| |
| |||||||
Alles rund um Windows: CPU Auslastung 100 % dank svchost.exe (localsystemnetworkrestricted)Windows 7 Hilfe zu allen Windows-Betriebssystemen: Windows XP, Windows Vista, Windows 7, Windows 8(.1) und Windows 10 / Windows 11- als auch zu sämtlicher Windows-Software. Alles zu Windows 10 ist auch gerne willkommen. Bitte benenne etwaige Fehler oder Bluescreens unter Windows mit dem Wortlaut der Fehlermeldung und Fehlercode. Erste Schritte für Hilfe unter Windows. |
 |
03.04.2014, 16:31
| #1 |
| |  Problem: CPU Auslastung 100 % dank svchost.exe (localsystemnetworkrestricted) Hallo Liebe Boardler und Boardlerinnen Folgendes: Ich hatte bereits vor ein paar Monaten wahrscheinlich dasselbe Problem und damals hat sich's dann nach ein paar Tagen von alleine gelöst. Nun ist's seit der "totalüberlastung" meines PC's jedoch bereits 2 Wochen her- ohne jegliche Veränderung: Mein Problem: Wie der Titel schon sagt. Gemäss Taskmanager und CPU-Board frisst mir der svchost.exe #localsystemnetworkrestricted# praktisch der ganze Arbeitsspeicher. Jegliches arbeiten ist unmöglich geworden. Dachte an automatische Updates im Hintergrund. Jedoch sind diese manuell eingestellt. Sobald ich in's Internet gehe und zb. eine Logfile erstellen will ist bereits ende Gelände. Ich versuch jedoch noch eine reinzustellen wenn ich Zuhause bin. Ich habe bereits der Antivir reinstalliert da ich zuerst an ein solches Probolem dachte. Ich habe des weiteren die zwei PID-Nummern der "meistfressenden" ausgewertet. Siehe untenstehendes Foto. Leider versteh ich nicht sonderlich viel davon. Gestern habe ich zudem der PC #ist übrigends Windows 7# im abgespeicherten modus gestartet und dann auf ein früheres Datum zurückgesetzt. Jedoch auch dies hat nichts gebracht... Nun weiss ich echt nicht mehr weiter was das Problem sein könnte und wie ich es beheben kann. Danke für eure Hilfe. |
|
03.04.2014, 17:57
| #2 |
   | CPU Auslastung 100 % dank svchost.exe (localsystemnetworkrestricted) Anleitung / Hilfe Hallo Fuselj und
__________________ ,dieser Systemprozess wird bei so vielen Dingen verwendet, dass hier auch der Verdacht auf Malware sicherlich nicht von der Hand zu weisen ist: Vielleicht solltest du mal hier einen neuen Thread erstellen: http://www.trojaner-board.de/newthre...=newthread&f=8 Ein Experte wird sich der Sache annehmen - bitte etwas Geduld! (Das Problem mit den Updates im Hintergrund betraf eigentlich nur Win XP.....) Zwar kenne ich auch noch einige andere Gründe für dieses Verhalten (virtuelle Maschinen, TuningTools etc.) - aber irgendwo müssen wir ja schließlich anfangen, nicht wahr? Liebe Grüße, Alois
__________________ |
|
03.04.2014, 22:46
| #3 |
| | CPU Auslastung 100 % dank svchost.exe (localsystemnetworkrestricted) Details HiJackthis Logfile:
__________________Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 00:43:27, on 04.04.2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.16518) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Users\Tamara Rüfenacht\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Users\Tamara Rüfenacht\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86SHOPBS\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Schweiz : Hotmail, Outlook, Skype download, Unterhaltung, Nachrichten, Sport, Lifestyle, Auto und mehr bei MSN CH R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Avira SearchFree Toolbar BHO - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" (file missing) O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: Movies Toolbar (Dist. by Koyote-Lab, Inc.) - {e5d4f4fd-a039-4670-8354-633c30a5f54e} - C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll (file missing) O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O2 - BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\bh\Softonic.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" (file missing) O3 - Toolbar: Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\SoftonicTlbr.dll O3 - Toolbar: Movies Toolbar (Dist. by Koyote-Lab, Inc.) - {e5d4f4fd-a039-4670-8354-633c30a5f54e} - C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll (file missing) O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" O4 - HKLM\..\Run: [Magic Desktop for HP notification] "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Tamara Rüfenacht\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm O9 - Extra 'Tools' menuitem: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~3\Wincert\WIN32C~1.DLL C:\PROGRA~2\MOVIES~1\Datamngr\mgrldr.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Browser-Schutz (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe O23 - Service: Ask Aktualisierungsdienst (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bluetooth Device Manager - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe O23 - Service: Bluetooth Media Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\audiosrv.exe O23 - Service: Bluetooth OBEX Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\obexsrv.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Datamngr Coordinator (DatamngrCoordinator2) - Koyote-Lab Inc. - C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: Torch Crash Handler (TorchCrashHandler) - TorchMedia Inc. - C:\Users\Tamara Rüfenacht\AppData\Local\Torch\Update\TorchCrashHandler.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 17914 Bytes |
|
04.04.2014, 06:58
| #4 |
 | Lösung: CPU Auslastung 100 % dank svchost.exe (localsystemnetworkrestricted) http://www.trojaner-board.de/95174-b...es-posten.html http://www.trojaner-board.de/plagege...uncements.html
__________________ PC Betriebssystem: Microsoft Windows 8.1 Smartphone: Hardware: iPhone 5s | Betriebssystem: iOS 8.2 |
|
04.04.2014, 08:08
| #5 |
| | Wie CPU Auslastung 100 % dank svchost.exe (localsystemnetworkrestricted) Sorry, ein anderer User hat mich in diese "Gruppe" geschickt und ich dachte das ohne Logfile ihr damit nichts anfangen könnt. |
|
04.04.2014, 08:37
| #6 |
| | Wo CPU Auslastung 100 % dank svchost.exe (localsystemnetworkrestricted) Lösung! Ohne Logfiles stimmt. Aber nicht Hijackthis. Ich habe dir noch einen zweiten Thread verlinkt, wo alles drinsteht was die Experten hier brauchen.
