| |
| |||||||
Log-Analyse und Auswertung: Virus TR/Crypt.ZPACK.96184Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.09.2014, 12:21
| #1 |
| |  Virus TR/Crypt.ZPACK.96184 Hi liebes Trojaner-Board Team! Ich besitze den Laptop Hp 635 und seit längerem ist mir aufgefallen das er vorallem im Internet immer langsamer wird. Mir war irgendwie schon klar, das ich mir einen Virus eingefangen habe. Ich wollte meinen Laptop herunterfahren. Alles war wie immer doch das Herunterfahrfenster hat sich nichtmehr geschlossen. Ich wartete ca. 15 Minuten doch es war durchgehend nur das Herunterfahrfenster da und nichts ging voran. Deswegen hab ich meinen Laptop über die Ausschalttaste ausgeschaltet. Gleich dannach hab ich ihn wieder eingeschaltet um ihn normal herunterzufahren doch das gleiche Problem hatte ich nochmal. Das Willkommenfenster war durchgehend da und es ging nichts vorran. Am nächsten Tag hatte ich ihn gar nicht benutzt und gestern schaltete ich ihn wieder an. Ich bekam das störsignal von Avira und mir wurde angezeigt das ich den Virus 'Virus Tr/Crypt.ZPACK.96148' gefunden habe. Ich verschob ihn also in Quarantäne. Hier ein paar Informationen über den Virus (Kommt wenn ich in der Quarantäne auf den Virus gehe und Eigenschaften anklicke) Vllt könnt ihr ja damit was anfangen: Dateiname: C:\ProgramData\OjalcAgxas\OjalcAgxas.dat Quarantäne-Objekt: 5107115d.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/Vista Workstation/Windows 7 Sucheingine: 8.03.24.22 Virendefinitionsdatei: 8.11.171.26 Gefunden: TR/Crypt.ZPACK.98184 Ich hatte mir halt dann gedacht ihn aus der Quarantäne zu entfernen und alles wär dann wieder gut. Es war auch alles so wie vorher. Alles lief wieder normal schnell und ich hatte eigentlich keine weiteren Probleme mehr. Ich hatte mich dannach bisschen über den Virus schlau gemacht und hatte gelesen, das der Virus auch durch das Entfernen aus der Quarantäne wieder gefunden wird. Und genau so war es gerade. Ich kenn mich leider nicht besonders gut mit Viren aus deswegen brauch ich dringend eure Hilfe. Was könnt ihr mir entfehlen? Gibt es irgendwelche Tricks wie ich ihn von meiner Festplatte radieren kann? Die einzigen Dateien, an die ich mich erinnern kann in letzter Zeit heruntergeladen zu haben sind Updates (bzw. 'Erweiterungen') fur Fußballmanager 13. Vielen Dank schonmal im Voraus! Euer Txikki |
|
08.09.2014, 12:24
| #2 |
| /// the machine /// TB-Ausbilder    |  Virus TR/Crypt.ZPACK.96184 hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
08.09.2014, 13:17
| #3 |
| | Virus TR/Crypt.ZPACK.96184 Oke ich hoffe das ist das richtige
__________________Die Additionsdatei: FRST Additions Logfile: [CODE]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01 Ran by Flo at 2014-09-08 13:53:11 Running from C:\Users\Flo\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.) Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.2.152.26 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.6.602.180 - Adobe Systems Incorporated) Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden AMD Fuel (Version: 2011.0304.1135.20703 - Ihr Firmenname) Hidden Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ATI Catalyst Install Manager (HKLM\...\{E04A3037-2F82-C518-D6CA-A63497D3872F}) (Version: 3.0.808.0 - ATI Technologies, Inc.) Avira (HKLM-x32\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira) Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C1001}) (Version: 12.16.1.1671 - APN, LLC) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Big Rig Europe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation) Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blue Byte Game Channel (HKLM-x32\...\Blue Byte Game Channel) (Version: - UbiSoft) Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.02.000.55 - Atheros Communications) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden BrowserProtect (HKLM-x32\...\BrowserProtect) (Version: - ) <==== ATTENTION Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0304.1135.20703 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2011.0304.1135.20703 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2011.0304.1135.20703 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2011.0304.1134.20703 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2011.0304.1134.20703 - ATI) Hidden CCC Help Czech (x32 Version: 2011.0304.1134.20703 - ATI) Hidden CCC Help Danish (x32 Version: 2011.0304.1134.20703 - ATI) Hidden CCC Help Dutch (x32 Version: 2011.0304.1134.20703 - ATI) Hidden CCC Help English (x32 Version: 2011.0304.1134.20703 - ATI) Hidden CCC Help Finnish (x32 Version: 2011.0304.1134.20703 - ATI) Hidden CCC Help French (x32 Version: 2011.0304.1134.20703 - ATI) Hidden CCC Help German (x32 Version: 2011.0304.1134.20703 - ATI) Hidden CCC Help Greek (x32 Version: 2011.0304.1134.20703 - ATI) Hidden CCC Help Hungarian (x32 Version: 2011.0304.1134.20703 - ATI) Hidden CCC Help Italian (x32 Version: 2011.0304.1134.20703 - ATI) Hidden CCC Help Japanese (x32 Version: 2011.0304.1134.20703 - ATI) Hidden CCC Help Korean (x32 Version: 2011.0304.1134.20703 - ATI) Hidden CCC Help Norwegian (x32 Version: 2011.0304.1134.20703 - ATI) Hidden CCC Help Polish (x32 Version: 2011.0304.1134.20703 - ATI) Hidden CCC Help Portuguese (x32 Version: 2011.0304.1134.20703 - ATI) Hidden CCC Help Russian (x32 Version: 2011.0304.1134.20703 - ATI) Hidden CCC Help Spanish (x32 Version: 2011.0304.1134.20703 - ATI) Hidden CCC Help Swedish (x32 Version: 2011.0304.1134.20703 - ATI) Hidden CCC Help Thai (x32 Version: 2011.0304.1134.20703 - ATI) Hidden CCC Help Turkish (x32 Version: 2011.0304.1134.20703 - ATI) Hidden ccc-core-static (x32 Version: 2011.0304.1135.20703 - Ihr Firmenname) Hidden ccc-utility64 (Version: 2011.0304.1135.20703 - ATI) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Conduit Engine (HKLM-x32\...