| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win7 32Bit Home Premium - Windows Befehlsprozessor will ...\Shuka\PackerV2.exe startenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.01.2015, 11:40
| #1 |
 |  Win7 32Bit Home Premium - Windows Befehlsprozessor will ...\Shuka\PackerV2.exe starten Hallo und guten Tag zusammen, ich habe hier einen Laptop stehen der bei jedem booten eine änderung des Befehlsprozessor will. Der Pfad der aufgerufen werden soll ist ellenlang endet aber auf ...\Shuka\PackerV2.exe. Ich habe mit FRST schon mal einen Scan gemacht, ich hoffe das jemand mir Tipps geben kann wie am besten vorzugehen ist, um den Störenfried wieder los zu werden. Falls ich Infos vergessen habe, liefere ich die gerne nach. Vielen Dank schon mal im voraus, Stonecrax FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01
Ran by Vroni (administrator) on VAIO_NOTEBOOK on 30-01-2015 11:08:40
Running from C:\Users\Vroni\Desktop
Loaded Profiles: Vroni (Available profiles: Vroni)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\FastPlayer\FPUpdaterService.exe
(globalUpdate) C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
() C:\Program Files\LPT\srpts.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Smartbar) C:\Users\Vroni\AppData\Local\Smartbar\Application\Smartbar.exe
() C:\Users\Vroni\AppData\Roaming\InetStat\inetstat.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\GoogleCrashHandler.exe
() C:\Program Files\FastPlayer\WebBrowser.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\ccsvchst.exe
() C:\Users\Vroni\AppData\Local\RGMService\RGMUpdater.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
() C:\Program Files\LPT\srptsl.exe
() C:\Users\Vroni\AppData\Local\RGMService\RGMLoader.exe
(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\ccsvchst.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe
(Samsung Electronics.) C:\Program Files\Samsung\Samsung Magician\Samsung Magician.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\OneClick.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TUDefragBackend32.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
() C:\Users\Vroni\AppData\Local\LPT\srptm.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\...\Run: [Google Update] => C:\Users\Vroni\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-21] (Google Inc.)
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\...\Run: [GoogleChromeAutoLaunch_45191224BF4F697402CEEF6853EA9D19] => C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe [854344 2014-10-22] (Google Inc.)
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\Vroni\AppData\Local\Smartbar\Application\Smartbar.exe [29696 2014-08-27] (Smartbar)
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\...\Run: [InetStat] => C:\Users\Vroni\AppData\Roaming\InetStat\inetstat.exe [702478 2014-10-14] ()
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\...\Run: [cmd] => C:\Users\Vroni\AppData\Local\Temp\Shuka\PackerV2.exe [5113856 2014-12-08] (Packer Framework) <===== ATTENTION
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\...\MountPoints2: {254fc985-3669-11e3-ad42-806e6f6e6963} - D:\shelexec.exe .\starter.html
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WebBrowserFastPlayer.lnk
ShortcutTarget: WebBrowserFastPlayer.lnk -> C:\Program Files\FastPlayer\WebBrowser.exe ()
Startup: C:\Users\Vroni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Program Files\Samsung\Samsung Magician\Samsung Magician.exe (Samsung Electronics.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\buShell.dll (Symantec Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1413317456&from=tugs&uid=SAMSUNGXSSDX830XSeries_S0XZNEAC706504
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1413317456&from=tugs&uid=SAMSUNGXSSDX830XSeries_S0XZNEAC706504&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1413317456&from=tugs&uid=SAMSUNGXSSDX830XSeries_S0XZNEAC706504
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1413317456&from=tugs&uid=SAMSUNGXSSDX830XSeries_S0XZNEAC706504&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-CcWC99o5zUNfNlf4Ib2BHaH8eYHjEiX70IAy0PSrfM8JuMf98pBrQ8PkLo6ogGps3182xY2a1NdTJWekBtEYhW4L2qQ_8uef-WJUDiBt68mbtqS04HHB5wy09kVgkaCL8i31x6z8d0DrpySaetdI4nIk144svg,,
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-CcWC99o5zUNfNlf4Ib2BHaH8eYHjEiX70IAy0PSrfM8JuMf98pBrQ8PkLo6ogGpgdtOmcO_BuJvfqdPfXf8swYrhWdYSjMCjI448myNuMf7xIixs33RRms5b1j5hxqeEPKfKQU2WvF7-yiuYODb1ojD3SUhUDA,,&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-CcWC99o5zUNfNlf4Ib2BHaH8eYHjEiX70IAy0PSrfM8JuMf98pBrQ8PkLo6ogGpgdtOmcO_BuJvfqdPfXf8swYrhWdYSjMCjI448myNuMf7xIixs33RRms5b1j5hxqeEPKfKQU2WvF7-yiuYODb1ojD3SUhUDA,,&q={searchTerms}
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-CcWC99o5zUNfNlf4Ib2BHaH8eYHjEiX70IAy0PSrfM8JuMf98pBrQ8PkLo6ogGpgdtOmcO_BuJvfqdPfXf8swYrhWdYSjMCjI448myNuMf7xIixs33RRms5b1j5hxqeEPKfKQU2WvF7-yHDybDS6nILGdA0nLw,,&q={searchTerms}
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M64CF35CC-251B-472E-BF7E-3A2B61099B12&SearchSource=55&CUI=&UM=6&UP=SP97E46BA3-2AAB-4E25-8EFD-3CC3FF5DDF3C&SSPV=
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-CcWC99o5zUNfNlf4Ib2BHaH8eYHjEiX70IAy0PSrfM8JuMf98pBrQ8PkLo6ogGpgdtOmcO_BuJvfqdPfXf8swYrhWdYSjMCjI448myNuMf7xIixs33RRms5b1j5hxqeEPKfKQU2WvF7-yHDybDS6nILGdA0nLw,,&q={searchTerms}
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1413317456&from=tugs&uid=SAMSUNGXSSDX830XSeries_S0XZNEAC706504
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-CcWC99o5zUNfNlf4Ib2BHaH8eYHjEiX70IAy0PSrfM8JuMf98pBrQ8PkLo6ogGpgdtOmcO_BuJvfqdPfXf8swYrhWdYSjMCjI448myNuMf7xIixs33RRms5b1j5hxqeEPKfKQU2WvF7-yiuYODb1ojD3SUhUDA,,&q={searchTerms}