__________________ --> CPU Auslastung 100 % dank svchost.exe (localsystemnetworkrestricted) |
|
05.04.2014, 14:52
| #7 |
| | CPU Auslastung 100 % dank svchost.exe (localsystemnetworkrestricted) defogger_disable by jpshortstuff (23.02.10.1) Log created at 14:07 on 05/04/2014 (Tamara Rüfenacht) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Tamara Rüfenacht (administrator) on TAMARARÜFENACHT on 05-04-2014 14:14:05
Running from C:\Users\Tamara Rüfenacht\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8JCTN60F
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Koyote-Lab Inc.) C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Koyote-Lab Inc.) C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Spotify Ltd) C:\Users\Tamara Rüfenacht\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Koyote-Lab Inc.) C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
(Spotify Ltd) C:\Users\Tamara Rüfenacht\AppData\Roaming\Spotify\spotify.exe
() C:\Users\Tamara Rüfenacht\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Tamara Rüfenacht\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Tamara Rüfenacht\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Tamara Rüfenacht\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Tamara Rüfenacht\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-28] (Synaptics Incorporated)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files\Motorola\Bluetooth\btmshell.dll [24783624 2010-06-10] (Motorola, Inc.)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-01-20] ()
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-06-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-06-02] (EasyBits Software AS)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-13] (APN)
HKLM-x32\...\Run: [Magic Desktop for HP notification] - C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-09] (Easybits)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-25] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\.DEFAULT\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-06-16] (Hewlett-Packard Company)
HKU\S-1-5-21-2217572849-2402792806-1408688010-1001\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\S-1-5-21-2217572849-2402792806-1408688010-1001\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-06-16] (Hewlett-Packard Company)
HKU\S-1-5-21-2217572849-2402792806-1408688010-1001\...\Run: [Spotify Web Helper] - C:\Users\Tamara Rüfenacht\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-19] (Spotify Ltd)
HKU\S-1-5-21-2217572849-2402792806-1408688010-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2217572849-2402792806-1408688010-1001\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2217572849-2402792806-1408688010-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2217572849-2402792806-1408688010-1001\...\Policies\system: [DisableChangePassword] 0
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\ProgramData\Wincert\win64cert.dll [8704 2013-11-04] ()
AppInit_DLLs: c:\progra~2\movies~1\datamngr\x64\mgrldr.dll => C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\mgrldr.dll [23560 2014-02-05] ()
AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL => C:\ProgramData\Wincert\win32cert.dll [7168 2013-11-04] ()
AppInit_DLLs-x32: C:\PROGRA~2\MOVIES~1\Datamngr\mgrldr.dll => C:\Program Files (x86)\Movies Toolbar\Datamngr\mgrldr.dll [19976 2014-02-05] ()
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll [486408 2014-02-05] () <===== ATTENTION
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll [658952 2014-02-05] () <===== ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/12
URLSearchHook: HKCU - (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {133AADA3-61A3-4E17-BB88-E09B94D3259D} URL = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=135&systemid=414&v=a11465-187&apn_uid=1323213045604580&apn_dtid=BND414&o=APN10649&apn_ptnrs=AGA&q={searchTerms}
SearchScopes: HKLM - {F04DC1F9-9705-45AE-B882-227DDCCFDC36} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {133AADA3-61A3-4E17-BB88-E09B94D3259D} URL = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=135&systemid=414&v=a11465-187&apn_uid=1323213045604580&apn_dtid=BND414&o=APN10649&apn_ptnrs=AGA&q={searchTerms}
SearchScopes: HKLM-x32 - {F04DC1F9-9705-45AE-B882-227DDCCFDC36} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - DefaultScope Software\Microsoft\Internet Explorer\SearchScopes URL =
SearchScopes: HKCU - {133AADA3-61A3-4E17-BB88-E09B94D3259D} URL = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=135&systemid=414&v=a11465-187&apn_uid=1323213045604580&apn_dtid=BND414&o=APN10649&apn_ptnrs=AGA&q={searchTerms}
SearchScopes: HKCU - {F04DC1F9-9705-45AE-B882-227DDCCFDC36} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Movies Toolbar (Dist. by Koyote-Lab, Inc.) - {e5d4f4fd-a039-4670-8354-633c30a5f54e} - C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll No File
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\bh\Softonic.dll (Softonic.com)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\SoftonicTlbr.dll (Softonic.com)
Toolbar: HKLM-x32 - Movies Toolbar (Dist. by Koyote-Lab, Inc.) - {e5d4f4fd-a039-4670-8354-633c30a5f54e} - C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2010-08-17] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Tamara Rüfenacht\AppData\Roaming\Mozilla\Firefox\Profiles\1woupn5x.default
FF user.js: detected! => C:\Users\Tamara Rüfenacht\AppData\Roaming\Mozilla\Firefox\Profiles\1woupn5x.default\user.js
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: https://www.google.ch/
FF Keyword.URL: hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=135&systemid=414&v=a11465-187&apn_dtid=BND414&apn_ptnrs=AGA&apn_uid=1323213045604580&o=APN10649&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rim.com/npappworld - C:\Program Files (x86)\Research In Motion Limited\Browser-Plug-In für BlackBerry App World\npappworld.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
FF Extension: No Name - C:\Users\Tamara Rüfenacht\AppData\Roaming\Mozilla\Firefox\Profiles\1woupn5x.default\Extensions\{B08F8994-AC71-AB07-5E09-CB39FD50DF38} [2014-02-11]
FF Extension: No Name - C:\Users\Tamara Rüfenacht\AppData\Roaming\Mozilla\Firefox\Profiles\1woupn5x.default\Extensions\{e5d4f4fd-a039-4670-8354-633c30a5f54e} [2013-12-05]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-01-14]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011-05-08]
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011-05-08]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-01-14]
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Softonic Chrome Toolbar) - C:\Users\Tamara Rüfenacht\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf [2013-11-24]
CHR HKLM-x32\...\Chrome\Extension: [elchiiiejkobdbblfejjkbphbddgmljf] - C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\Softonic.crx [2013-06-11]
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)
R2 DatamngrCoordinator2; C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [3449864 2014-02-05] (Koyote-Lab Inc.)
