME_TITLE\":\"YouTube\",\"EB_TOOLB
user_pref("CT3281675.openThankYouPage", "false");
user_pref("CT3281675.openUninstallPage", "true");
user_pref("CT3281675.originalHomepage", "google.de");
user_pref("CT3281675.originalSearchEngineName", "Google");
user_pref("CT3281675.revertSettingsEnabled", "false");
user_pref("CT3281675.search.searchAppId", "130036105453116013");
user_pref("CT3281675.search.searchCount", "0");
user_pref("CT3281675.searchFromAddressBarEnabledByUser", "true");
user_pref("CT3281675.searchInNewTabEnabledByUser", "true");
user_pref("CT3281675.searchInNewTabEnabledInHidden", "true");
user_pref("CT3281675.searchRevert", "false");
user_pref("CT3281675.searchSuggestEnabledByUser", "true");
user_pref("CT3281675.searchUserMode", "2");
user_pref("CT3281675.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3281675.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3281675.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT3281675.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3281675\"}");
user_pref("CT3281675.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://entrusted.OurToolbar.com//xpi\"}");
user_pref("CT3281675.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"entrusted\"}");
user_pref("CT3281675.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3281675.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT3281675.serviceLayer_services_Configuration_lastUpdate", "1375130781845");
user_pref("CT3281675.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1375130782697");
user_pref("CT3281675.serviceLayer_services_appsMetadata_lastUpdate", "1375130782497");
user_pref("CT3281675.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1375130782397");
user_pref("CT3281675.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1375130781853");
user_pref("CT3281675.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1375130782994");
user_pref("CT3281675.serviceLayer_services_login_10.16.70.5_lastUpdate", "1375130782705");
user_pref("CT3281675.serviceLayer_services_menu_bfd1c71334f926ecd0bf043e0f822c7e_lastUpdate", "1375130782745");
user_pref("CT3281675.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1375130782431");
user_pref("CT3281675.serviceLayer_services_searchAPI_lastUpdate", "1375130781849");
user_pref("CT3281675.serviceLayer_services_serviceMap_lastUpdate", "1375130781489");
user_pref("CT3281675.serviceLayer_services_toolbarContextMenu_lastUpdate", "1375130782469");
user_pref("CT3281675.serviceLayer_services_toolbarSettings_lastUpdate", "1375130781572");
user_pref("CT3281675.serviceLayer_services_translation_lastUpdate", "1375130782460");
user_pref("CT3281675.settingsINI", true);
user_pref("CT3281675.shouldFirstTimeDialog", "false");
user_pref("CT3281675.showToolbarPermission", "false");
user_pref("CT3281675.startPage", "true");
user_pref("CT3281675.toolbarBornServerTime", "29-7-2013");
user_pref("CT3281675.toolbarCurrentServerTime", "29-7-2013");
user_pref("CT3281675.toolbarDisabled", "true");
user_pref("CT3281675.toolbarLoginClientTime", "Mon Jul 29 2013 22:46:22 GMT+0200");
user_pref("CT3281675.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");
user_pref("CT3281675.versionFromInstaller", "10.16.70.5");
user_pref("CT3281675.xpeMode", "3");
user_pref("CT3281675_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1375130798768,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
Emptied folder: C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\e30q0ddg.default\minidumps [3416 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.02.2015 at 11:29:32,97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015
Ran by ***** (administrator) on *****-HP on 05-02-2015 11:32:50
Running from C:\Users\*****\Desktop
Loaded Profiles: ***** (Available profiles: *****)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(HP) C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Smith Micro Software, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Dropbox, Inc.) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Smith Micro Software, Inc) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Farbar) C:\Users\*****\Desktop\FRST64(1).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1691192 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-04] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-04] (ActivIdentity)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-17] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [7032320 2014-02-09] (Broadcom Corporation)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11266048 2010-01-19] (Hewlett-Packard)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2010-03-04] ()