SearchScopes: HKLM -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-CcWC99o5zUNfNlf4Ib2BHaH8eYHjEiX70IAy0PSrfM8JuMf98pBrQ8PkLo6ogGpgdtOmcO_BuJvfqdPfXf8swYrhWdYSjMCjI448myNuMf7xIixs33RRms5b1j5hxqeEPKfKQU2WvF7-yiuYODb1ojD3SUhUDA,,&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1413317456&from=tugs&uid=SAMSUNGXSSDX830XSeries_S0XZNEAC706504&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-CcWC99o5zUNfNlf4Ib2BHaH8eYHjEiX70IAy0PSrfM8JuMf98pBrQ8PkLo6ogGpgdtOmcO_BuJvfqdPfXf8swYrhWdYSjMCjI448myNuMf7xIixs33RRms5b1j5hxqeEPKfKQU2WvF7-yiuYODb1ojD3SUhUDA,,&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-CcWC99o5zUNfNlf4Ib2BHaH8eYHjEiX70IAy0PSrfM8JuMf98pBrQ8PkLo6ogGpgdtOmcO_BuJvfqdPfXf8swYrhWdYSjMCjI448myNuMf7xIixs33RRms5b1j5hxqeEPKfKQU2WvF7-yiuYODb1ojD3SUhUDA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-533857234-3230724435-3058745666-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-CcWC99o5zUNfNlf4Ib2BHaH8eYHjEiX70IAy0PSrfM8JuMf98pBrQ8PkLo6ogGpgdtOmcO_BuJvfqdPfXf8swYrhWdYSjMCjI448myNuMf7xIixs33RRms5b1j5hxqeEPKfKQU2WvF7-yHDybDS6nILGdA0nLw,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-533857234-3230724435-3058745666-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1413317456&from=tugs&uid=SAMSUNGXSSDX830XSeries_S0XZNEAC706504&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Yahoo Community Smartbar (by Linkury)Engine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\SupTab\SupTab.dll No File
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-533857234-3230724435-3058745666-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 212.121.128.10 212.121.128.11
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1413317456&from=tugs&uid=SAMSUNGXSSDX830XSeries_S0XZNEAC706504
FireFox:
========
FF ProfilePath: C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default
FF DefaultSearchEngine: mystartsearch
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M64CF35CC-251B-472E-BF7E-3A2B61099B12&SearchSource=55&CUI=&UM=6&UP=SP97E46BA3-2AAB-4E25-8EFD-3CC3FF5DDF3C&SSPV=
FF SelectedSearchEngine: Trovi search
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M64CF35CC-251B-472E-BF7E-3A2B61099B12&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP97E46BA3-2AAB-4E25-8EFD-3CC3FF5DDF3C
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-533857234-3230724435-3058745666-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-533857234-3230724435-3058745666-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default\user.js
FF SearchPlugin: C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mystartsearch.xml
FF Extension: Radio Canyon - C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default\Extensions\1853a82e-ce44-4a8c-a6fe-9bcf74a65575@4b6b1c16-5f0a-4ef0-866f-b063e235ef97.com [2014-10-14]
FF Extension: videos_MediaPlayers_v1.1 - C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default\Extensions\975af956-6d8c-4897-837a-25c267d2cec1@gmail.com [2014-10-14]
FF Extension: Fast Start - C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default\Extensions\faststartff@gmail.com [2014-10-14]
FF Extension: remotexulmanagerxulforgecom - C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default\Extensions\remotexulmanager@xulforge.com [2014-10-24]
FF Extension: WEB.DE MailCheck - C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default\Extensions\toolbar@web.de.xpi [2014-09-20]
FF Extension: UITBAutoInstaller - C:\Program Files\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2014-09-20]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-10-18]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default\extensions\faststartff@gmail.com
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\IPSFFPlgn [2014-10-25]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\coFFPlgn [2015-01-30]
FF HKU\S-1-5-21-533857234-3230724435-3058745666-1000\...\Firefox\Extensions: [{5179B536-9073-3059-FF21-41709DF461E7}] - C:\Program Files\ver5SpeedChecker\180.xpi
FF Extension: SpeedChecker - C:\Program Files\ver5SpeedChecker\180.xpi [2014-10-14]
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.mystartsearch.com/?type=sc&ts=1413317456&from=tugs&uid=SAMSUNGXSSDX830XSeries_S0XZNEAC706504
Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M64CF35CC-251B-472E-BF7E-3A2B61099B12&SearchSource=55&CUI=&UM=6&UP=SP97E46BA3-2AAB-4E25-8EFD-3CC3FF5DDF3C&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M64CF35CC-251B-472E-BF7E-3A2B61099B12&SearchSource=55&CUI=&UM=6&UP=SP97E46BA3-2AAB-4E25-8EFD-3CC3FF5DDF3C&SSPV=", "chrome://newtab/?source=home", "hxxp://www.mystartsearch.com/?type=hp&ts=1413317456&from=tugs&uid=SAMSUNGXSSDX830XSeries_S0XZNEAC706504", "hxxp://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M64CF35CC-251B-472E-BF7E-3A2B61099B12&SearchSource=55&CUI=&UM=6&UP=SP97E46BA3-2AAB-4E25-8EFD-3CC3FF5DDF3C&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultNewTabURL: Default -> https://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M64CF35CC-251B-472E-BF7E-3A2B61099B12&SearchSource=69&CUI=&SSPV=&lay=5&p=cnts&UM=6&UP=SP97E46BA3-2AAB-4E25-8EFD-3CC3FF5DDF3C&SAT=CNTS
CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (almhciamckkbjlmapgjalcpciigohefi) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\almhciamckkbjlmapgjalcpciigohefi [2014-10-25]
CHR Extension: (Google Docs) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-21]
CHR Extension: (Google Drive) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-12]
CHR Extension: (YouTube) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-21]