\conduitEngine) (Version: - Conduit Ltd.) <==== ATTENTION Crazy Chicken Kart 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.2.1.3726 - CyberLink Corp.) CyberLink YouCam (x32 Version: 3.2.1.3726 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DealPly (HKLM-x32\...\DealPly) (Version: - DealPly) <==== ATTENTION Die Siedler IV (HKLM-x32\...\S4Uninst) (Version: - ) Die Sims Deluxe (HKLM-x32\...\{10798AE3-DCBB-43C3-9C93-C23512427E25}) (Version: - ) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden DVDVideoSoftTB Toolbar (HKLM-x32\...\DVDVideoSoftTB Toolbar) (Version: 6.3.3.3 - DVDVideoSoftTB) EA Installer (HKLM-x32\...\EA Installer.-1797597899) (Version: 2.3.0.74 - Electronic Arts, Inc.) EazelBar (HKLM-x32\...\EazelBar) (Version: EazelBar 1.7 - EazelBar) <==== ATTENTION ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard) Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden Fishdom (x32 Version: 2.2.0.95 - WildTangent) Hidden FUSSBALL MANAGER 11 (HKLM-x32\...\FUSSBALL MANAGER 11) (Version: - Electronic Arts) FUSSBALL MANAGER 13 (HKLM-x32\...\{80AF0300-866F-400F-A350-D53E3C3E34E0}) (Version: 1.0.0.0 - Electronic Arts) Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios) Glarysoft Toolbar (HKLM-x32\...\Glarysoft Toolbar) (Version: 1.2.0 - Glarysoft Ltd) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Grand Theft Auto San Andreas (HKLM-x32\...\{086BADF8-9B1F-4E89-B207-2EDA520972D6}) (Version: 1.00.00001 - Rockstar Games) Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden HP Documentation (HKLM-x32\...\{2BF8B295-A214-42AC-B4EC-2AE15E08B0E7}) (Version: 1.1.0.0 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent) HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company) HP Power Manager (HKLM-x32\...\{B97E3520-C726-475E-BC0C-7561952633AB}) (Version: 1.2.1 - Hewlett-Packard Company) HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company) HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP Wireless Assistant (HKLM\...\{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}) (Version: 4.0.10.0 - Hewlett-Packard) iCloud (HKLM\...\{8B485965-8EFE-464A-842F-CF8F18C3DFD7}) (Version: 1.1.0.40 - Apple Inc.) InfraRecorder (HKLM-x32\...\InfraRecorder) (Version: - Christian Kindahl) iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Age of Empires (HKLM-x32\...\Age of Empires) (Version: - ) Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - ) Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation) Moorhuhn Remake (HKLM-x32\...\{52210D57-0B1F-4681-90DD-8659DF4BCC40}) (Version: 1.00.0000 - ) Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios) MUETZE (HKLM-x32\...\MUETZE) (Version: - ) Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden Norton Internet Security (HKLM-x32\...\NIS) (Version: 18.7.2.3 - Symantec Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org) Origin (HKLM-x32\...\Origin) (Version: 9.0.11.77 - Electronic Arts, Inc.) PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.34 - PDF Complete, Inc) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden phase-6 Feeding Tool 1.1.6 (HKLM-x32\...\phase-6 Feeding Tool) (Version: 1.1.6 - phase-6) PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden PriceGong 2.5.1 (HKLM-x32\...\PriceGong) (Version: 2.5.1 - PriceGong) <==== ATTENTION QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6287 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 1.0.22 - Hewlett-Packard) Hidden Reise nach Nordland (HKLM-x32\...\Reise nach Nordland) (Version: - ) Rome - Total War - Gold Edition (HKLM-x32\...\{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}) (Version: 1.6 - The Creative Assembly) Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Softonic toolbar on IE and Chrome (HKLM-x32\...\Softonic) (Version: 1.8.28.2 - Softonic) <==== ATTENTION Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Stranded II 1.0.0.1 (HKLM-x32\...\{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1) (Version: - Unreal Software) SweetIM for Messenger 3.6 (HKLM-x32\...\{A81A974F-8A22-43E6-9243-5198FF758DA1}) (Version: 3.6.0002 - SweetIM Technologies Ltd.) <==== ATTENTION SweetIM Toolbar for Internet Explorer 4.2 (HKLM-x32\...\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}) (Version: 4.2.0004 - SweetIM Technologies Ltd.) <==== ATTENTION Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.4.3 - Synaptics Incorporated) Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) Total Immersion Racing (HKLM-x32\...\{C2FE0127-0F86-43C7-824E-AA78E6B5F4F3}) (Version: - ) TuneUp Utilities 2013 (HKLM-x32\...\TuneUp Utilities 2013) (Version: 13.0.3000.132 - TuneUp Software) TuneUp Utilities 2013 (x32 Version: 13.0.3000.132 - TuneUp Software) Hidden TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3000.132 - TuneUp Software) Hidden Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden VIS (HKLM-x32\...\VIS) (Version: - ) <==== ATTENTION Wajam (HKLM-x32\...\Wajam) (Version: 1.49 - Wajam) <==== ATTENTION Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden WildTangent Games App (HP Games) (x32 Version: 4.0.5.31 - WildTangent) Hidden Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden WinDS PRO Apps 1.6.3 (HKLM\...