HKLM-x32\...\Run: [HP Connection Manager.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe [1119048 2010-03-13] (Smith Micro Software, Inc)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [323128 2011-07-06] (Hewlett-Packard Company)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-1485572930-606236203-3537335217-1002\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-10] ()
HKU\S-1-5-21-1485572930-606236203-3537335217-1002\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)
HKU\S-1-5-21-1485572930-606236203-3537335217-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1485572930-606236203-3537335217-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1485572930-606236203-3537335217-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
HKU\S-1-5-21-1485572930-606236203-3537335217-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 129.143.2.1 129.143.2.4
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\e30q0ddg.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\e30q0ddg.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\e30q0ddg.default\searchplugins\google-maps.xml
FF Extension: Avira Browser Safety - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\e30q0ddg.default\Extensions\abs@avira.com [2015-02-03]
FF Extension: selectivecookiedelete - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\e30q0ddg.default\Extensions\selectivecookiedelete@siju.mathew [2014-05-09]
FF Extension: ColorZilla - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\e30q0ddg.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2013-06-12]
FF Extension: Positive Finds - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\e30q0ddg.default\Extensions\{27b7c23c-50cd-4b3c-a6c1-8e45175b2442}.xpi [2015-02-03]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\e30q0ddg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-05]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2015-01-27]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-04-07]
FF HKU\S-1-5-21-1485572930-606236203-3537335217-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\e30q0ddg.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR Profile: C:\Users\*****\AppData\Local\Google\Chrome\User Data\default
CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-25]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\*****\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-11-03]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-04] (ActivIdentity)
R2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2010-02-02] (McAfee, Inc.) [File not signed]
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462160 2010-07-16] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2009-12-07] (Hewlett-Packard Ltd)
R2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
R2 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [90112 2010-06-14] (Hewlett-Packard Company) [File not signed]
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2010-02-02] (McAfee, Inc.)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2010-01-19] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [1698360 2011-07-06] (Hewlett-Packard Company)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-02-22] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2010-03-06] (PDF Complete Inc)
R2 QDLService2kHP; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe [331000 2010-03-15] (QUALCOMM, Inc.)
R2 SMManager; C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe [82760 2010-03-13] (Smith Micro Software, Inc.)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [244736 2010-03-17] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5878272 2014-02-09] (Broadcom Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-02] (Avira Operations GmbH & Co. KG)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.)
S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 qcfilterhp2k; C:\Windows\System32\DRIVERS\qcfilterhp2k.sys [6400 2010-03-15] (QUALCOMM Incorporated)
S3 qcusbnethp2k; C:\Windows\System32\DRIVERS\qcusbnethp2k.sys [242176 2010-03-15] (QUALCOMM Incorporated)
S3 qcusbserhp2k; C:\Windows\System32\DRIVERS\qcusbserhp2k.sys [121600 2010-03-15] (QUALCOMM Incorporated)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2010-02-02] (McAfee, Inc.)