CHR Extension: (Adblock Plus) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-21]
CHR Extension: (Google-Suche) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-21]
CHR Extension: (Blöcke Deluxe) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpeikjapgbmncgiaijjfondlfflajnlb [2014-06-21]
CHR Extension: (CHIP Online) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhjmdobefakhdbfdpnnopoaldabldbgd [2014-06-21]
CHR Extension: (The QR Code Generator) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2014-06-21]
CHR Extension: (AdBlock) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-21]
CHR Extension: (Dropbox) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-06-21]
CHR Extension: (View Plug-ins) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjpifmjicccpbkfjdkehimhgklfkbanh [2014-10-24]
CHR Extension: (Norton Security Toolbar) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-10-27]
CHR Extension: (Google Wallet) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-21]
CHR Extension: (Google Mail) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-21]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\Exts\Chrome.crx [2014-11-03]
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma.crx [2014-10-14]
StartMenuInternet: Google Chrome.BFEL4LOH3ZTRW2USQVE3O2GWV4 - C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe hxxp://www.mystartsearch.com/?type=sc&ts=1413317456&from=tugs&uid=SAMSUNGXSSDX830XSeries_S0XZNEAC706504
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 FastPlayerUpdaterService; C:\Program Files\FastPlayer\FPUpdaterService.exe [382464 2015-01-22] () [File not signed]
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-10-14] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-10-14] (globalUpdate) [File not signed]
R2 LPTSystemUpdater; C:\Program Files\LPT\srpts.exe [34304 2014-08-27] () <==== ATTENTION
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R2 N360; C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 RGMUpdater; C:\Users\Vroni\AppData\Local\RGMService\RGMUpdater.exe [28160 2014-10-27] () [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1773368 2014-03-20] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20141030.001\BHDrvx86.sys [1138392 2014-10-24] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\0604010.00E\ccSetx86.sys [132768 2012-06-07] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-10-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-10-25] (Symantec Corporation)
R3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [202112 2005-10-18] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [998656 2005-10-18] (Conexant Systems, Inc.)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20141101.001\IDSvix86.sys [476888 2014-10-27] (Symantec Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKsl83bf9539; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6A04910A-565B-453E-BFC1-CB5763CAE8D3}\MpKsl83bf9539.sys [39464 2015-01-30] (Microsoft Corporation)
R3 Mvc25U870_VID_1262&PID_25FD; C:\Windows\System32\Drivers\Mvc25U870.sys [55680 2005-12-29] (Micro Vision Co.,Ltd)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20141118.050\NAVENG.SYS [95704 2014-10-25] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20141118.050\NAVEX15.SYS [1636696 2014-10-25] (Symantec Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45968 2011-11-03] (Rovi Corporation)
R3 SPI; C:\Windows\System32\DRIVERS\SonyPI.sys [14720 2007-08-03] (Sony Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360\0604010.00E\SRTSP.SYS [574112 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\0604010.00E\SRTSPX.SYS [32928 2012-07-06] (Symantec Corporation)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1076472 2005-11-17] (SigmaTel, Inc.)
R0 SymDS; C:\Windows\System32\drivers\N360\0604010.00E\SYMDS.SYS [340088 2012-01-17] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\0604010.00E\SYMEFA.SYS [924320 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2014-10-25] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\0604010.00E\Ironx86.SYS [149624 2012-01-17] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360\0604010.00E\SYMNETS.SYS [318584 2012-01-17] (Symantec Corporation)
R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [217472 2005-10-04] (Texas Instruments)
S3 toshidpt; C:\Windows\System32\drivers\Toshidpt.sys [3712 2005-07-11] (TOSHIBA Corporation.) [File not signed]
R3 tosporte; C:\Windows\System32\DRIVERS\tosporte.sys [46592 2005-09-16] (TOSHIBA Corporation) [File not signed]
R3 Tosrfbd; C:\Windows\System32\Drivers\tosrfbd.sys [108672 2005-10-07] (TOSHIBA CORPORATION) [File not signed]
R3 Tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [36480 2005-09-15] (TOSHIBA Corporation) [File not signed]
R1 Tosrfcom; C:\Windows\System32\Drivers\tosrfcom.sys [64896 2005-08-01] (TOSHIBA Corporation) [File not signed]
R3 Tosrfhid; C:\Windows\System32\DRIVERS\Tosrfhid.sys [62848 2005-10-07] (TOSHIBA Corporation.) [File not signed]
R3 tosrfnds; C:\Windows\System32\DRIVERS\tosrfnds.sys [18612 2005-01-06] (TOSHIBA Corporation.) [File not signed]
S3 TosRfSnd; C:\Windows\System32\drivers\TosRfSnd.sys [52864 2005-11-11] (TOSHIBA Corporation) [File not signed]
R3 Tosrfusb; C:\Windows\System32\Drivers\tosrfusb.sys [36736 2005-11-15] (TOSHIBA CORPORATION) [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-02-10] (TuneUp Software)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [587176 2012-11-13] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [551208 2012-11-13] (eMPIA Technology, Inc.)