S2 TorchCrashHandler; C:\Users\Tamara Rüfenacht\AppData\Local\Torch\Update\TorchCrashHandler.exe [1213960 2013-11-26] (TorchMedia Inc.)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-09-30] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-17] (Avira Operations GmbH & Co. KG)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2013-03-15] (Research In Motion Limited)
S3 cpuz136; \??\C:\Users\TAMARA~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-05 14:14 - 2014-04-05 14:14 - 00000000 ____D () C:\FRST
2014-04-05 14:06 - 2014-04-05 14:08 - 00000266 _____ () C:\Users\Tamara Rüfenacht\Desktop\defogger_enable.log
2014-04-05 14:06 - 2014-04-05 14:07 - 00000494 _____ () C:\Users\Tamara Rüfenacht\Desktop\defogger_disable.log
2014-04-04 00:45 - 2014-04-04 00:45 - 00017916 _____ () C:\Users\Tamara Rüfenacht\Desktop\hijackthis.log
2014-04-02 23:29 - 2014-04-02 23:38 - 00000376 _____ () C:\Windows\Tasks\HPCeeScheduleForTamara Rüfenacht.job
2014-04-02 23:29 - 2014-04-02 23:29 - 00003252 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTamara Rüfenacht
2014-03-29 00:31 - 2014-03-29 00:31 - 00000000 ____D () C:\Users\Jeremias\AppData\Roaming\Avira
2014-03-28 22:22 - 2014-03-28 22:22 - 00000000 ____D () C:\Users\Tamara Rüfenacht\AppData\Roaming\Avira
2014-03-28 21:57 - 2014-03-28 21:57 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-26 22:10 - 2014-03-28 22:35 - 00078600 _____ () C:\Users\Tamara Rüfenacht\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-23 23:21 - 2014-04-02 22:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-23 23:21 - 2014-03-23 23:21 - 00000000 ____D () C:\Users\Tamara Rüfenacht\AppData\Local\Microsoft Help
2014-03-20 00:43 - 2014-04-02 22:15 - 00000000 ____D () C:\6973ab2b119b2908f3e3
2014-03-09 12:23 - 2014-04-05 12:54 - 00000728 _____ () C:\Windows\setupact.log
2014-03-09 12:23 - 2014-03-09 12:24 - 04936160 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-09 12:23 - 2014-03-09 12:23 - 00000000 _____ () C:\Windows\setuperr.log
==================== One Month Modified Files and Folders =======
2014-04-05 15:01 - 2012-03-16 20:57 - 00007603 _____ () C:\Users\Tamara Rüfenacht\AppData\Local\Resmon.ResmonCfg
2014-04-05 14:38 - 2011-04-02 17:08 - 00001130 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-05 14:36 - 2012-11-15 12:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-05 14:14 - 2014-04-05 14:14 - 00000000 ____D () C:\FRST
2014-04-05 14:13 - 2014-03-04 19:33 - 00000000 ____D () C:\ProgramData\Datamngr
2014-04-05 14:08 - 2014-04-05 14:06 - 00000266 _____ () C:\Users\Tamara Rüfenacht\Desktop\defogger_enable.log
2014-04-05 14:08 - 2013-01-16 21:00 - 00000000 ____D () C:\Users\Tamara Rüfenacht\AppData\Roaming\Spotify
2014-04-05 14:08 - 2011-01-14 08:56 - 00000000 ____D () C:\Users\Tamara Rüfenacht
2014-04-05 14:07 - 2014-04-05 14:06 - 00000494 _____ () C:\Users\Tamara Rüfenacht\Desktop\defogger_disable.log
2014-04-05 12:54 - 2014-03-09 12:23 - 00000728 _____ () C:\Windows\setupact.log
2014-04-05 12:53 - 2013-01-16 21:00 - 00000000 ____D () C:\Users\Tamara Rüfenacht\AppData\Local\Spotify
2014-04-05 12:42 - 2009-07-14 06:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-05 12:42 - 2009-07-14 06:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-05 12:38 - 2012-10-31 21:41 - 01214753 _____ () C:\Windows\WindowsUpdate.log
2014-04-05 12:35 - 2011-04-02 17:08 - 00001126 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-05 12:34 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-04 20:36 - 2012-11-15 12:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-04 20:36 - 2012-11-15 12:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-04 20:36 - 2011-10-15 18:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-04 00:45 - 2014-04-04 00:45 - 00017916 _____ () C:\Users\Tamara Rüfenacht\Desktop\hijackthis.log
2014-04-04 00:42 - 2010-08-17 14:31 - 00702398 _____ () C:\Windows\system32\perfh007.dat
2014-04-04 00:42 - 2010-08-17 14:31 - 00151228 _____ () C:\Windows\system32\perfc007.dat
2014-04-04 00:42 - 2009-07-14 07:13 - 01629044 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-02 23:38 - 2014-04-02 23:29 - 00000376 _____ () C:\Windows\Tasks\HPCeeScheduleForTamara Rüfenacht.job
2014-04-02 23:38 - 2013-03-15 16:55 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-02 23:38 - 2013-03-15 16:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-02 23:29 - 2014-04-02 23:29 - 00003252 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTamara Rüfenacht
2014-04-02 23:29 - 2012-03-05 10:49 - 00000000 ____D () C:\Users\Jeremias
2014-04-02 23:29 - 2011-01-16 22:11 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-04-02 23:28 - 2011-11-08 21:08 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-02 23:23 - 2011-01-14 21:30 - 00000000 ____D () C:\Users\Tamara Rüfenacht\AppData\Roaming\HpUpdate
2014-04-02 22:15 - 2014-03-23 23:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-02 22:15 - 2014-03-20 00:43 - 00000000 ____D () C:\6973ab2b119b2908f3e3
2014-04-02 22:15 - 2014-02-15 16:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-02 22:15 - 2013-10-15 21:29 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-04-02 22:15 - 2013-10-13 21:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-02 22:15 - 2011-10-15 18:49 - 00000000 ____D () C:\Windows\system32\Macromed
2014-04-02 22:15 - 2010-09-16 01:54 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-04-02 22:15 - 2010-08-17 06:48 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-04-02 22:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-04-02 22:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-04-02 22:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-04-02 22:13 - 2013-10-15 21:26 - 00000000 ____D () C:\ProgramData\Avira
2014-04-02 22:13 - 2011-08-25 19:12 - 00000000 ____D () C:\Users\Tamara Rüfenacht\AppData\Roaming\SoftGrid Client
2014-04-02 22:13 - 2011-01-18 19:04 - 00000000 ____D () C:\Users\Tamara Rüfenacht\AppData\Roaming\Mozilla
2014-04-02 22:13 - 2011-01-18 19:04 - 00000000 ____D () C:\Users\Tamara Rüfenacht\AppData\Local\Mozilla
2014-04-02 22:13 - 2010-08-17 06:48 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-02 22:12 - 2013-10-15 21:26 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-02 22:12 - 2011-08-25 19:17 - 00000000 __RHD () C:\MSOCache
2014-04-01 20:04 - 2011-02-11 19:47 - 00000000 ____D () C:\Users\Tamara Rüfenacht\AppData\Local\Adobe
2014-03-29 00:31 - 2014-03-29 00:31 - 00000000 ____D () C:\Users\Jeremias\AppData\Roaming\Avira
2014-03-28 22:35 - 2014-03-26 22:10 - 00078600 _____ () C:\Users\Tamara Rüfenacht\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-28 22:22 - 2014-03-28 22:22 - 00000000 ____D () C:\Users\Tamara Rüfenacht\AppData\Roaming\Avira
2014-03-28 21:57 - 2014-03-28 21:57 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-26 21:01 - 2011-01-15 19:51 - 00000000 ____D () C:\Users\Tamara Rüfenacht\AppData\Local\CrashDumps
2014-03-23 23:21 - 2014-03-23 23:21 - 00000000 ____D () C:\Users\Tamara Rüfenacht\AppData\Local\Microsoft Help
2014-03-23 13:18 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-03-20 00:43 - 2013-08-15 17:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-17 21:28 - 2012-03-06 11:26 - 00000000 ____D () C:\Users\Jeremias\AppData\Roaming\HpUpdate
2014-03-09 12:24 - 2014-03-09 12:23 - 04936160 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-09 12:23 - 2014-03-09 12:23 - 00000000 _____ () C:\Windows\setuperr.log
Files to move or delete:
====================
C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll
C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll
C:\ProgramData\4rlf7olc.ctrl
C:\ProgramData\4rlf7olc.pff