R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2010-02-02] (McAfee, Inc.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [89344 2010-01-30] (Realtek Semiconductor Corp.)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2010-02-02] ()
R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2010-02-02] (McAfee, Inc.)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2010-02-02] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2010-02-02] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2010-02-02] (McAfee, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-05 11:29 - 2015-02-05 11:29 - 00008251 _____ () C:\Users\*****\Desktop\JRT.txt
2015-02-05 11:24 - 2015-02-05 11:24 - 01388274 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2015-02-05 10:36 - 2015-02-05 11:23 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 10:36 - 2015-02-05 10:36 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-05 10:36 - 2015-02-05 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-05 10:36 - 2015-02-05 10:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-05 10:36 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-05 10:36 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-05 10:36 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-02-05 10:35 - 2015-02-05 10:35 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\*****\Desktop\mbam-setup-2.0.4.1028(1).exe
2015-02-05 08:48 - 2015-02-05 08:48 - 00032156 _____ () C:\ComboFix.txt
2015-02-05 08:15 - 2015-02-05 08:48 - 00000000 ____D () C:\Qoobox
2015-02-05 08:15 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-02-05 08:15 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-02-05 08:15 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-02-05 08:15 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-02-05 08:15 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-02-05 08:15 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-02-05 08:15 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-02-05 08:15 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-02-05 08:14 - 2015-02-05 08:44 - 00000000 ____D () C:\windows\erdnt
2015-02-05 08:11 - 2015-02-05 08:11 - 05611380 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2015-02-04 19:36 - 2015-02-01 14:19 - 00025688 _____ () C:\Users\*****\Desktop\Teamstruktur.xlsm
2015-02-04 17:57 - 2015-02-04 18:02 - 00039569 _____ () C:\Users\*****\Desktop\Addition.txt
2015-02-04 17:56 - 2015-02-05 11:33 - 00023629 _____ () C:\Users\*****\Desktop\FRST.txt
2015-02-04 17:56 - 2015-02-05 11:32 - 00000000 ____D () C:\FRST
2015-02-04 17:55 - 2015-02-04 17:55 - 02131968 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe
2015-02-04 17:55 - 2015-02-04 17:55 - 02131968 _____ (Farbar) C:\Users\*****\Desktop\FRST64(1).exe
2015-02-04 06:03 - 2015-02-04 06:05 - 00004349 _____ () C:\Users\*****\Desktop\2.txt
2015-02-03 23:22 - 2015-02-03 23:22 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-03 23:22 - 2015-02-03 23:22 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-03 23:21 - 2015-02-03 23:21 - 00000000 __SHD () C:\Users\*****\AppData\Local\EmieUserList
2015-02-03 23:21 - 2015-02-03 23:21 - 00000000 __SHD () C:\Users\*****\AppData\Local\EmieSiteList
2015-02-03 23:21 - 2015-02-03 23:21 - 00000000 __SHD () C:\Users\*****\AppData\Local\EmieBrowserModeList
2015-02-03 23:01 - 2015-02-03 23:16 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-03 23:01 - 2015-02-03 23:01 - 11225840 _____ (SurfRight B.V.) C:\Users\*****\Downloads\HitmanPro_x64.exe
2015-02-03 23:01 - 2015-02-03 23:01 - 00000000 ____D () C:\Program Files\HitmanPro
2015-02-03 22:53 - 2015-02-03 22:53 - 00001200 _____ () C:\Users\*****\Desktop\1.txt
2015-02-03 22:13 - 2015-02-03 22:13 - 02194432 _____ () C:\Users\*****\Downloads\adwcleaner_4.109(1).exe
2015-02-03 18:23 - 2015-02-05 11:16 - 00000000 ____D () C:\AdwCleaner
2015-02-03 18:22 - 2015-02-03 18:22 - 02194432 _____ () C:\Users\*****\Desktop\adwcleaner_4.109.exe
2015-02-03 18:22 - 2015-02-03 18:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-03 18:21 - 2015-02-03 18:21 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\*****\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-03 05:42 - 2015-02-03 23:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\DVDVideoSoft
2015-02-03 05:42 - 2015-02-03 05:42 - 34792128 _____ (DVDVideoSoft Ltd. ) C:\Users\*****\Downloads\FreeYouTubeToMP354Converter.exe