R1 {6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw; C:\Windows\System32\drivers\{6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw.sys [43152 2014-10-18] (StdLib)
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP6\WNt500x86\Sandra.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-30 11:08 - 2015-01-30 11:08 - 00031917 _____ () C:\Users\Vroni\Desktop\FRST.txt
2015-01-30 11:08 - 2015-01-30 11:08 - 00000000 ____D () C:\FRST
2015-01-30 11:06 - 2015-01-30 11:00 - 02130432 _____ (Farbar) C:\Users\Vroni\Desktop\FRST64.exe
2015-01-30 11:06 - 2015-01-30 11:00 - 01121792 _____ (Farbar) C:\Users\Vroni\Desktop\FRST.exe
2015-01-02 15:34 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-30 11:08 - 2010-11-20 22:01 - 01619272 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-30 11:07 - 2014-10-14 21:13 - 00000260 _____ () C:\Windows\Tasks\SpeedUpMyPC Startup.job
2015-01-30 11:07 - 2013-10-17 10:28 - 00000000 ____D () C:\Users\Vroni\AppData\Local\Adobe
2015-01-30 11:07 - 2013-10-16 15:18 - 01131182 _____ () C:\Windows\WindowsUpdate.log
2015-01-30 11:06 - 2009-07-14 05:39 - 00045246 _____ () C:\Windows\setupact.log
2015-01-30 11:04 - 2009-07-14 05:34 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-30 11:04 - 2009-07-14 05:34 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-30 11:04 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-30 10:58 - 2014-12-11 13:15 - 00000000 ____D () C:\Users\Vroni\AppData\Local\RGMService
2015-01-30 10:57 - 2014-10-14 21:11 - 00000886 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-01-30 10:57 - 2014-09-20 16:44 - 00000000 ____D () C:\Users\Vroni\AppData\Roaming\Skype
2015-01-30 10:57 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-29 14:02 - 2014-12-11 13:13 - 00001779 _____ () C:\Users\Vroni\Desktop\FastPlayer.lnk
2015-01-29 14:02 - 2014-10-14 21:10 - 00000000 ____D () C:\Program Files\FastPlayer
2015-01-02 15:34 - 2013-10-17 10:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-02 15:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-01-02 15:33 - 2013-10-17 08:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-02 15:29 - 2014-10-14 21:13 - 00000266 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
2015-01-02 15:28 - 2013-10-17 08:28 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2014-10-14 21:14 - 2014-10-14 21:14 - 1484176 _____ (enter) C:\Users\Vroni\AppData\Roaming\RKJ.exe
2014-10-14 21:13 - 2014-10-14 21:13 - 1971088 _____ (enter) C:\Users\Vroni\AppData\Roaming\SLOBCEOV.exe
2014-07-19 17:43 - 2014-07-19 17:44 - 0001456 _____ () C:\Users\Vroni\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-08-05 10:49 - 2014-08-05 10:49 - 0007605 _____ () C:\Users\Vroni\AppData\Local\Resmon.ResmonCfg
Files to move or delete:
====================
C:\Users\Vroni\AppData\Local\Temp\Shuka\PackerV2.exe
Some content of TEMP:
====================
C:\Users\Vroni\AppData\Local\Temp\asrla0gc.dll
C:\Users\Vroni\AppData\Local\Temp\CLmt3.exe
C:\Users\Vroni\AppData\Local\Temp\cu7dz7vs.dll
C:\Users\Vroni\AppData\Local\Temp\d8ry5sp4.dll
C:\Users\Vroni\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Vroni\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Vroni\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Vroni\AppData\Local\Temp\jyjben87.dll
C:\Users\Vroni\AppData\Local\Temp\KUIU.EXE
C:\Users\Vroni\AppData\Local\Temp\mjakizdc.dll
C:\Users\Vroni\AppData\Local\Temp\optprosetup.exe
C:\Users\Vroni\AppData\Local\Temp\rlrkfmt9.dll
C:\Users\Vroni\AppData\Local\Temp\setup_337.exe
C:\Users\Vroni\AppData\Local\Temp\sytcuyo8.dll
C:\Users\Vroni\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Vroni\AppData\Local\Temp\zVHI6.dll
C:\Users\Vroni\AppData\Local\Temp\zVHI6.exe
C:\Users\Vroni\AppData\Local\Temp\~dl51A0.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-27 10:45
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-01-2015 01
Ran by Vroni at 2015-01-30 11:09:20
Running from C:\Users\Vroni\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: Norton 360 Premier Edition (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier Edition (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Premier Edition (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArtRage 4 Demo (HKLM\...\ArtRage 4 Demo 4.0.4.0) (Version: 4.0.4.0 - Ambient Design)
ArtRage 4 Demo (Version: 4.0.4.0 - Ambient Design) Hidden
bl (Version: 1.0.0 - Your Company Name) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v4.00.20(SO) - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
FastPlayer (HKLM\...\FastPlayer) (Version: v1.0.0.6 - SoftForce LLC) <==== ATTENTION
Genesis (HKU\S-1-5-21-533857234-3230724435-3058745666-1000\...\genesis_10142010) (Version: - ) <==== ATTENTION
Google Chrome (HKU\S-1-5-21-533857234-3230724435-3058745666-1000\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
HDAUDIO SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003) (Version: - )
InetStat (HKU\S-1-5-21-533857234-3230724435-3058745666-1000\...\InetStat) (Version: 0.5b - InetStat) <==== ATTENTION!
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.450 - Oracle)
LPT System Updater Service (Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MyBestOffersToday 014.154 (HKLM\...\mbot_de_154_is1) (Version: - MYBESTOFFERSTODAY) <==== ATTENTION
mystartsearch uninstall (HKLM\...\mystartsearch uninstall) (Version: - mystartsearch) <==== ATTENTION
Norton 360 Premier Edition (HKLM\...\N360) (Version: 6.4.1.14 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - )
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (Version: 1.0.0 - Your Company Name) Hidden
Phase 5 HTML-Editor (HKLM\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Radio Canyon (HKLM\...\Radio Canyon) (Version: 1.35.9.29 - Radio Canyon) <==== ATTENTION!