Some content of TEMP:
====================
C:\Users\Jeremias\AppData\Local\Temp\avgnt.exe
C:\Users\Tamara Rüfenacht\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-05 13:17
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by Tamara Rüfenacht at 2014-04-05 14:15:16 Running from C:\Users\Tamara Rüfenacht\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8JCTN60F Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.4.0.2710 - Adobe Systems Incorporated) Hidden Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated) Adobe Download Assistant (x32 Version: 1.2.3 - Adobe Systems Incorporated) Hidden Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Photoshop Lightroom 3.2 64-bit (HKLM\...\{A94AABAE-52F0-48C4-9F94-A4CA4B423576}) (Version: 3.2.1 - Adobe) Adobe Reader 9.4.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.4.5 - Adobe Systems Incorporated) Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ATI Catalyst Install Manager (HKLM\...\{FB07515A-48AC-9996-16EE-3A3DC8CF8D8E}) (Version: 3.0.790.0 - ATI Technologies, Inc.) Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: version 2.0 - Auslogics Software Pty Ltd) Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira) Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0A03}) (Version: 12.10.3.4489 - APN, LLC) B110 (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Browser-Plug-In für BlackBerry App World (HKLM-x32\...\{0FC58033-203E-4557-82A7-6BE2D17D2256}) (Version: 4.3.1.18 - Research In Motion Limited) BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0909.1412.23625 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0909.1412.23625 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2010.0909.1412.23625 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2010.0909.1412.23625 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2010.0909.1411.23625 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2010.0909.1411.23625 - ATI) Hidden CCC Help Czech (x32 Version: 2010.0909.1411.23625 - ATI) Hidden CCC Help Danish (x32 Version: 2010.0909.1411.23625 - ATI) Hidden CCC Help Dutch (x32 Version: 2010.0909.1411.23625 - ATI) Hidden CCC Help English (x32 Version: 2010.0909.1411.23625 - ATI) Hidden CCC Help Finnish (x32 Version: 2010.0909.1411.23625 - ATI) Hidden CCC Help French (x32 Version: 2010.0909.1411.23625 - ATI) Hidden CCC Help German (x32 Version: 2010.0909.1411.23625 - ATI) Hidden CCC Help Greek (x32 Version: 2010.0909.1411.23625 - ATI) Hidden CCC Help Hungarian (x32 Version: 2010.0909.1411.23625 - ATI) Hidden CCC Help Italian (x32 Version: 2010.0909.1411.23625 - ATI) Hidden CCC Help Japanese (x32 Version: 2010.0909.1411.23625 - ATI) Hidden CCC Help Korean (x32 Version: 2010.0909.1411.23625 - ATI) Hidden CCC Help Norwegian (x32 Version: 2010.0909.1411.23625 - ATI) Hidden CCC Help Polish (x32 Version: 2010.0909.1411.23625 - ATI) Hidden CCC Help Portuguese (x32 Version: 2010.0909.1411.23625 - ATI) Hidden CCC Help Russian (x32 Version: 2010.0909.1411.23625 - ATI) Hidden CCC Help Spanish (x32 Version: 2010.0909.1411.23625 - ATI) Hidden CCC Help Swedish (x32 Version: 2010.0909.1411.23625 - ATI) Hidden CCC Help Thai (x32 Version: 2010.0909.1411.23625 - ATI) Hidden CCC Help Turkish (x32 Version: 2010.0909.1411.23625 - ATI) Hidden ccc-core-static (x32 Version: 2010.0909.1412.23625 - Ihr Firmenname) Hidden ccc-utility64 (Version: 2010.0909.1412.23625 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Contents (x32 Version: 1.6.0.286 - Corel Corporation) Hidden Corel PaintShop Photo Pro X3 (HKLM-x32\...\_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}) (Version: 1.6.1.116 - Corel Corporation) Corel PaintShop Photo Pro X3 (x32 Version: 1.00.0000 - Corel Corporation) Hidden Corel VideoStudio Pro X3 (HKLM-x32\...\_{F072CA07-A781-45E4-9975-C033A73019CF}) (Version: 1.6.0.286 - Corel Corporation) CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.) CyberLink DVD Suite (x32 Version: 7.0.3003 - CyberLink Corp.) Hidden Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden DeviceIO (x32 Version: 1.6.0.286 - Corel Corporation) Hidden Die Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version: - ) Die Sims 2: Wilde Campus-Jahre (HKLM-x32\...\{01521746-02A6-4A72-00BD-A285DF6B80C6}) (Version: - ) Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.29.55 - Electronic Arts) Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden DivX-Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.5.0.8 - DivX, LLC) DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4121 - Hewlett-Packard) DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4121 - Hewlett-Packard) Hidden Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard) ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard) FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden Free Video Converter V 3.2 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.2.0.0 - Koyote Soft) Free YouTube to MP3 Converter version 3.12.16.1030 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.16.1030 - DVDVideoSoft Ltd.) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM\...\{7B4DEBE1-E3E3-45BD-88E6-6C3CA9EEED36}) (Version: 4.1.16.1 - Hewlett-Packard Company) HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard) HP Customer Experience Enhancements (x32 Version: 6.0.1.4 - Hewlett-Packard) Hidden HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Documentation (HKLM-x32\...\{7D4318AC-9560-46F0-910F-0B38D6CDC009}) (Version: 1.1.2.0 - Hewlett-Packard) HP DVB-T TV Tuner 8.0.64.43 (HKLM-x32\...\HP DVB-T TV Tuner) (Version: 8.0.64.43 - ) HP Game Console (x32 Version: - WildTangent) Hidden HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4229 - Hewlett-Packard) HP MediaSmart DVD (x32 Version: 4.1.4229 - Hewlett-Packard) Hidden HP MediaSmart Movies and TV (HKLM\...\{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}) (Version: 1.0.0.10 - Hewlett-Packard) HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4215 - Hewlett-Packard) HP MediaSmart Music (x32 Version: 4.1.4215 - Hewlett-Packard) Hidden HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.1.4211 - Hewlett-Packard) HP MediaSmart Photo (x32 Version: 4.1.4211 - Hewlett-Packard) Hidden HP MediaSmart SmartMenu (HKLM\...\{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}) (Version: 3.1.1.12 - Hewlett-Packard) HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.1.4214 - Hewlett-Packard) HP MediaSmart Video (x32 Version: 4.1.4214 - Hewlett-Packard) Hidden HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3024 - Hewlett-Packard) HP MediaSmart Webcam (x32 Version: 4.1.3024 - Hewlett-Packard) Hidden HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations) HP Photosmart 5510d series - Grundlegende Software für das Gerät (HKLM\...\{323E134C-707D-4017-9768-D916A4D8F82E}) (Version: 25.0.607.0 - Hewlett-Packard Co.) HP Photosmart 5510d series Hilfe (HKLM-x32\...\{E59ADA18-03DB-44F5-9EF5-0FA25E4D4384}) (Version: 140.0.2.2 - Hewlett Packard) HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{014E482A-0C27-47E3-BA82-307E9DCA2F47}) (Version: 14.0 - HP) HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company) HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard) HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP) HP Software Framework (HKLM-x32\...\{483539DB-FA71-4C45-8438-55D3DCFDECC8}) (Version: 4.5.10.1 - Hewlett-Packard Company) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard) HP Wireless Assistant (HKLM\...