\{92C4C953-5CE1-4DC3-97D5-BBD1A63EF706}_is1) (Version: 1.6.3.0 - WinDS PRO) WinRAR 5.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) WinZip 17.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DC}) (Version: 17.5.10562 - WinZip Computing, S.L. ) WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden Xobni (HKLM-x32\...\XobniMain) (Version: 1.9.5.13209 - Xobni Corp.) Xobni Core (x32 Version: 1.0.0 - Xobni, Inc.) Hidden Yolobar (HKLM-x32\...\yolobartb) (Version: 1.0.0.7 - Visicom Media Inc.) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 06-09-2014 01:00:45 Windows Update 07-09-2014 13:52:56 Windows Update 08-09-2014 10:43:23 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {00C3BAA7-B1AC-42D4-B1E3-E2B7F61EB67A} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation) Task: {0ABD54BF-14E0-4842-9259-7681DD02F55B} - System32\Tasks\{01DB2A9F-2C3A-47AB-8494-0BBD4C781148} => C:\Program Files (x86)\Empire Interactive\TIR\TiR.exe [2004-05-26] () Task: {0D7676D4-BA22-45BC-8D32-3B4168A2BB59} - System32\Tasks\{41C27AA3-9D8C-40AA-B211-45291FB83EE9} => C:\Program Files (x86)\Safari\Safari.exe [2012-07-20] (Apple Inc.) Task: {0EEB8607-1055-4FCF-9D0F-4D21B6226D58} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {1AE0B3A3-72A6-4D1C-AA74-06D1BB7AE802} - System32\Tasks\{EE127D9A-3D15-4666-8B99-ABE1C1EF0FA0} => C:\Program Files (x86)\Safari\Safari.exe [2012-07-20] (Apple Inc.) Task: {63019963-DCA2-47B1-B091-DD037F839A6E} - System32\Tasks\{844F5761-9DFD-41B4-B5A9-3FBC4326408E} => C:\Program Files (x86)\Safari\Safari.exe [2012-07-20] (Apple Inc.) Task: {641A97A5-D665-4519-9B97-85B8A3E40A6B} - System32\Tasks\{5F6C05A5-2C2D-445E-9E33-B1926E2DDF75} => C:\Program Files (x86)\Cube World\CubeLauncher.exe Task: {69FDB6BD-2CA2-4D6C-A517-B5364F91315F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-02-09] (CyberLink) Task: {70A24953-C874-47CA-92F8-6F1308D1727C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-19] (Google Inc.) Task: {746C3896-0BF4-490E-B2C5-AE73AF9C1E34} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {7EB8E15F-2E1E-4FAA-B74A-E66C82D6A261} - System32\Tasks\{B69DC712-5C49-4BDA-B60B-4B12012AB7DE} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.6.0.110/de/abandoninstall?page=tsDownload&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled Task: {7EE4FEC4-0E8B-4037-AAAD-0AC2AE3843CF} - System32\Tasks\{0F55966D-7659-492C-9EE1-E0D2A2B4340A} => C:\Program Files (x86)\iTunes\iTunes.exe [2013-11-02] (Apple Inc.) Task: {7F663B1D-69E5-4C97-90CE-7245FCA87D50} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2012-11-29] (TuneUp Software) Task: {97D20602-C2E6-412E-B511-9D5B243914E9} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\SelfUpdater\SoftwareUpdater.Ui.exe Task: {99580AD7-8E6B-4F78-BBC4-1CC2F4BEFFA0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-19] (Google Inc.) Task: {A7EEEDCB-494F-4D08-9D75-298D96F7D204} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {B0C68B57-D0DA-4FD9-9422-8E3FBB882187} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {BA02A64E-E3EE-446E-87F6-02CB0DDC7355} - System32\Tasks\{D1A5A556-25E9-43C7-AF59-31533FA49EE7} => C:\Program Files (x86)\Safari\Safari.exe [2012-07-20] (Apple Inc.) Task: {BA36FB0B-0BA2-4776-A7C1-B0F22EEC0BB9} - System32\Tasks\{EEBFB18D-79EE-4151-8465-D9FE080A847D} => C:\Program Files (x86)\Safari\Safari.exe [2012-07-20] (Apple Inc.) Task: {C482FBCF-8277-42D3-A061-03BF41B13599} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {C5D202AD-D0EC-495A-985D-847E71D5ED4B} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation) Task: {C9434FF6-1CC0-4E12-97A0-5DCF72932806} - System32\Tasks\HPCeeScheduleForFlo => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard) Task: {CCE36A54-2CFC-4F46-B2D1-CC2752764588} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation) Task: {D9C34C09-F28E-45DB-A571-8C2EDA3CFABD} - System32\Tasks\Software Updater => C:\Program Files (x86)\SelfUpdater\SoftwareUpdater.Bootstrapper.exe Task: {DA85EDE5-3CFF-4ADF-9AC9-7A76E6B9CAC3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-08-19] (Microsoft) Task: {DC07F893-6863-4482-8BA6-8FACB60D2E74} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2013-11-04] (Hewlett-Packard Company) Task: {DF3D6225-127C-4C5C-A3A9-60574D4A38FD} - System32\Tasks\{0E890AC2-9258-4D8D-8DA0-75D9A8B40D42} => C:\Program Files (x86)\Safari\Safari.exe [2012-07-20] (Apple Inc.) Task: {ED29DF10-6596-47BA-ACDB-740BFAA7EFEE} - System32\Tasks\{A3BE8B11-63B6-4F9D-A81B-12C994C8099C} => C:\Program Files (x86)\iTunes\iTunes.exe [2013-11-02] (Apple Inc.) Task: {EFCC01B3-A264-4341-A3EF-4F2F8EDC3E61} - System32\Tasks\{B6FE753E-B4A1-4767-9FE5-3CBFFC1437EF} => C:\Program Files (x86)\iTunes\iTunes.exe [2013-11-02] (Apple Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForFlo.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2011-09-02 16:44 - 2011-09-02 16:44 - 00018432 _____ () C:\Users\Flo\AppData\LocalLow\Picasa\IE\PicasaUpdater.exe 2013-11-20 14:38 - 2013-11-20 14:38 - 00105472 _____ () C:\Program Files (x86)\BrowserProtect\srvBrowserProtect.exe 2013-06-05 08:40 - 2013-06-05 08:40 - 00223232 _____ () C:\Program Files (x86)\EazelBar\ToolbarUpdaterService.exe 2011-03-04 12:43 - 2011-03-04 12:43 - 00079872 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Services.dll 2011-03-04 12:44 - 2011-03-04 12:44 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-08-04 14:20 - 2014-08-04 14:20 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll 2014-08-04 14:20 - 2014-08-04 14:20 - 00067832 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll 2014-08-05 10:54 - 2014-08-04 14:20 - 00052472 _____ () C:\Users\Flo\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll 2014-06-08 11:28 - 2014-07-30 15:34 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/08/2014 00:26:31 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/07/2014 09:28:26 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm avscan.exe, Version 14.0.6.548 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 9d8 Startzeit: 01cfcaa75dd8fadb Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe Berichts-ID: 11331570-36c5-11e4-80b4-68a3c4e2d7ac Error: (09/07/2014 04:09:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: DelayedAppStarter.exe, Version: 0.0.0.0, Zeitstempel: 0x4b22abed Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00904b26 ID des fehlerhaften Prozesses: 0xd24 Startzeit der fehlerhaften Anwendung: 0xDelayedAppStarter.exe0 Pfad der fehlerhaften Anwendung: DelayedAppStarter.exe1 Pfad des fehlerhaften Moduls: DelayedAppStarter.exe2 Berichtskennung: DelayedAppStarter.exe3 Error: (09/07/2014 03:46:20 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/06/2014 08:27:41 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8080368 Error: (09/06/2014 08:27:41 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8080368 Error: (09/06/2014 08:27:41 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/06/2014 08:27:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8078215 Error: (09/06/2014 08:27:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8078215 Error: (09/06/2014 08:27:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (09/08/2014 02:02:52 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800736b3 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2820331) Error: (09/08/2014 02:02:35 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800736b3 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 3.5.1 unter Windows 7 und Windows Server 2008 R2 SP1 für x64-basierte Systeme (KB2840631) Error: (09/08/2014 02:02:24 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800736b3 fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer 9 für Windows 7 für x64-Systeme (KB2976627) Error: (09/08/2014 02:01:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800736b3 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme (KB2798162) Error: (09/08/2014 02:00:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800736b3 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2971850) Error: (09/08/2014 02:00:18 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800736b3 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2957509) Error: (09/08/2014 02:00:07 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800736b3 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 3.5.1 unter Windows 7 und Windows Server 2008 R2 SP1 für x64-basierte Systeme (KB2931356) Error: (09/08/2014 01:59:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800736b3 fehlgeschlagen: Update für Microsoft .NET Framework 3.5.1 unter Windows 7 und Windows Server 2008 R2 SP1 für x64-basierte Systeme (KB2836942) Error: (09/08/2014 01:58:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800736b3 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 3.5.1 unter Windows 7 und Windows Server 2008 R2 SP1 für x64-basierte Systeme (KB2937610) Error: (09/08/2014 01:35:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800736b3 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme (KB2919469) Microsoft Office Sessions: ========================= Error: (09/08/2014 00:26:31 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/07/2014 09:28:26 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: avscan.exe14.0.6.5489d801cfcaa75dd8fadb0C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe11331570-36c5-11e4-80b4-68a3c4e2d7ac Error: (09/07/2014 04:09:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: DelayedAppStarter.exe0.0.0.04b22abedunknown0.0.0.000000000c000000500904b26d2401cfcaa4e5589325C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exeunknown8e073f2e-3698-11e4-80b4-68a3c4e2d7ac Error: (09/07/2014 03:46:20 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/06/2014 08:27:41 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8080368 Error: (09/06/2014 08:27:41 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8080368 Error: (09/06/2014 08:27:41 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/06/2014 08:27:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8078215 Error: (09/06/2014 08:27:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8078215 Error: (09/06/2014 08:27:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second CodeIntegrity Errors: =================================== Date: 2012-11-10 16:57:51.785 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\sfvfs02.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-11-10 16:57:51.706 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\sfvfs02.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: AMD E-240 Processor Percentage of memory in use: 77% Total physical RAM: 1642.9 MB Available physical RAM: 376.55 MB Total Pagefile: 3285.8 MB Available Pagefile: 1282.26 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:217.64 GB) (Free:70.04 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:14.95 GB) (Free:1.85 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: DA9A0C0E) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=217.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================== End Of Log ============================ Die FRSTdatei: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Flo (administrator) on FLO-HP on 08-09-2014 13:32:41
Running from C:\Users\Flo\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