Remote Desktop Access (VuuPC) (HKLM\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Samsung Magician (HKLM\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.2.1 - Samsung Electronics)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4511.0 - SigmaTel)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SpeedChecker (HKLM\...\8C838479-A8C6-DAB6-9741-CA5D51691675) (Version: - SpeedChecker-software) <==== ATTENTION
SpeedUpMyPC (HKLM\...\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1) (Version: 6.0.4.8 - Uniblue Systems Limited) <==== ATTENTION
TERRATEC Cinergy Hybrid T USB XS FM (32 Bit) (HKLM\...\{271D6941-5F6C-4258-AD43-23839D46DC00}) (Version: 5.09.1202.00 - TERRATEC)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.275 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.275 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.275 - TuneUp Software) Hidden
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
WEB.DE MailCheck für Mozilla Firefox (HKLM\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 2.10.1.1735 - 1&1 Mail & Media GmbH)
WindowsMangerProtect20.0.0.1013 (HKLM\...\WindowsMangerProtect) (Version: 20.0.0.1013 - WindowsProtect LIMITED) <==== ATTENTION
Windows-Treiberpaket - TerraTec (USB28xxBGA) Media (12/02/2009 5.09.1202.00) (HKLM\...\BB2E2D0714CC6BBEFC9CD54767EBB829C39EADEB) (Version: 12/02/2009 5.09.1202.00 - TerraTec )
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Yahoo Community Smartbar (Version: 11.112.66.19229 - Linkury Inc.) Hidden <==== ATTENTION
Yahoo Community Smartbar Engine (HKU\S-1-5-21-533857234-3230724435-3058745666-1000\...\{80988241-4c56-4feb-adde-40303855e1b5}) (Version: 11.112.66.19229 - Linkury Inc.) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Vroni\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Vroni\AppData\Local\Google\Chrome\Application\38.0.2125.111\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
==================== Restore Points =========================
13-10-2014 21:43:59 Windows Update
14-10-2014 21:11:52 Uniblue SpeedUpMyPC installation
14-10-2014 21:53:23 Windows Update
18-10-2014 16:00:39 Windows Update
24-10-2014 21:02:12 Windows Update
27-10-2014 22:35:55 Windows Update
03-11-2014 21:41:44 Windows Update
19-11-2014 21:35:31 Windows Update
19-11-2014 22:43:43 Windows Update
11-12-2014 13:18:05 Windows Update
02-01-2015 15:28:01 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2013-10-18 15:14 - 00000889 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {04346588-A156-479C-8A8A-82A9F1D978CF} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {11C3775A-7021-4B09-BF68-C66DBCE56F9C} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {16A93931-94AD-4AA0-8AB5-CD7F61CF63C3} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-10-07] (Uniblue Systems Limited) <==== ATTENTION
Task: {24A81D2E-DED1-40E6-9B84-A68F0A531872} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-10-14] (globalUpdate) <==== ATTENTION
Task: {3CDF70F2-0F0A-4BF1-BF4E-9D8BAB09A527} - System32\Tasks\AdobeAAMUpdater-1.0-Vaio_Notebook-Vroni => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {5FD6F9A4-36BD-47CC-98AD-0BBCFBEDAD89} - System32\Tasks\{30A31F06-EBED-40F7-A45F-CA73290DA860} => pcalua.exe -a C:\Users\Vroni\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=tugs
Task: {6B65AB3C-4D3F-45DD-99E9-BEFF3A56B9DF} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation)
Task: {A89E4C46-91F4-4E40-A223-747A7FDC39FB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AE63FF24-CE59-45A7-87D7-D828AD29D121} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2014-03-20] (TuneUp Software)
Task: {AEE71CDA-4686-4FF2-9840-295D4F18D816} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-10-07] (Uniblue Systems Limited) <==== ATTENTION
Task: {B437AB69-C2A7-4EF9-9F66-BD2C7A76F443} - System32\Tasks\{F2F7615B-BBF4-44EB-870F-C631BF87AC03} => pcalua.exe -a C:\Users\Vroni\Downloads\SP32899\setup.exe -d C:\Users\Vroni\Downloads\SP32899
Task: {D26CBCDB-F271-4609-AC5B-70208743AEE5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-11] (Adobe Systems Incorporated)
Task: {D6E6E73D-3FC8-433C-ADD8-6F0DF62361FF} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedUpMyPC Startup.job => C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2004-07-20 16:04 - 2004-07-20 16:04 - 00094208 _____ () C:\Windows\System32\TosBtHcrpAPI.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-22 11:49 - 2015-01-22 11:49 - 00382464 _____ () C:\Program Files\FastPlayer\FPUpdaterService.exe
2011-09-05 18:05 - 2011-09-05 18:05 - 00019968 _____ () C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu
2014-08-27 15:24 - 2014-08-27 15:24 - 00034304 _____ () C:\Program Files\LPT\srpts.exe
2014-08-27 15:24 - 2014-08-27 15:29 - 00044032 _____ () C:\Program Files\LPT\srptc.dll
2014-08-27 15:23 - 2014-08-27 15:28 - 00018944 _____ () C:\Program Files\LPT\Smartbar.Common.dll
2014-08-27 15:28 - 2014-12-11 13:14 - 00327168 _____ () C:\Users\Vroni\AppData\Local\Smartbar\Application\Resources\crdli.dll
2013-10-17 10:21 - 2005-11-10 13:48 - 00094208 _____ () C:\Windows\system32\Mv25U870Prp.ax
2014-08-27 15:29 - 2014-08-27 15:29 - 00052224 _____ () C:\Users\Vroni\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00087552 _____ () C:\Users\Vroni\AppData\Local\Smartbar\Application\srau.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00167424 _____ () C:\Users\Vroni\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 02426880 _____ () C:\Users\Vroni\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00068608 _____ () C:\Users\Vroni\AppData\Local\Smartbar\Application\spbl.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00160256 _____ () C:\Users\Vroni\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-08-27 15:28 - 2014-08-27 15:28 - 00015872 _____ () C:\Users\Vroni\AppData\Local\Smartbar\Application\siem.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00069120 _____ () C:\Users\Vroni\AppData\Local\Smartbar\Application\sppsm.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00698368 _____ () C:\Users\Vroni\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00016384 _____ () C:\Users\Vroni\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00080384 _____ () C:\Users\Vroni\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00028672 _____ () C:\Users\Vroni\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00071680 _____ () C:\Users\Vroni\AppData\Local\Smartbar\Application\srut.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00031232 _____ () C:\Users\Vroni\AppData\Local\Smartbar\Application\srsbs.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00067072 _____ () C:\Users\Vroni\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00152064 _____ () C:\Users\Vroni\AppData\Local\Smartbar\Application\smti.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00075264 _____ () C:\Users\Vroni\AppData\Local\Smartbar\Application\smsp.dll
2014-08-27 15:28 - 2014-08-27 15:28 - 00011776 _____ () C:\Users\Vroni\AppData\Local\Smartbar\Application\sidc.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00032256 _____ () C:\Users\Vroni\AppData\Local\Smartbar\Application\smtu.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00040448 _____ () C:\Users\Vroni\AppData\Local\Smartbar\Application\smta.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00032768 _____ () C:\Users\Vroni\AppData\Local\Smartbar\Application\srom.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00049152 _____ () C:\Users\Vroni\AppData\Local\Smartbar\Application\srbu.dll