\{E342EC6B-5F25-47FE-B92C-DE616149B430}) (Version: 4.0.9.0 - Hewlett-Packard) HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden ICA (x32 Version: 1.6.0.286 - Corel Corporation) Hidden ICA (x32 Version: 1.6.1.116 - Corel Corporation) Hidden iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6289.0 - IDT) Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation) Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation) IPM_PSP_Pro (x32 Version: 1.00.0000 - Corel Corporation) Hidden IPM_VS_Pro (x32 Version: 13.0 - Corel Corporation) Hidden ISCOM (x32 Version: 1.6.0.286 - Corel Corporation) Hidden ISCOM (x32 Version: 1.6.1.116 - Corel Corporation) Hidden iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.) Java 7 Update 10 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417010FF}) (Version: 7.0.100 - Oracle) Java 7 Update 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle) Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.) Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.260 - Sun Microsystems, Inc.) Jewel Quest II (x32 Version: 2.2.0.95 - WildTangent) Hidden Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden LightScribe System Software (HKLM-x32\...\{07E49BC1-24FF-4D7A-AC74-727BE95801AF}) (Version: 1.18.16.1 - LightScribe) Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: - EasyBits Software AS) MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden MobileMe Control Panel (HKLM\...\{AF5020D9-116A-46AC-A922-087592F37EC9}) (Version: 3.1.8.0 - Apple Inc.) Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard) Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden Movies Toolbar for Firefox (Dist. by Koyote-Lab, Inc.) (HKLM-x32\...\koyotesoftmoviestoolbarhaFF) (Version: 1.6.2.0 - APN LLC) <==== ATTENTION Movies Toolbar for Internet Explorer (Dist. by Koyote-Lab, Inc.) (HKLM-x32\...\koyotesoftmoviestoolbarhaIE) (Version: 1.6.2.0 - APN LLC) <==== ATTENTION Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla) MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MusicStation (HKLM-x32\...\{E74E7F63-E70F-43f2-873F-35FB66F263B2}) (Version: 2.0.5.71 - Omnifone) Network64 (Version: 140.0.212.000 - Hewlett-Packard) Hidden Origin (HKLM-x32\...\Origin) (Version: 8.2.2.2413 - Electronic Arts, Inc.) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.) PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden Poladroid (HKLM-x32\...\{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}) (Version: 0.9.6.0 - Poladroid.net) Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.) Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.) PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden PS_AIO_07_B110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden PSPPContent (x32 Version: 1.00.0000 - Corel Corporation) Hidden PSPPRO_DCRAW (x32 Version: 13.0.0 - Corel Corporation) Hidden PureHD (x32 Version: 1.6.0.286 - Corel Corporation) Hidden PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden Ralink Motorola BC4 Bluetooth 3.0+HS Adapter (HKLM\...\Ralink Motorola BC4 Bluetooth 3.0+HS Adapter_is1) (Version: 3.0.41.258 - Motorola, Inc.) Ralink RT3090 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.2.12.0 - Ralink) Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden Scan (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden Setup (x32 Version: 1.6.0.286 - Corel Corporation) Hidden Setup (x32 Version: 1.6.1.116 - Corel Corporation) Hidden Share (x32 Version: 1.6.0.286 - Corel Corporation) Hidden Share64 (Version: 1.6.0.286 - Corel Corporation) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) SIW 2013 Home Edition (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2013.05.14 - Topala Software Solutions) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden Softonic toolbar on IE and Chrome (HKLM-x32\...\Softonic) (Version: 1.8.21.14 - Softonic) <==== ATTENTION SolothurnTax 2012 12.3.25 (HKLM-x32\...\NP_SO_2012) (Version: 12.3.25 - Ringler Informatik AG) SolutionCenter (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB) Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Studie zur Verbesserung von HP Photosmart 5510d series Produkten (HKLM\...\{F32470D7-B3F5-44CF-B11B-4C70EB640182}) (Version: 25.0.607.0 - Hewlett-Packard Co.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.4 - Synaptics Incorporated) Toolbox (x32 Version: 140.0.424.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden VIO (x32 Version: 1.6.0.286 - Corel Corporation) Hidden Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.) VSClassic (x32 Version: 1.6.0.286 - Corel Corporation) Hidden VSPro (x32 Version: 1.6.0.286 - Corel Corporation) Hidden WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation) Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - ) Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden WinRAR (HKLM\...\WinRAR archiver) (Version: - ) WinZip (HKLM-x32\...\WinZip) (Version: 8.1 (4331g) - WinZip Computing, Inc.) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Restore Points ========================= 10-03-2014 06:43:24 Windows-Sicherung 13-03-2014 21:32:18 Windows Update 17-03-2014 19:33:02 Windows-Sicherung 19-03-2014 22:43:01 Windows Update 23-03-2014 18:00:08 Windows-Sicherung 01-04-2014 17:59:32 Removed Adobe Reader 9.5.5 MUI. 02-04-2014 21:29:30 Windows-Sicherung 02-04-2014 21:33:21 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {16C59C31-DCA2-44FE-9E56-97A79D4D28F4} - System32\Tasks\HPCeeScheduleForTamara Rüfenacht => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard) Task: {27212EDE-DCF6-418F-93B7-BA6E87685D5B} - System32\Tasks\{79738EEB-7804-4BB8-8669-2E7D65711C5F} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.2.0.166.321/de/go/help.faq.installer?LastError=1603 Task: {32D27A47-E3D0-4C0B-9757-218D19359DB9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {43514EA0-019A-4662-A1D0-6A45D2B040A2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02] (Google Inc.) Task: {44CE4B15-9F1E-4BAA-8DCE-7F606ABE262B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02] (Google Inc.) Task: {4C5089EC-D6D3-432C-8829-C5F7EB4B1CEA} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {4C576539-0290-4C6C-BE9F-381A2159948F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd) Task: {5DD90C2E-57B3-4371-8942-FA5AFC305C42} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-04] (Adobe Systems Incorporated) Task: {5FE65CAE-6FA2-445E-9E50-D2A6EEA75A56} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-24] () Task: {66D4768C-7B6E-4515-A247-663549DFA280} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company) Task: {AAE1AAA1-D9C3-4DBB-A374-2CDE2B124B14} - System32\Tasks\Express Files Updater => C:\Program Files (x86)\ExpressFiles\EFupdater.exe <==== ATTENTION Task: {C487211D-4269-420F-BE9E-618ADBC51180} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {E9D3C85B-2A6E-4411-BB4D-83DD9D320034} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {ED8D4418-5007-4C7A-BA67-4BE8F18703DC} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-06-24] (CyberLink) Task: {F7FE5D50-CA8A-4E12-B2D6-C912E868D704} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-24] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForTamara Rüfenacht.