() C:\Users\Flo\AppData\LocalLow\Picasa\IE\PicasaUpdater.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
() C:\Program Files (x86)\BrowserProtect\srvBrowserProtect.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
() C:\Program Files (x86)\EazelBar\ToolbarUpdaterService.exe
(Wajam) C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Spotify Ltd) C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-12] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-21] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-01-06] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2011-01-06] (Atheros Commnucations)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [SweetIM] => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [114992 2011-08-01] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1942424 2014-08-22] (APN)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
HKU\S-1-5-21-1787775113-380415049-4136871662-1002\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\S-1-5-21-1787775113-380415049-4136871662-1002\...\Run: [Spotify Web Helper] => C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-28] (Spotify Ltd)
HKU\S-1-5-21-1787775113-380415049-4136871662-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-1787775113-380415049-4136871662-1002\...\Run: [OjalcAgxas] => regsvr32.exe "
Startup: C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://en.eazel.com/?id=AAAa519094014e4c757a8c011a908953922&oid=1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8c3671e7-0d3a-437c-b022-1a5b836b7056&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8c3671e7-0d3a-437c-b022-1a5b836b7056&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://isearch.glarysoft.com/?src=iehome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.glarysoft.com/?src=iehome
URLSearchHook: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 - DefaultScope {c1d89ae7-449d-4929-b24b-fded04adbe06} URL = hxxp://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8c3671e7-0d3a-437c-b022-1a5b836b7056&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM-x32 - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 - {c1d89ae7-449d-4929-b24b-fded04adbe06} URL = hxxp://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={6CF4D452-6C01-4CB4-9ECC-9F0ED0FDEA7C}
SearchScopes: HKCU - DefaultScope {A8B871DC-1552-4774-827A-3874E67CEE9B} URL = hxxp://en.eazel.com/results.php?id=AAAa519094014e4c757a8c011a908953922&oid=1&cat=web&co=&lg=en&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8c3671e7-0d3a-437c-b022-1a5b836b7056&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970
SearchScopes: HKCU - {A8B871DC-1552-4774-827A-3874E67CEE9B} URL = hxxp://en.eazel.com/results.php?id=AAAa519094014e4c757a8c011a908953922&oid=1&cat=web&co=&lg=en&q={searchTerms}
SearchScopes: HKCU - {EBD839AE-B08C-4fb7-859B-F54AF16C159F} URL = hxxp://search.softonic.com/MOY00009/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=6eacef290000000000000aa3c4e2681c&toi=16028&r=407
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO: EazelBar Helper -> {FE478DC2-E4AD-4197-8F80-5E456BEBC57F} -> C:\Program Files (x86)\EazelBar\Toolbar64.dll ()
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
BHO-x32: Shopping Assistant Plugin -> {1631550F-191D-4826-B069-D9439253D926} -> C:\Program Files (x86)\PriceGong\2.5.1\PriceGongIE.dll (PriceGong)
BHO-x32: Conduit Engine -> {30F9B915-B755-4826-820B-08FBA6BD249D} -> C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
BHO-x32: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoftTB Toolbar -> {872b5b88-9db5-4310-bdd0-ac189557e5f5} -> C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: DealPly -> {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} -> C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
BHO-x32: Wajam -> {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} -> C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
BHO-x32: TBSB05810 Class -> {A7AF277D-1466-4A7B-93AF-B043984A5671} -> C:\Program Files (x86)\Glarysoft Toolbar\tbcore3.dll ()
BHO-x32: Picasa -> {AAA4C1FB-CF94-420D-9EB4-B3D9148BA73F} -> C:\Users\Flo\AppData\LocalLow\Picasa\IE\Picasa.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Yolobar -> {ccb24e92-62c4-4c53-95d2-65f9eed476bc} -> C:\Program Files (x86)\yolobartb\yolobarDx.dll ()
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: Softonic Helper Object -> {E87806B5-E908-45FD-AF5E-957D83E58E68} -> C:\Program Files (x86)\Softonic\Softonic\1.8.28.2\bh\Softonic.dll (Softonic.com)
BHO-x32: SweetIM Toolbar Helper -> {EEE6C35C-6118-11DC-9C72-001320C79847} -> C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
BHO-x32: EazelBar Helper -> {FE478DC2-E4AD-4197-8F80-5E456BEBC57F} -> C:\Program Files (x86)\EazelBar\Toolbar32.dll ()
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM - EazelBar - {EBD839AE-B08C-4fb7-859B-F54AF16C159F} - C:\Program Files (x86)\EazelBar\Toolbar64.dll ()
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - Yolobar - {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - C:\Program Files (x86)\yolobartb\yolobarDx.dll ()
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Glarysoft Toolbar - {32D47EA5-9473-4CAD-805D-9999F15D5AE2} - C:\Program Files (x86)\Glarysoft Toolbar\tbcore3.dll ()