2015-02-03 05:40 - 2015-02-03 22:54 - 00000000 ____D () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
2015-02-03 05:40 - 2015-02-03 05:40 - 00001007 _____ () C:\Users\Public\Desktop\ClipGrab.lnk
2015-02-03 05:39 - 2015-02-03 05:39 - 16567520 _____ (Philipp Schmieder Medien ) C:\Users\*****\Downloads\clipgrab-3.4.9.exe
2015-01-28 17:20 - 2015-02-05 11:16 - 00005966 _____ () C:\windows\PFRO.log
2015-01-27 05:21 - 2015-02-03 23:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 15:08 - 2015-01-26 15:08 - 00001079 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2015-01-26 15:08 - 2015-01-26 15:08 - 00001059 _____ () C:\Users\Public\Desktop\PDF24 Fax.lnk
2015-01-26 15:08 - 2015-01-26 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-01-19 16:16 - 2015-01-19 16:16 - 00000848 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2015-01-19 16:13 - 2015-01-19 16:13 - 00000894 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-01-19 16:12 - 2015-01-19 16:13 - 00000000 ____D () C:\Program Files\GIMP 2
2015-01-19 16:11 - 2015-01-19 16:11 - 91670064 _____ (The GIMP Team ) C:\Users\*****\Downloads\gimp-2.8.14-setup.exe
2015-01-19 15:04 - 2015-01-27 18:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-01-19 13:43 - 2015-02-05 11:17 - 00002779 _____ () C:\windows\setupact.log
2015-01-19 13:43 - 2015-01-19 13:43 - 00000000 _____ () C:\windows\setuperr.log
2015-01-14 20:31 - 2015-01-15 05:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-14 09:16 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 09:16 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 09:16 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 09:16 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-14 09:16 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-14 09:16 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-14 09:16 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-14 09:16 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-14 09:16 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-14 09:16 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 09:16 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 09:16 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-14 09:16 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-13 12:39 - 2015-01-13 04:43 - 284930684 _____ () C:\Users\*****\Desktop\NeuesDesignPräsi1234.pptx
2015-01-12 16:48 - 2015-01-12 16:58 - 00121647 _____ () C:\Users\*****\Desktop\Bestandteile Aero.xlsx
2015-01-12 12:26 - 2014-08-27 18:17 - 389915516 _____ () C:\Users\*****\Desktop\MVI_8918.MOV
2015-01-12 12:24 - 2015-01-12 12:25 - 00000000 ____D () C:\Users\*****\Desktop\27-08-2014
2015-01-12 12:17 - 2015-01-12 12:19 - 00000000 ____D () C:\Users\*****\Desktop\26-08-2014
2015-01-12 12:09 - 2015-01-12 12:12 - 00000000 ____D () C:\Users\*****\Desktop\24-08-2014
2015-01-12 12:09 - 2015-01-12 12:09 - 00000000 ____D () C:\Users\*****\Desktop\23-08-2014
2015-01-12 12:00 - 2015-01-12 12:01 - 00000000 ____D () C:\Users\*****\Desktop\21-08-2014
2015-01-12 12:00 - 2015-01-12 12:00 - 00000000 ____D () C:\Users\*****\Desktop\22-08-2014
2015-01-11 22:09 - 2015-01-07 18:24 - 01740519 _____ () C:\Users\*****\Desktop\GTS 07.01.14.pptx
2015-01-11 22:08 - 2015-01-10 14:18 - 00070713 _____ () C:\Users\*****\Desktop\Konfliktlösung.pptx
2015-01-08 18:51 - 2014-11-12 00:12 - 00012842 _____ () C:\Users\*****\Desktop\Teamaufteilung_Reglement_QuizNeu.xlsx
2015-01-07 18:16 - 2015-01-07 18:08 - 04280721 _____ () C:\Users\*****\Desktop\150107GTS.pptx
2015-01-07 15:53 - 2015-01-07 16:05 - 00000000 ____D () C:\Users\*****\Desktop\Skifahren
2015-01-07 14:24 - 2015-01-06 21:01 - 01557022 _____ () C:\Users\*****\Desktop\150107_GTS_Marketing.pptx
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-05 11:28 - 2013-03-04 18:06 - 01683527 _____ () C:\windows\WindowsUpdate.log
2015-02-05 11:28 - 2009-07-14 05:45 - 00025424 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-05 11:28 - 2009-07-14 05:45 - 00025424 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 11:24 - 2010-09-12 21:06 - 00701576 _____ () C:\windows\system32\perfh007.dat
2015-02-05 11:24 - 2010-09-12 21:06 - 00150444 _____ () C:\windows\system32\perfc007.dat
2015-02-05 11:24 - 2009-07-14 06:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-05 11:21 - 2014-11-04 16:40 - 00000000 ___RD () C:\Users\*****\Dropbox
2015-02-05 11:21 - 2014-11-04 16:39 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Dropbox