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2014-02-04 11:54 - 2014-02-05 20:54 - 00658952 _____ () C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll 2010-01-20 16:20 - 2010-01-20 16:20 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe 2010-02-09 19:01 - 2010-02-09 19:01 - 01712184 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe 2010-09-09 15:50 - 2010-09-09 15:50 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-09-09 14:11 - 2010-09-09 14:11 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2010-06-18 16:26 - 2010-06-18 16:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll 2010-06-18 16:26 - 2010-06-18 16:26 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll 2010-06-18 16:26 - 2010-06-18 16:26 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll 2014-02-04 11:54 - 2014-02-05 20:54 - 00023560 _____ () C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\mgrldr.dll 2013-09-24 20:58 - 2014-01-19 17:09 - 00603648 _____ () C:\Users\Tamara Rüfenacht\AppData\Roaming\Spotify\Data\SpotifyHelper.exe 2013-10-15 21:26 - 2013-09-30 11:01 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2014-02-04 11:54 - 2014-02-05 20:54 - 00486408 _____ () C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll 2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-03-04 19:34 - 2014-02-05 20:54 - 00019976 _____ () C:\Program Files (x86)\Movies Toolbar\Datamngr\mgrldr.dll 2010-06-16 12:48 - 2010-06-16 12:48 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll 2010-06-16 12:48 - 2010-06-16 12:48 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll 2010-06-16 12:48 - 2010-06-16 12:48 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll 2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll 2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll 2010-02-09 18:58 - 2010-02-09 18:58 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll 2010-02-09 18:58 - 2010-02-09 18:58 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll 2010-02-09 18:58 - 2010-02-09 18:58 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll 2010-02-09 18:58 - 2010-02-09 18:58 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll 2010-02-09 18:58 - 2010-02-09 18:58 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll 2010-02-09 18:58 - 2010-02-09 18:58 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll 2010-02-09 18:58 - 2010-02-09 18:58 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll 2010-02-09 18:58 - 2010-02-09 18:58 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll 2013-01-16 21:00 - 2014-01-19 17:09 - 36967424 _____ () C:\Users\Tamara Rüfenacht\AppData\Roaming\Spotify\Data\libcef.dll 2013-09-24 20:58 - 2014-01-19 17:09 - 00887808 _____ () C:\Users\Tamara Rüfenacht\AppData\Roaming\Spotify\Data\libglesv2.dll 2013-09-24 20:58 - 2014-01-19 17:09 - 00109568 _____ () C:\Users\Tamara Rüfenacht\AppData\Roaming\Spotify\Data\libegl.dll 2011-01-19 03:17 - 2011-01-19 03:17 - 00895488 _____ () C:\Program Files (x86)\DivX\DivX Plus Web Player\libxml2.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp  1B5B4F1==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: Photosmart B110 series Description: Photosmart B110 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: avast! Firewall NDIS Filter Miniport Description: avast! Firewall NDIS Filter Miniport Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: ALWIL Software Service: aswNdis Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. Name: Photosmart B110 series Description: Photosmart B110 series Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: HP Service: StillCam Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Ralink Motorola BC4 Bluetooth 3.0+HS Adapter Description: Ralink Motorola BC4 Bluetooth 3.0+HS Adapter Class Guid: {a173b237-6a34-4bb5-aa63-2561160fa200} Manufacturer: Motorola, Inc. Service: BTMUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (04/02/2014 11:27:35 PM) (Source: Application Hang) (User: ) Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 74c Startzeit: 01cf4eb8e3f3c5db Endzeit: 16 Anwendungspfad: C:\Windows\Explorer.EXE Berichts-ID: 96060268-baad-11e3-bff6-bfcddf35ba9b Error: (04/02/2014 11:17:14 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT) Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet! Error: (04/01/2014 07:41:49 PM) (Source: CVHSVC) (User: ) Description: Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt. Error: (03/28/2014 10:22:38 PM) (Source: Application Hang) (User: ) Description: Programm WINWORDC.EXE, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1110 Startzeit: 01cf4abdfe78a5c5 Endzeit: 0 Anwendungspfad: Q:\140066.deu\Office14\WINWORDC.EXE Berichts-ID: Error: (03/28/2014 09:32:31 PM) (Source: CVHSVC) (User: ) Description: Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt. Error: (03/27/2014 10:24:39 PM) (Source: CVHSVC) (User: ) Description: Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt. System errors: ============= Error: (04/05/2014 00:34:43 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Torch Crash Handler" wurde aufgrund folgenden Fehlers nicht gestartet: %%193 Error: (04/04/2014 07:55:49 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Torch Crash Handler" wurde aufgrund folgenden Fehlers nicht gestartet: %%193 Error: (04/04/2014 00:37:04 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Torch Crash Handler" wurde aufgrund folgenden Fehlers nicht gestartet: %%193 Error: (04/03/2014 10:38:40 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Torch Crash Handler" wurde aufgrund folgenden Fehlers nicht gestartet: %%193 Error: (04/02/2014 11:39:04 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Torch Crash Handler" wurde aufgrund folgenden Fehlers nicht gestartet: %%193 Error: (04/02/2014 11:36:55 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Error: (04/02/2014 11:34:07 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst TrustedInstaller erreicht. Error: (04/02/2014 11:18:27 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht. Error: (04/02/2014 11:17:23 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Avira Browser-Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%1. Error: (04/02/2014 11:17:21 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Torch Crash Handler" wurde aufgrund folgenden Fehlers nicht gestartet: %%193 Microsoft Office Sessions: ========================= Error: (04/02/2014 11:27:35 PM) (Source: Application Hang)(User: ) Description: Explorer.EXE6.1.7601.1756774c01cf4eb8e3f3c5db16C:\Windows\Explorer.EXE96060268-baad-11e3-bff6-bfcddf35ba9b Error: (04/02/2014 11:17:14 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT) Description: 0x0 Error: (04/01/2014 07:41:49 PM) (Source: CVHSVC)(User: ) Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt. Error: (03/28/2014 10:22:38 PM) (Source: Application Hang)(User: ) Description: WINWORDC.EXE0.0.0.0111001cf4abdfe78a5c50Q:\140066.deu\Office14\WINWORDC.EXE Error: (03/28/2014 09:32:31 PM) (Source: CVHSVC)(User: ) Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt. Error: (03/27/2014 10:24:39 PM) (Source: CVHSVC)(User: ) Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt. ==================== Memory info =========================== Percentage of memory in use: 61% Total physical RAM: 3893.86 MB Available physical RAM: 1516.66 MB Total Pagefile: 7785.9 MB Available Pagefile: 4555.54 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:440.74 GB) (Free:245.43 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:24.73 GB) (Free:3.62 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 9D3ACBBB) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=441 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=25 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================== End Of Log ============================ GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-05 15:42:08
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PC4O 465.76GB
Running: Gmer-19357.exe; Driver: C:\Users\TAMARA~1\AppData\Local\Temp\kgecqaob.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18 0000000075aa1402 1 byte [75]
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[1576] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18 0000000075aa141a 1 byte [75]
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18 0000000075aa1432 1 byte [75]