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.8.28.2\SoftonicTlbr.dll (Softonic.com)
Toolbar: HKLM-x32 - EazelBar - {EBD839AE-B08C-4fb7-859B-F54AF16C159F} - C:\Program Files (x86)\EazelBar\Toolbar32.dll ()
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKCU - No Name - {32D47EA5-9473-4CAD-805D-9999F15D5AE2} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\xc2l60o8.default
FF NewTab: about:blank
FF Homepage: hxxp://en.eazel.com/?id=AAAa519094014e4c757a8c011a908953922&oid=1
FF Keyword.URL: hxxp://en.eazel.com/results.php?id=AAAa519094014e4c757a8c011a908953922&oid=1&cat=web&co=&lg=en&q=
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF user.js: detected! => C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\xc2l60o8.default\user.js
FF SearchPlugin: C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\xc2l60o8.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\xc2l60o8.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\search-with-eazelbar.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\xc2l60o8.default\Extensions\abs@avira.com [2014-09-04]
FF Extension: vis - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\xc2l60o8.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM [2013-11-20]
FF Extension: Babylon - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\xc2l60o8.default\Extensions\ffxtlbr@babylon.com [2013-02-13]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\xc2l60o8.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013-07-26]
FF Extension: Wajam - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\xc2l60o8.default\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2012-10-13]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn
FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn [2011-09-01]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_12_1
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_12_1 [2014-09-08]
FF HKLM-x32\...\Firefox\Extensions: [{EBD839AE-B08C-4fb7-859B-F54AF16C159F}] - C:\Program Files (x86)\EazelBar\Firefox
FF Extension: EazelBar - C:\Program Files (x86)\EazelBar\Firefox [2013-11-23]
FF HKCU\...\Firefox\Extensions: [{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}] - C:\Program Files (x86)\PriceGong\2.5.1\FF
FF Extension: PriceGong - C:\Program Files (x86)\PriceGong\2.5.1\FF [2011-10-14]
Chrome:
=======
CHR HomePage: Default -> hxxp://en.eazel.com?id=60A41CB5719346B7B422D431FB99617D&oid=1
CHR DefaultSearchKeyword: Default -> e
CHR DefaultSearchProvider: Default -> EazelBar
CHR DefaultSearchURL: Default -> hxxp://en.eazel.com/results.php?cat=web&co=&lg=en&q={searchTerms}&id=60A41CB5719346B7B422D431FB99617D&oid=1
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Softonic Chrome Toolbar) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf [2013-11-19]
CHR Extension: (No Name) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab [2013-11-19]
CHR Extension: (DealPly) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje [2013-01-19]
CHR Extension: (Picasa) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoflmenbgaadldfcbhabhnolchkpoohg [2013-01-19]
CHR Extension: (Wajam) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp [2013-01-19]
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-09-03]
CHR HKCU\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx [2011-08-14]
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-09-03]
CHR HKLM-x32\...\Chrome\Extension: [bkomkajifikmkfnjgphkjcfeepbnojok] - C:\Program Files (x86)\PriceGong\2.5.1\pricegong.crx [2011-07-21]
CHR HKLM-x32\...\Chrome\Extension: [elchiiiejkobdbblfejjkbphbddgmljf] - C:\Program Files (x86)\Softonic\Softonic\1.8.28.2\Softonic.crx [2013-11-12]
CHR HKLM-x32\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx [2011-08-14]
CHR HKLM-x32\...\Chrome\Extension: [hoflmenbgaadldfcbhabhnolchkpoohg] - C:\Users\Flo\AppData\LocalLow\Picasa\CHROME\Picasa.crx [2011-09-02]
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Flo\AppData\Local\Wajam\Chrome\wajam.crx [2012-10-05]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2011-03-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-08-22] (APN LLC.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-01-06] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [53920 2011-01-06] (Atheros Commnucations) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 PicasaUpdater; C:\Users\Flo\AppData\LocalLow\Picasa\IE\PicasaUpdater.exe [18432 2011-09-02] () [File not signed]
R2 srvBrowserProtect; C:\Program Files (x86)\BrowserProtect\srvBrowserProtect.exe [105472 2013-11-20] () [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2401632 2012-11-29] (TuneUp Software)
R2 Updater Service for EazelBar; C:\Program Files (x86)\EazelBar\ToolbarUpdaterService.exe [223232 2013-06-05] () [File not signed]
R2 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2012-10-05] (Wajam) [File not signed]
S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-02-25] (Xobni Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-29] (Avira Operations GmbH & Co. KG)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [953904 2010-11-23] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2011-01-06] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110323.001\IDSvia64.sys [476792 2011-03-23] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110106.003\ENG64.SYS [117880 2011-01-06] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110106.003\EX64.SYS [1791096 2011-01-06] (Symantec Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed]