2014-08-27 15:28 - 2014-08-27 15:28 - 00025600 _____ () C:\Users\Vroni\AppData\Local\Smartbar\Application\sgml.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00063488 _____ () C:\Users\Vroni\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00026624 _____ () C:\Users\Vroni\AppData\Local\Smartbar\Application\srpdm.dll
2014-08-27 15:28 - 2014-08-27 15:28 - 00045056 _____ () C:\Users\Vroni\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2014-08-27 15:24 - 2014-08-27 15:24 - 00026624 _____ () C:\Users\Vroni\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00036864 _____ () C:\Users\Vroni\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00257024 _____ () C:\Users\Vroni\AppData\Local\Smartbar\Application\srns.dll
2014-10-14 21:47 - 2014-10-14 21:47 - 00702478 _____ () C:\Users\Vroni\AppData\Roaming\InetStat\inetstat.exe
2015-01-21 16:54 - 2015-01-21 16:54 - 00134656 _____ () C:\Program Files\FastPlayer\WebBrowser.exe
2005-07-22 20:30 - 2005-07-22 20:30 - 00065536 _____ () C:\Windows\system32\TosCommAPI.dll
2004-10-14 09:18 - 2004-10-14 09:18 - 00040960 _____ () C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtAfh.dll
2014-10-27 23:19 - 2014-10-22 05:04 - 08910664 _____ () C:\Users\Vroni\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-27 23:19 - 2014-10-22 05:04 - 01681224 _____ () C:\Users\Vroni\AppData\Local\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-10-27 16:04 - 2014-10-27 16:04 - 00028160 _____ () C:\Users\Vroni\AppData\Local\RGMService\RGMUpdater.exe
2014-03-20 13:44 - 2014-03-20 13:44 - 00568120 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll
2014-08-27 15:24 - 2014-08-27 15:29 - 00036352 _____ () C:\Program Files\LPT\srptsl.exe
2014-08-27 15:24 - 2014-08-27 15:29 - 00071680 _____ () C:\Program Files\LPT\srut.dll
2014-12-01 17:01 - 2014-12-01 17:01 - 00974848 _____ () C:\Users\Vroni\AppData\Local\RGMService\RGMLoader.exe
2014-12-01 17:01 - 2014-12-01 17:01 - 01686016 _____ () C:\Users\Vroni\AppData\Local\RGMService\RGMHost.dll
2014-12-01 17:01 - 2014-12-01 17:01 - 02745856 _____ () C:\Users\Vroni\AppData\Local\RGMService\MonetizationToolsManager.dll
2014-12-01 17:02 - 2014-12-01 17:02 - 01592832 _____ () C:\Users\Vroni\AppData\Local\RGMService\ProtectorsManager.dll
2013-10-17 08:58 - 2013-05-16 13:42 - 00013824 _____ () C:\Program Files\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2014-06-21 06:47 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-06-21 06:47 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00142336 _____ () C:\Users\Vroni\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll
2014-03-20 13:41 - 2014-03-20 13:41 - 00611128 _____ () C:\Program Files\TuneUp Utilities 2014\TUKernel.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00152888 _____ () C:\Program Files\TuneUp Utilities 2014\TUBasic.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00820024 _____ () C:\Program Files\TuneUp Utilities 2014\MainControls.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00066360 _____ () C:\Program Files\TuneUp Utilities 2014\TUTransl.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00161080 _____ () C:\Program Files\TuneUp Utilities 2014\PerlRegEx.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00210744 _____ () C:\Program Files\TuneUp Utilities 2014\XMLComponents.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00449848 _____ () C:\Program Files\TuneUp Utilities 2014\GR32_D6.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00129336 _____ () C:\Program Files\TuneUp Utilities 2014\SchedAgent_2007.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00335672 _____ () C:\Program Files\TuneUp Utilities 2014\TUCompression.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00307000 _____ () C:\Program Files\TuneUp Utilities 2014\DEC.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00493368 _____ () C:\Program Files\TuneUp Utilities 2014\Html.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00307000 _____ () C:\Program Files\TuneUp Utilities 2014\ntrtl60.bpl
2014-03-20 13:42 - 2014-03-20 13:42 - 00456504 _____ () C:\Program Files\TuneUp Utilities 2014\PowerManager.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00469816 _____ () C:\Program Files\TuneUp Utilities 2014\SysInfo.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00656184 _____ () C:\Program Files\TuneUp Utilities 2014\MSI_D6.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00143672 _____ () C:\Program Files\TuneUp Utilities 2014\TUIcoEngineerDirTree.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00076600 _____ () C:\Program Files\TuneUp Utilities 2014\TUShell.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00067896 _____ () C:\Program Files\TuneUp Utilities 2014\SysControls.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00213816 _____ () C:\Program Files\TuneUp Utilities 2014\ProgramRating.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00425784 _____ () C:\Program Files\TuneUp Utilities 2014\VisControls.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00033080 _____ () C:\Program Files\TuneUp Utilities 2014\TUBase.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 01145144 _____ () C:\Program Files\TuneUp Utilities 2014\dxBarD12.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00044856 _____ () C:\Program Files\TuneUp Utilities 2014\dxCoreD12.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00016184 _____ () C:\Program Files\TuneUp Utilities 2014\dxComnD12.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00055608 _____ () C:\Program Files\TuneUp Utilities 2014\dxThemeD12.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00852280 _____ () C:\Program Files\TuneUp Utilities 2014\cxLibraryD12.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00069944 _____ () C:\Program Files\TuneUp Utilities 2014\dxGDIPlusD12.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00154424 _____ () C:\Program Files\TuneUp Utilities 2014\cefcomponent.bpl
2014-03-20 13:42 - 2014-03-20 13:42 - 00324408 _____ () C:\Program Files\TuneUp Utilities 2014\AppInitialization.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00106808 _____ () C:\Program Files\TuneUp Utilities 2014\TUShredder.bpl
2014-03-20 13:42 - 2014-03-20 13:42 - 00631096 _____ () C:\Program Files\TuneUp Utilities 2014\TUDiskCleanerClass.bpl
2014-03-20 13:42 - 2014-03-20 13:42 - 00091960 _____ () C:\Program Files\TuneUp Utilities 2014\TUApps.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00042808 _____ () C:\Program Files\TuneUp Utilities 2014\TURar.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00489272 _____ () C:\Program Files\TuneUp Utilities 2014\Traces.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00082744 _____ () C:\Program Files\TuneUp Utilities 2014\TUOperaClass.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00047928 _____ () C:\Program Files\TuneUp Utilities 2014\TUApplications.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00042808 _____ () C:\Program Files\TuneUp Utilities 2014\TUSafariClass.bpl
2014-03-20 13:42 - 2014-03-20 13:42 - 00140088 _____ () C:\Program Files\TuneUp Utilities 2014\CommonForms.bpl
2014-03-20 13:42 - 2014-03-20 13:42 - 00608568 _____ () C:\Program Files\TuneUp Utilities 2014\VirtualTreesR.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00065848 _____ () C:\Program Files\TuneUp Utilities 2014\TUIECacheClass.bpl