2015-02-05 11:18 - 2010-09-12 21:05 - 00000000 ____D () C:\ProgramData\HPQLOG
2015-02-05 11:17 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-05 10:46 - 2013-03-29 13:15 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-05 08:48 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-05 08:34 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2015-02-04 23:07 - 2013-10-30 21:32 - 00000000 ____D () C:\Users\*****\Documents\TmForever
2015-02-04 05:01 - 2012-10-13 17:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-03 22:54 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system
2015-02-03 22:07 - 2014-12-16 12:40 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-02-03 22:07 - 2014-12-16 12:39 - 00005802 _____ () C:\windows\SysWOW64\Avira_1_Id.Avira.OE.Setup.Msi.log
2015-02-03 22:07 - 2014-08-16 05:32 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-03 22:07 - 2013-05-10 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-03 22:06 - 2012-10-11 23:03 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-03 21:55 - 2012-01-17 18:26 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2015-02-03 05:40 - 2011-11-08 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab
2015-02-03 05:40 - 2011-11-08 15:39 - 00000000 ____D () C:\Program Files (x86)\ClipGrab
2015-02-02 08:05 - 2010-09-12 21:05 - 00000000 ____D () C:\ProgramData\PDFC
2015-02-02 08:03 - 2014-10-12 14:17 - 00000340 _____ () C:\windows\Tasks\HPCeeScheduleFor*****.job
2015-02-01 22:50 - 2014-10-12 14:17 - 00003198 _____ () C:\windows\System32\Tasks\HPCeeScheduleFor*****
2015-02-01 22:50 - 2011-11-03 13:32 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2015-02-01 22:49 - 2012-02-07 14:59 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-27 06:02 - 2011-10-10 23:10 - 00000000 ___RD () C:\Users\*****\Virtual Machines
2015-01-26 15:08 - 2012-11-10 13:26 - 00000000 ____D () C:\Program Files (x86)\PDF24
2015-01-25 22:46 - 2013-03-29 13:15 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 22:46 - 2012-05-24 13:13 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 22:46 - 2011-10-12 17:15 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-21 11:37 - 2012-01-23 12:32 - 00000000 ____D () C:\Users\*****\Desktop\Database
2015-01-19 16:24 - 2014-06-25 11:05 - 00000000 ____D () C:\Users\*****\AppData\Local\gtk-2.0
2015-01-19 16:24 - 2014-06-25 11:03 - 00000000 ____D () C:\Users\*****\.gimp-2.8
2015-01-15 23:37 - 2014-02-27 23:24 - 01598708 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-01-07 15:03 - 2011-10-26 09:13 - 00000000 ____D () C:\Users\*****\AppData\Local\Thunderbird
==================== Files in the root of some directories =======
2012-10-18 18:24 - 2012-10-18 18:24 - 0003584 _____ () C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-19 16:16 - 2015-01-19 16:16 - 0000848 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2011-10-11 12:03 - 2011-10-11 12:03 - 0017408 _____ () C:\Users\*****\AppData\Local\WebpageIcons.db
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\avgnt.exe
C:\Users\*****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnxfbdx.dll
C:\Users\*****\AppData\Local\Temp\HitmanPro.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-26 14:28
==================== End Of Log ============================ --- --- ---
--- --- ---
--- --- ---
--- --- ---
Addition .txt: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015
Ran by ***** at 2015-02-05 11:33:53
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ActivClient x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
AuthenTec TrueAPI (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bodenseeschifferpatent A + D (HKLM-x32\...\{E61CBD08-7BEE-4C54-AF44-D129874232F4}) (Version: 2.4.1.0 - Manuel Frey)
Broadcom 2070 Bluetooth 2.1 + EDR (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
ClipGrab 3.4.9 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - Philipp Schmieder Medien)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
Command & Conquer(TM) Generäle (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command & Conquer(TM) Generäle (x32 Version: 0.50.0000 - Electronic Arts) Hidden
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.1.6 - Hewlett-Packard)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Drive Encryption for HP ProtectTools (HKLM-x32\...\Drive Encryption) (Version: 5.0.6.0 - Hewlett-Packard)