S4 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [68608 2005-08-10] (Protection Technology) [File not signed]
S4 sfhlp02; C:\Windows\System32\drivers\sfhlp02.sys [7168 2005-05-16] (Protection Technology) [File not signed]
S4 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [89600 2005-11-03] (Protection Technology) [File not signed]
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-09-01] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-09-19] (TuneUp Software)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-08 13:32 - 2014-09-08 13:42 - 00033703 _____ () C:\Users\Flo\Desktop\FRST.txt
2014-09-08 13:31 - 2014-09-08 13:33 - 00000000 ____D () C:\FRST
2014-09-08 13:28 - 2014-09-08 13:28 - 02105344 _____ (Farbar) C:\Users\Flo\Desktop\FRST64.exe
2014-09-04 21:36 - 2014-09-08 12:51 - 00000000 ____D () C:\ProgramData\OjalcAgxas
2014-08-31 11:03 - 2014-08-31 11:04 - 00275216 _____ () C:\Windows\Minidump\083114-41262-01.dmp
2014-08-30 17:14 - 2014-08-30 17:24 - 141509473 _____ (FM-Arena) C:\Users\Flo\Downloads\fm13_datensatz_italien.exe
2014-08-30 17:09 - 2014-08-30 17:09 - 01737540 _____ (FM-Arena) C:\Users\Flo\Downloads\fm13_datensatz_uruguay.exe
2014-08-30 17:05 - 2014-08-30 17:09 - 06225738 _____ (FM-Arena) C:\Users\Flo\Downloads\fm13_datensatz_rumanien.exe
2014-08-30 17:01 - 2014-08-30 17:03 - 02854007 _____ (FM-Arena) C:\Users\Flo\Downloads\fm13_datensatz_kroatien.exe
2014-08-30 16:56 - 2014-08-30 16:56 - 01530037 _____ (FM-Arena) C:\Users\Flo\Downloads\fm13_datensatz_sanmarino.exe
2014-08-30 16:54 - 2014-08-30 16:55 - 09369891 _____ (FM-Arena) C:\Users\Flo\Downloads\fm13_datensatz_russland.exe
2014-08-30 16:52 - 2014-08-30 16:52 - 02467304 _____ (FM-Arena) C:\Users\Flo\Downloads\fm13_tickets_2bundesliga.exe
2014-08-30 16:48 - 2014-08-30 16:49 - 14691874 _____ (FM-Arena) C:\Users\Flo\Downloads\fm13_sonstiges_trainingslager.exe
2014-08-30 16:47 - 2014-08-30 16:47 - 00597115 _____ (FM-Arena) C:\Users\Flo\Downloads\fm13_sonstiges_namenfile.exe
2014-08-30 16:45 - 2014-08-30 16:46 - 01263459 _____ (FM-Arena) C:\Users\Flo\Downloads\fm13_schiedsrichterbilder_bundesliga.exe
2014-08-30 16:43 - 2014-08-30 16:44 - 00618076 _____ (FM-Arena) C:\Users\Flo\Downloads\fm13_tickets_el_cl.exe
2014-08-30 16:42 - 2014-08-30 16:43 - 02824577 _____ (FM-Arena) C:\Users\Flo\Downloads\fm13_ligalogos_weltweit.exe
2014-08-30 00:51 - 2014-08-30 00:51 - 00000000 ____D () C:\Users\Flo\AppData\Local\Overwolf
2014-08-30 00:48 - 2014-08-30 00:48 - 00001162 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-08-30 00:48 - 2014-08-30 00:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-08-30 00:45 - 2014-08-30 00:45 - 28115400 _____ (TeamSpeak Systems GmbH) C:\Users\Flo\Downloads\TeamSpeak3-Client-win32-3.0.16.exe
2014-08-25 15:26 - 2014-08-25 15:26 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-08 13:47 - 2011-10-31 13:59 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Skype
2014-09-08 13:42 - 2014-09-08 13:32 - 00033703 _____ () C:\Users\Flo\Desktop\FRST.txt
2014-09-08 13:35 - 2011-06-14 20:08 - 01612731 _____ () C:\Windows\WindowsUpdate.log
2014-09-08 13:33 - 2014-09-08 13:31 - 00000000 ____D () C:\FRST
2014-09-08 13:30 - 2013-01-19 22:10 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-08 13:28 - 2014-09-08 13:28 - 02105344 _____ (Farbar) C:\Users\Flo\Desktop\FRST64.exe
2014-09-08 12:51 - 2014-09-04 21:36 - 00000000 ____D () C:\ProgramData\OjalcAgxas
2014-09-08 12:38 - 2009-07-14 06:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-08 12:38 - 2009-07-14 06:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-08 12:34 - 2011-05-10 19:14 - 00724942 _____ () C:\Windows\system32\perfh007.dat
2014-09-08 12:34 - 2011-05-10 19:14 - 00159290 _____ () C:\Windows\system32\perfc007.dat
2014-09-08 12:34 - 2009-07-14 07:13 - 01678472 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-08 12:32 - 2011-09-01 12:03 - 00000000 ____D () C:\Users\Flo\Documents\Bluetooth Folder
2014-09-08 12:27 - 2011-06-14 20:54 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-09-08 12:26 - 2013-01-19 22:10 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-08 12:26 - 2011-05-10 09:45 - 00000000 ____D () C:\ProgramData\PDFC
2014-09-08 12:25 - 2012-02-20 18:04 - 00095269 _____ () C:\Windows\setupact.log
2014-09-08 12:25 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-08 00:52 - 2012-01-21 10:25 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\.minecraft
2014-09-07 21:28 - 2013-02-13 00:08 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Spotify
2014-09-07 16:52 - 2013-11-16 16:09 - 01207600 _____ () C:\Windows\IE11_main.log
2014-09-07 16:23 - 2011-09-01 12:02 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{36001ABB-FFFC-403D-A605-766AC81C9C73}
2014-09-07 16:10 - 2011-09-18 11:35 - 00000000 ____D () C:\Users\Flo\AppData\Local\CrashDumps
2014-09-05 19:58 - 2014-03-14 20:12 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForFlo
2014-09-05 19:58 - 2014-02-08 20:55 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForFlo.job
2014-09-05 12:34 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-03 18:07 - 2012-12-25 18:23 - 00000000 ____D () C:\ProgramData\Origin
2014-09-03 15:49 - 2012-12-25 18:23 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-08-31 11:04 - 2014-08-31 11:03 - 00275216 _____ () C:\Windows\Minidump\083114-41262-01.dmp
2014-08-31 11:03 - 2012-07-06 19:30 - 416124312 _____ () C:\Windows\MEMORY.DMP