2014-03-20 13:42 - 2014-03-20 13:42 - 00103224 _____ () C:\Program Files\TuneUp Utilities 2014\TUDefragClient.bpl
2014-03-20 13:42 - 2014-03-20 13:42 - 00961848 _____ () C:\Program Files\TuneUp Utilities 2014\TuningWizard.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00106296 _____ () C:\Program Files\TuneUp Utilities 2014\Internet.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00207672 _____ () C:\Program Files\TuneUp Utilities 2014\dxBarExtItemsD12.bpl
2014-03-20 13:42 - 2014-03-20 13:42 - 00289080 _____ () C:\Program Files\TuneUp Utilities 2014\RegCleaner.bpl
2014-03-20 13:41 - 2014-03-20 13:41 - 00023864 _____ () C:\Program Files\TuneUp Utilities 2014\IEControl.bpl
2014-08-27 15:29 - 2014-08-27 15:29 - 00024576 _____ () C:\Users\Vroni\AppData\Local\LPT\srptm.exe
2014-08-27 15:29 - 2014-08-27 15:29 - 00083968 _____ () C:\Users\Vroni\AppData\Local\LPT\srpt.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00044032 _____ () C:\Users\Vroni\AppData\Local\LPT\srptc.dll
2014-08-27 15:28 - 2014-08-27 15:28 - 00018944 _____ () C:\Users\Vroni\AppData\Local\LPT\Smartbar.Common.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00071680 _____ () C:\Users\Vroni\AppData\Local\LPT\srut.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00069120 _____ () C:\Users\Vroni\AppData\Local\LPT\sppsm.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00160256 _____ () C:\Users\Vroni\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00028672 _____ () C:\Users\Vroni\AppData\Local\LPT\Smartbar.Personalization.Common.dll
2014-08-27 15:29 - 2014-08-27 15:29 - 00167424 _____ () C:\Users\Vroni\AppData\Local\LPT\Smartbar.Infrastructure.Utilities.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-533857234-3230724435-3058745666-500 - Administrator - Disabled)
Gast (S-1-5-21-533857234-3230724435-3058745666-501 - Limited - Disabled)
Vroni (S-1-5-21-533857234-3230724435-3058745666-1000 - Administrator - Enabled) => C:\Users\Vroni
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/30/2015 10:58:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/29/2015 02:02:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/12/2014 03:03:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4500
Error: (12/12/2014 03:03:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4500
Error: (12/12/2014 03:03:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/12/2014 03:03:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2000
Error: (12/12/2014 03:03:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2000
Error: (12/12/2014 03:03:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/11/2014 03:48:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8578
Error: (12/11/2014 03:48:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8578
System errors:
=============
Error: (01/30/2015 11:07:33 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 113.40.0.0
Aktualisierungsquelle: %NT-AUTORITÄT51
Aktualisierungsphase: 4.6.0305.00
Quellpfad: 4.6.0305.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\NETZWERKDIENST
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (01/30/2015 11:07:33 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.189.1901.0
Aktualisierungsquelle: %NT-AUTORITÄT51
Aktualisierungsphase: 4.6.0305.00
Quellpfad: 4.6.0305.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\NETZWERKDIENST
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (01/30/2015 11:07:33 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.189.1901.0
Aktualisierungsquelle: %NT-AUTORITÄT51
Aktualisierungsphase: 4.6.0305.00
Quellpfad: 4.6.0305.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\NETZWERKDIENST
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (01/30/2015 11:07:32 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.189.1901.0
Aktualisierungsquelle: %NT-AUTORITÄT59
Aktualisierungsphase: 4.6.0305.00
Quellpfad: 4.6.0305.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (01/30/2015 10:58:13 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 113.40.0.0
Aktualisierungsquelle: %NT-AUTORITÄT51
Aktualisierungsphase: 4.6.0305.00
Quellpfad: 4.6.0305.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\NETZWERKDIENST
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (01/30/2015 10:58:12 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.189.1901.0
Aktualisierungsquelle: %NT-AUTORITÄT51
Aktualisierungsphase: 4.6.0305.00
Quellpfad: 4.6.0305.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\NETZWERKDIENST
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (01/30/2015 10:58:12 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.189.1901.0
Aktualisierungsquelle: %NT-AUTORITÄT51
Aktualisierungsphase: 4.6.0305.00
Quellpfad: 4.6.0305.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\NETZWERKDIENST
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (01/30/2015 10:58:12 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
Error: (01/30/2015 10:58:08 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.189.1901.0
Aktualisierungsquelle: %NT-AUTORITÄT59
Aktualisierungsphase: 4.6.0305.00
Quellpfad: 4.6.0305.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (01/30/2015 10:57:47 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "iPod-Dienst" wurde mit folgendem Fehler beendet:
%%-2147417831
Microsoft Office Sessions:
=========================
Error: (01/30/2015 10:58:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/29/2015 02:02:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/12/2014 03:03:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4500
Error: (12/12/2014 03:03:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4500
Error: (12/12/2014 03:03:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/12/2014 03:03:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2000
Error: (12/12/2014 03:03:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2000
Error: (12/12/2014 03:03:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/11/2014 03:48:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8578
Error: (12/11/2014 03:48:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8578
==================== Memory info ===========================
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz
Percentage of memory in use: 60%
Total physical RAM: 3070.05 MB
Available physical RAM: 1222.26 MB
Total Pagefile: 6138.4 MB
Available Pagefile: 4222.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.71 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:238.37 GB) (Free:189.66 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 162EBCA0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
30.01.2015, 11:55
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Win7 32Bit Home Premium - Windows Befehlsprozessor will ...\Shuka\PackerV2.exe starten Hallo und
__________________ Du hast gecrackte Software auf diesem System. Mindestens die Adobe Master Collection ist illegal!  Zitat:
 Lesestoff:Illegale Software: Cracks, Keygens und Co Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html Es geht weiter wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________ |
|
30.01.2015, 11:59
| #3 |
| | Win7 32Bit Home Premium - Windows Befehlsprozessor will ...\Shuka\PackerV2.exe starten Ähhhh, sorry, ist nicht mein Laptop, hab ihn vorhin das erste mal gebootet und nur das Logfile erstellt, ich werde den Mist sofort löschen. Soll ich dann nochmal Logfiles posten?