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43 0000000075aa144b 1 byte [75]
.text ... * 9
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[1576] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18 0000000075aa14de 1 byte [75]
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18 0000000075aa14f6 1 byte [75]
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[1576] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18 0000000075aa150e 1 byte [75]
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18 0000000075aa1526 1 byte [75]
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18 0000000075aa153e 1 byte [75]
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[1576] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18 0000000075aa1556 1 byte [75]
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18 0000000075aa156e 1 byte [75]
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18 0000000075aa1586 1 byte [75]
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[1576] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18 0000000075aa159e 1 byte [75]
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18 0000000075aa15b6 1 byte [75]
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18 0000000075aa15ce 1 byte [75]
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21 0000000075aa16b3 1 byte [75]
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32 0000000075aa16be 1 byte [75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18 0000000075aa1402 1 byte [75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1632] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18 0000000075aa141a 1 byte [75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18 0000000075aa1432 1 byte [75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43 0000000075aa144b 1 byte [75]
.text ... * 9
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1632] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18 0000000075aa14de 1 byte [75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18 0000000075aa14f6 1 byte [75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1632] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18 0000000075aa150e 1 byte [75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18 0000000075aa1526 1 byte [75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18 0000000075aa153e 1 byte [75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1632] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18 0000000075aa1556 1 byte [75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18 0000000075aa156e 1 byte [75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18 0000000075aa1586 1 byte [75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1632] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18 0000000075aa159e 1 byte [75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18 0000000075aa15b6 1 byte [75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18 0000000075aa15ce 1 byte [75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21 0000000075aa16b3 1 byte [75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32 0000000075aa16be 1 byte [75]
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18 0000000075aa1402 1 byte [75]
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[2000] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18 0000000075aa141a 1 byte [75]
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18 0000000075aa1432 1 byte [75]
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43 0000000075aa144b 1 byte [75]
.text ... * 9
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[2000] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18 0000000075aa14de 1 byte [75]
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18 0000000075aa14f6 1 byte [75]
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[2000] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18 0000000075aa150e 1 byte [75]
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18 0000000075aa1526 1 byte [75]
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18 0000000075aa153e 1 byte [75]
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[2000] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18 0000000075aa1556 1 byte [75]
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18 0000000075aa156e 1 byte [75]
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18 0000000075aa1586 1 byte [75]
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[2000] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18 0000000075aa159e 1 byte [75]
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18 0000000075aa15b6 1 byte [75]
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18 0000000075aa15ce 1 byte [75]
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21 0000000075aa16b3 1 byte [75]
.text C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32 0000000075aa16be 1 byte [75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18 0000000075aa1402 1 byte [75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2952] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18 0000000075aa141a 1 byte [75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18 0000000075aa1432 1 byte [75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43 0000000075aa144b 1 byte [75]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2952] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18 0000000075aa14de 1 byte [75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18 0000000075aa14f6 1 byte [75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18 0000000075aa150e 1 byte [75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18 0000000075aa1526 1 byte [75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18 0000000075aa153e 1 byte [75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2952] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18 0000000075aa1556 1 byte [75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2952] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18 0000000075aa156e 1 byte [75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2952] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18 0000000075aa1586 1 byte [75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18 0000000075aa159e 1 byte [75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18 0000000075aa15b6 1 byte [75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18 0000000075aa15ce 1 byte [75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21 0000000075aa16b3 1 byte [75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32 0000000075aa16be 1 byte [75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18 0000000075aa1402 1 byte [75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4492] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18 0000000075aa141a 1 byte [75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18 0000000075aa1432 1 byte [75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43 0000000075aa144b 1 byte [75]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4492] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18 0000000075aa14de 1 byte [75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18 0000000075aa14f6 1 byte [75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4492] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18 0000000075aa150e 1 byte [75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18 0000000075aa1526 1 byte [75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18 0000000075aa153e 1 byte [75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4492] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18 