2014-08-31 11:03 - 2011-11-02 13:37 - 00000000 ____D () C:\Windows\Minidump
2014-08-30 17:24 - 2014-08-30 17:14 - 141509473 _____ (FM-Arena) C:\Users\Flo\Downloads\fm13_datensatz_italien.exe
2014-08-30 17:09 - 2014-08-30 17:09 - 01737540 _____ (FM-Arena) C:\Users\Flo\Downloads\fm13_datensatz_uruguay.exe
2014-08-30 17:09 - 2014-08-30 17:05 - 06225738 _____ (FM-Arena) C:\Users\Flo\Downloads\fm13_datensatz_rumanien.exe
2014-08-30 17:03 - 2014-08-30 17:01 - 02854007 _____ (FM-Arena) C:\Users\Flo\Downloads\fm13_datensatz_kroatien.exe
2014-08-30 16:56 - 2014-08-30 16:56 - 01530037 _____ (FM-Arena) C:\Users\Flo\Downloads\fm13_datensatz_sanmarino.exe
2014-08-30 16:55 - 2014-08-30 16:54 - 09369891 _____ (FM-Arena) C:\Users\Flo\Downloads\fm13_datensatz_russland.exe
2014-08-30 16:52 - 2014-08-30 16:52 - 02467304 _____ (FM-Arena) C:\Users\Flo\Downloads\fm13_tickets_2bundesliga.exe
2014-08-30 16:49 - 2014-08-30 16:48 - 14691874 _____ (FM-Arena) C:\Users\Flo\Downloads\fm13_sonstiges_trainingslager.exe
2014-08-30 16:47 - 2014-08-30 16:47 - 00597115 _____ (FM-Arena) C:\Users\Flo\Downloads\fm13_sonstiges_namenfile.exe
2014-08-30 16:46 - 2014-08-30 16:45 - 01263459 _____ (FM-Arena) C:\Users\Flo\Downloads\fm13_schiedsrichterbilder_bundesliga.exe
2014-08-30 16:44 - 2014-08-30 16:43 - 00618076 _____ (FM-Arena) C:\Users\Flo\Downloads\fm13_tickets_el_cl.exe
2014-08-30 16:44 - 2012-12-26 10:15 - 00000000 ____D () C:\Users\Flo\Documents\FUSSBALL MANAGER 13
2014-08-30 16:43 - 2014-08-30 16:42 - 02824577 _____ (FM-Arena) C:\Users\Flo\Downloads\fm13_ligalogos_weltweit.exe
2014-08-30 16:39 - 2011-09-04 15:20 - 00000000 ____D () C:\Users\Flo\Desktop\Flo
2014-08-30 00:51 - 2014-08-30 00:51 - 00000000 ____D () C:\Users\Flo\AppData\Local\Overwolf
2014-08-30 00:51 - 2011-09-11 13:16 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\TS3Client
2014-08-30 00:48 - 2014-08-30 00:48 - 00001162 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-08-30 00:48 - 2014-08-30 00:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-08-30 00:48 - 2011-09-11 13:15 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-08-30 00:45 - 2014-08-30 00:45 - 28115400 _____ (TeamSpeak Systems GmbH) C:\Users\Flo\Downloads\TeamSpeak3-Client-win32-3.0.16.exe
2014-08-29 16:27 - 2011-09-30 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nordland
2014-08-29 15:08 - 2013-03-15 17:17 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-08-29 15:08 - 2011-09-10 14:36 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-08-29 13:55 - 2013-11-03 17:47 - 00000000 ____D () C:\Users\Public\Documents\phase6_197_Daten
2014-08-28 13:57 - 2013-02-13 00:14 - 00000000 ____D () C:\Users\Flo\AppData\Local\Spotify
2014-08-27 20:35 - 2011-09-11 11:24 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\DVDVideoSoft
2014-08-26 11:09 - 2010-11-21 05:47 - 00158840 _____ () C:\Windows\PFRO.log
2014-08-25 15:29 - 2014-08-05 10:51 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-25 15:26 - 2014-08-25 15:26 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-25 15:26 - 2013-08-01 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-25 15:26 - 2013-08-01 18:50 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-14 09:52 - 2013-08-03 16:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 09:42 - 2013-08-01 17:48 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\Flo\AppData\Local\Temp\AutoRun.exe
C:\Users\Flo\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Flo\AppData\Local\Temp\avgnt.exe
C:\Users\Flo\AppData\Local\Temp\BackupSetup.exe
C:\Users\Flo\AppData\Local\Temp\DeltaTB.exe
C:\Users\Flo\AppData\Local\Temp\eauninstall.exe
C:\Users\Flo\AppData\Local\Temp\Extract.exe
C:\Users\Flo\AppData\Local\Temp\fjj3oppy.dll
C:\Users\Flo\AppData\Local\Temp\GoogleSetup.exe
C:\Users\Flo\AppData\Local\Temp\instloffer.exe
C:\Users\Flo\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Flo\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Flo\AppData\Local\Temp\OnlyTB.exe
C:\Users\Flo\AppData\Local\Temp\RegClean9.exe
C:\Users\Flo\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Flo\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Flo\AppData\Local\Temp\Softonic_chr_1-8-28-2.exe
C:\Users\Flo\AppData\Local\Temp\SP54972.exe
C:\Users\Flo\AppData\Local\Temp\SP55152.exe
C:\Users\Flo\AppData\Local\Temp\SP56929.exe
C:\Users\Flo\AppData\Local\Temp\SP59202.exe
C:\Users\Flo\AppData\Local\Temp\sp64126.exe
C:\Users\Flo\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Flo\AppData\Local\Temp\The Battle for Middle-earth II_uninst.exe
C:\Users\Flo\AppData\Local\Temp\tmp_minecraft.exe
C:\Users\Flo\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Flo\AppData\Local\Temp\vis-de.exe
C:\Users\Flo\AppData\Local\Temp\{5EB62DF8-37AC-415C-8706-29B431EA3F56}-33.0.1750.154_chrome_installer.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-06 05:20
==================== End Of Log ============================
--- --- --- --- --- --- |
|
08.09.2014, 19:21
| #4 |
| /// the machine /// TB-Ausbilder | Virus TR/Crypt.ZPACK.96184 Adware & Co. deinstallieren
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Virus TR/Crypt.ZPACK.96184 |
| angezeigt, avira, brauch, dateien, dringend, eingefangen, entfernen, fehlen, festplatte, interne, internet, klicke, langsamer, laptop, minuten, nichts, ojalcagxas.dat, platte, problem, probleme, schnell, schonmal, trojaner tr/crypt.zpack.96184, updates, virus, windows, works |
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
WARNUNG an die MITLESER: 
Linear-Darstellung