Drive Encryption for HP ProtectTools (Version: 5.0.6.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-1485572930-606236203-3537335217-1002\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 5.0.1.3 - Hewlett-Packard)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{8F258628-2E18-4C2E-8127-EF4EFAF5F75C}) (Version: 4.1.10.1 - Hewlett-Packard Company)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Connection Manager (HKLM-x32\...\{DE637160-7A1C-4F73-B1AB-4300AE2C2DDE}) (Version: 3.1.3 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{4054365C-8CD6-4F08-A2F9-44CADFD7A9D0}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{B1FE3DA1-15C1-4AEB-85A6-883F8C4AFD42}) (Version: 2.0.2.1 - Hewlett-Packard Company)
HP HotKey Support (HKLM\...\{91265FED-244B-4DAF-A8E5-EA386209169C}) (Version: 4.0.20.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{3C33FD2E-6B21-4CD3-B41A-A7331D467617}) (Version: 1.0.6.0 - Hewlett-Packard)
HP Power Data (HKLM\...\{42DBA167-C25D-49CE-BBAF-DEC25E737DA8}) (Version: 1.0.21.158 - Hewlett-Packard)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 5.13.766 - Hewlett-Packard Company)
HP QuickLook (HKLM\...\{E6BEE2A9-04CF-42FF-B95B-BB70FAD2DC3E}) (Version: 3.3.1.4 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{7861911B-4270-498A-8F7A-FCF0570F4877}) (Version: 1.0.1.62 - DeviceVM, Inc.)
HP Setup (HKLM-x32\...\{96AC1B0B-02D1-4FAA-9C1E-C92ECA74921A}) (Version: 8.2.4130.3367 - Hewlett-Packard Company)
HP SimplePass 2012 (HKLM-x32\...\{423FBEB8-21C6-4720-A8DA-B19B06FDB607}) (Version: 5.3.1.7 - Hewlett-Packard)
HP SoftPaq Download Manager (HKLM-x32\...\{2DA697D7-FED3-4DE2-A174-92A2A12F9688}) (Version: 3.0.5.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{18F4179A-385F-40EE-AE2D-FA0E1BE62753}) (Version: 4.5.12.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{04801E42-B1A6-4C52-9F3D-CADB5A050433}) (Version: 7.0.1.6 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.26.3 - Roxio)
HP Webcam Driver (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.1.7600.0028 - Realtek Semiconductor Corp.)
HP Wireless Assistant (HKLM\...\{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}) (Version: 4.0.6.0 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6275.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.3 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2509 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Card Security for HP ProtectTools (HKLM\...\{F4477CC0-7293-414A-93BC-20EE897A80F0}) (Version: 5.0.4.1 - Hewlett-Packard)
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
LightScribe System Software (HKLM-x32\...\{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}) (Version: 1.18.12.1 - LightScribe)
Liquid War 5.6.4 (HKLM-x32\...\Liquid_War_5) (Version: - )
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Age of Empires II Trial Version (HKLM-x32\...\Age of Empires II Trial) (Version: - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Halo (HKLM-x32\...\Halo) (Version: - Microsoft)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-1485572930-606236203-3537335217-1002\...\MyFreeCodec) (Version: - )
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.117 - PDF Complete, Inc)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
pptPlex from Microsoft Office Labs (HKLM-x32\...\{4FCAA65E-086D-4D49-A292-A5E764667263}) (Version: 1.1.3.4 - Microsoft Office Labs)
Privacy Manager for HP ProtectTools (HKLM\...\{04255D34-6C6D-4F63-A218-EE8FD2D13AF0}) (Version: 5.10.796 - Hewlett-Packard)
Qualcomm Gobi 2000 Package for HP (HKLM-x32\...\{46DD6CB5-C129-40A5-9427-2E67A400888E}) (Version: 1.1.130 - QUALCOMM)
RICOH Media Driver (HKLM-x32\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.14.00.05 - RICOH)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SopCast 3.5.0 (HKLM-x32\...\SopCast) (Version: 3.5.0 - www.sopcast.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.10.0 - Synaptics Incorporated)
Theft Recovery (HKLM-x32\...\InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}) (Version: 5.1.0.21 - Hewlett-Packard)
Theft Recovery (x32 Version: 5.1.0.21 - Hewlett-Packard) Hidden
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version: - Nadeo)
Validity Fingerprint Driver (HKLM\...\{DD966CEF-5EA9-4BA2-B210-490FEBC27EA7}) (Version: 4.0.15.0 - Validity Sensors, Inc.)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 2.10.1.1735 - 1&1 Mail & Media GmbH)