0000000075aa1556 1 byte [75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18 0000000075aa156e 1 byte [75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18 0000000075aa1586 1 byte [75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4492] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18 0000000075aa159e 1 byte [75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18 0000000075aa15b6 1 byte [75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18 0000000075aa15ce 1 byte [75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21 0000000075aa16b3 1 byte [75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32 0000000075aa16be 1 byte [75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4588] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18 0000000075aa1402 1 byte [75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4588] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18 0000000075aa141a 1 byte [75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18 0000000075aa1432 1 byte [75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43 0000000075aa144b 1 byte [75]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4588] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18 0000000075aa14de 1 byte [75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4588] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18 0000000075aa14f6 1 byte [75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4588] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18 0000000075aa150e 1 byte [75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4588] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18 0000000075aa1526 1 byte [75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4588] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18 0000000075aa153e 1 byte [75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4588] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18 0000000075aa1556 1 byte [75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4588] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18 0000000075aa156e 1 byte [75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4588] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18 0000000075aa1586 1 byte [75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4588] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18 0000000075aa159e 1 byte [75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4588] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18 0000000075aa15b6 1 byte [75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4588] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18 0000000075aa15ce 1 byte [75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4588] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21 0000000075aa16b3 1 byte [75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4588] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32 0000000075aa16be 1 byte [75]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4920] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18 0000000075aa1402 1 byte [75]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4920] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18 0000000075aa141a 1 byte [75]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18 0000000075aa1432 1 byte [75]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43 0000000075aa144b 1 byte [75]
.text ... * 9
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4920] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18 0000000075aa14de 1 byte [75]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4920] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18 0000000075aa14f6 1 byte [75]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4920] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18 0000000075aa150e 1 byte [75]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4920] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18 0000000075aa1526 1 byte [75]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4920] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18 0000000075aa153e 1 byte [75]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4920] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18 0000000075aa1556 1 byte [75]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4920] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18 0000000075aa156e 1 byte [75]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4920] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18 0000000075aa1586 1 byte [75]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4920] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18 0000000075aa159e 1 byte [75]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4920] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18 0000000075aa15b6 1 byte [75]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4920] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18 0000000075aa15ce 1 byte [75]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4920] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21 0000000075aa16b3 1 byte [75]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4920] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32 0000000075aa16be 1 byte [75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18 0000000075aa1402 1 byte [75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5396] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18 0000000075aa141a 1 byte [75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18 0000000075aa1432 1 byte [75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43 0000000075aa144b 1 byte [75]
.text ... * 9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5396] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18 0000000075aa14de 1 byte [75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18 0000000075aa14f6 1 byte [75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18 0000000075aa150e 1 byte [75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18 0000000075aa1526 1 byte [75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18 0000000075aa153e 1 byte [75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5396] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18 0000000075aa1556 1 byte [75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5396] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18 0000000075aa156e 1 byte [75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5396] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18 0000000075aa1586 1 byte [75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18 0000000075aa159e 1 byte [75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18 0000000075aa15b6 1 byte [75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18 0000000075aa15ce 1 byte [75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21 0000000075aa16b3 1 byte [75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32 0000000075aa16be 1 byte [75]
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f395f9c29e
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f395f9c29e (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
| Themen zu CPU Auslastung 100 % dank svchost.exe (localsystemnetworkrestricted) |
| antivir, arbeiten, auslastung, auslastung 100 %, automatische, automatische updates, cpu, cpu auslastung, datum, erstellen, gestartet, interne, internet, localsystemnetworkrestricted, logfile, modus, nicht mehr, nichts, problem, svchost.exe, svchost.exe (localsystemnetworkrestricted), taskmanager, updates, wahrscheinlich, windows, windows 7, woche, wochen |
CPU Auslastung 100 % dank svchost.exe (localsystemnetworkrestricted)
Linear-Darstellung