Windows 7 Default Setting (HKLM-x32\...\{5BF8E079-D6E2-4323-B794-75152371122A}) (Version: 1.0.1.6 - Hewlett-Packard Company)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414) (HKLM\...\7E38E30BB92ED94B21CF062A7386554CBA991FEB) (Version: 12/16/2009 6.2.0.9414 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Winmail Opener 1.4 (HKLM-x32\...\Winmail Opener) (Version: 1.4 - Eolsoft)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9055 - WinZip Computing, S.L. )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1485572930-606236203-3537335217-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1485572930-606236203-3537335217-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1485572930-606236203-3537335217-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1485572930-606236203-3537335217-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1485572930-606236203-3537335217-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1485572930-606236203-3537335217-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1485572930-606236203-3537335217-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1485572930-606236203-3537335217-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1485572930-606236203-3537335217-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
18-12-2014 23:20:09 Windows Update
04-01-2015 13:52:38 Geplanter Prüfpunkt
14-01-2015 15:59:53 Windows Update
15-01-2015 23:32:15 Windows Update
26-01-2015 14:36:07 Geplanter Prüfpunkt
05-02-2015 08:15:17 ComboFix created restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-02-05 08:30 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {06B604F5-DCA9-41B4-AB92-560EAA8F1A9F} - System32\Tasks\{8EFE7386-75FE-4E50-B822-A2C460FA235A} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.115/de/abandoninstall?page=tsProgressBar
Task: {0F8DD2FE-511A-4AF5-A041-44A99677B5F8} - System32\Tasks\HPCeeScheduleFor***** => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {39878197-C636-49D7-9036-363347C9B333} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {3BD0B620-A80F-4D42-813A-79D2AE94BC1D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {6A04644B-FC20-4A41-9680-2259F8446DCF} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9F2B393F-8981-4CB3-8854-6EF901230C1A} - System32\Tasks\{B808F39D-FB21-4931-BDFD-5E0EE708F3E9} => pcalua.exe -a "C:\Users\*****\Downloads\lw564(1).exe" -d "C:\Users\*****\Downloads"
Task: {A3210406-687A-43CB-9096-55733FC8E470} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {D785821D-93E1-4311-8AFF-CE7837A23DF8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {DC61F5FA-DB14-4152-93E8-82FFB407DB20} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {E231F5D1-1B27-43A9-9D26-C03093CA3007} - System32\Tasks\{6D986F0C-72A1-42F9-9287-B3BCDAD237AB} => pcalua.exe -a "C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myinx.exe" -c /Script=C:\Program Files (x86)\McAfee\Managed VirusScan\Firewall\mvsFirewall.Inx /Section=DefaultUninstall
Task: {F67026EB-6274-4041-9AF6-846060BD7CAA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\HPCeeScheduleFor*****.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2010-04-20 07:10 - 2010-04-20 07:10 - 00100352 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2010-04-05 19:15 - 2010-04-05 19:15 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll
2010-04-05 19:15 - 2010-04-05 19:15 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HPCommon.XmlSerializers.dll
2010-04-05 19:15 - 2010-04-05 19:15 - 00055352 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll
2013-08-25 14:41 - 2013-08-25 14:41 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-04-05 19:12 - 2010-04-05 19:12 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2010-03-13 03:27 - 2010-03-13 03:27 - 00168280 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMBIOSController.dll
2010-02-22 19:19 - 2010-02-22 19:19 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-02-22 19:19 - 2010-02-22 19:19 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-02-22 19:19 - 2010-02-22 19:19 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-05 11:20 - 2015-02-05 11:20 - 00043008 _____ () c:\users\me062~1.wur\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnxfbdx.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2010-03-13 03:25 - 2010-03-13 03:25 - 00602624 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.UI.ViewModel.dll
2010-03-13 03:25 - 2010-03-13 03:25 - 00355328 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Application.dll
2010-03-13 03:24 - 2010-03-13 03:24 - 00130048 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP.ShinyNoire.UI.dll
2010-03-13 03:27 - 2010-03-13 03:27 - 00136040 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.SharedUI.WPF.dll
2010-03-13 03:24 - 2010-03-13 03:24 - 00015360 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Resources.WPF.dll
2010-03-13 03:24 - 2010-03-13 03:24 - 00014848 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\de\SmithMicro.Resources.WPF.resources.dll
2010-03-13 03:24 - 2010-03-13 03:24 - 01601536 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\en-US\HP.ShinyNoire.UI.resources.dll
2010-03-13 03:26 - 2010-03-13 03:26 - 00311296 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\de\SmithMicro.SharedUI.WPF.resources.dll
2010-03-13 03:24 - 2010-03-13 03:24 - 00483328 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\en-US\SmithMicro.Resources.WPF.resources.dll
2010-03-13 03:25 - 2010-03-13 03:25 - 00059904 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.UI.Models.dll
2010-03-13 03:26 - 2010-03-13 03:26 - 00195584 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.WwanDiagnostics.dll
2010-03-13 03:24 - 2010-03-13 03:24 - 00573440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Message.XmlSerializers.dll
2010-03-13 03:25 - 2010-03-13 03:25 - 00045056 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Application.XmlSerializers.dll
2010-03-13 03:25 - 2010-03-13 03:25 - 00005120 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\de\SmithMicro.Application.resources.dll
2010-03-13 03:25 - 2010-03-13 03:25 - 00015872 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\de\SmithMicro.UI.ViewModel.resources.dll
2010-02-10 02:58 - 2010-02-10 02:58 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-02-10 02:58 - 2010-02-10 02:58 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-02-10 02:58 - 2010-02-10 02:58 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2010-02-10 02:58 - 2010-02-10 02:58 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2010-02-10 02:58 - 2010-02-10 02:58 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2010-02-10 02:58 - 2010-02-10 02:58 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2010-02-10 02:58 - 2010-02-10 02:58 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2010-02-10 02:58 - 2010-02-10 02:58 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: HP Connection Manager.exe => "C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe"
MSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-1485572930-606236203-3537335217-500 - Administrator - Disabled)
Gast (S-1-5-21-1485572930-606236203-3537335217-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1485572930-606236203-3537335217-1006 - Limited - Enabled)
***** (S-1-5-21-1485572930-606236203-3537335217-1002 - Administrator - Enabled) => C:\Users\*****
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-02-05 08:24:59.602
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-02-05 08:24:59.384
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-22 16:29:28.777
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-22 16:29:28.777
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-22 16:29:28.777
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-22 16:29:28.767
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-22 16:29:28.757
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-22 16:29:28.757
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-22 12:01:41.627
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-22 12:01:41.617
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 29%
Total physical RAM: 7983.43 MB
Available physical RAM: 5649.43 MB
Total Pagefile: 15965.04 MB
Available Pagefile: 12789.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:280.79 GB) (Free:98.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.48 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 8C949010)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=280.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)
==================== End Of Log ============================ Vielen Dank dass du dich so bemühst! Für mich sind das alles nur irgendwelche Zahlen/Buchstaben-Kombinationen ^^
Habe gerade mal noch ein bisschen rumgegoogelt - scheint als ob keine Werbung mehr angezeigt wird.
Haben wir's geschafft?
EDIT: Wohl nicht - Positive Finds läuft immer noch! |