__________________Danke das du mich darauf hingewiesen hast. Gruß, StoneCraX |
|
30.01.2015, 12:04
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win7 32Bit Home Premium - Windows Befehlsprozessor will ...\Shuka\PackerV2.exe starten Deinstalliere über die Systemsteuerung: Adobe Acrobat X Pro Adobe Creative Suite 6 Master Collection Und am besten auch gleich Norton und das TuneUp Geraffel löschen 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.01.2015, 12:47
| #5 |
| | Win7 32Bit Home Premium - Windows Befehlsprozessor will ...\Shuka\PackerV2.exe starten Hallo und danke nochmal für deine Hilfe. Ich habe jetzt soweit alles gelöscht, die von dir genannten Programme und auch alles weitere wie Toolbars usw das mir unwichtig erschien. Hoffentlich habe ich alles erwischt. Hier sind die neuen Logfiles: Danke, Stonecrax FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01
Ran by Vroni (administrator) on VAIO_NOTEBOOK on 30-01-2015 12:43:52
Running from C:\Users\Vroni\Desktop
Loaded Profiles: Vroni (Available profiles: Vroni)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(globalUpdate) C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\FastPlayer\FPUpdaterService.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Users\Vroni\AppData\Local\Temp\Shuka\UACGetter.exe
() C:\Program Files\FastPlayer\WebBrowser.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\GoogleCrashHandler.exe
() C:\Users\Vroni\AppData\Local\RGMService\RGMUpdater.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
() C:\Users\Vroni\AppData\Local\RGMService\RGMLoader.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [mbot_de_154] => [X]
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\...\Run: [Google Update] => C:\Users\Vroni\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-21] (Google Inc.)
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\...\Run: [GoogleChromeAutoLaunch_45191224BF4F697402CEEF6853EA9D19] => C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe [854344 2014-10-22] (Google Inc.)
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\...\Run: [cmd] => C:\Users\Vroni\AppData\Local\Temp\Shuka\PackerV2.exe [5113856 2014-12-08] (Packer Framework) <===== ATTENTION
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\...\MountPoints2: {254fc985-3669-11e3-ad42-806e6f6e6963} - D:\shelexec.exe .\starter.html
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WebBrowserFastPlayer.lnk
ShortcutTarget: WebBrowserFastPlayer.lnk -> C:\Program Files\FastPlayer\WebBrowser.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1413317456&from=tugs&uid=SAMSUNGXSSDX830XSeries_S0XZNEAC706504
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1413317456&from=tugs&uid=SAMSUNGXSSDX830XSeries_S0XZNEAC706504&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1413317456&from=tugs&uid=SAMSUNGXSSDX830XSeries_S0XZNEAC706504
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1413317456&from=tugs&uid=SAMSUNGXSSDX830XSeries_S0XZNEAC706504&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-CcWC99o5zUNfNlf4Ib2BHaH8eYHjEiX70IAy0PSrfM8JuMf98pBrQ8PkLo6ogGps3182xY2a1NdTJWekBtEYhW4L2qQ_8uef-WJUDiBt68mbtqS04HHB5wy09kVgkaCL8i31x6z8d0DrpySaetdI4nIk144svg,,
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-CcWC99o5zUNfNlf4Ib2BHaH8eYHjEiX70IAy0PSrfM8JuMf98pBrQ8PkLo6ogGpgdtOmcO_BuJvfqdPfXf8swYrhWdYSjMCjI448myNuMf7xIixs33RRms5b1j5hxqeEPKfKQU2WvF7-yiuYODb1ojD3SUhUDA,,&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-CcWC99o5zUNfNlf4Ib2BHaH8eYHjEiX70IAy0PSrfM8JuMf98pBrQ8PkLo6ogGpgdtOmcO_BuJvfqdPfXf8swYrhWdYSjMCjI448myNuMf7xIixs33RRms5b1j5hxqeEPKfKQU2WvF7-yiuYODb1ojD3SUhUDA,,&q={searchTerms}
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-CcWC99o5zUNfNlf4Ib2BHaH8eYHjEiX70IAy0PSrfM8JuMf98pBrQ8PkLo6ogGpgdtOmcO_BuJvfqdPfXf8swYrhWdYSjMCjI448myNuMf7xIixs33RRms5b1j5hxqeEPKfKQU2WvF7-zQISKvGtvH6WDh1A8w,,&q={searchTerms}
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M64CF35CC-251B-472E-BF7E-3A2B61099B12&SearchSource=55&CUI=&UM=6&UP=SP97E46BA3-2AAB-4E25-8EFD-3CC3FF5DDF3C&SSPV=
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-CcWC99o5zUNfNlf4Ib2BHaH8eYHjEiX70IAy0PSrfM8JuMf98pBrQ8PkLo6ogGpgdtOmcO_BuJvfqdPfXf8swYrhWdYSjMCjI448myNuMf7xIixs33RRms5b1j5hxqeEPKfKQU2WvF7-zQISKvGtvH6WDh1A8w,,&q={searchTerms}
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1413317456&from=tugs&uid=SAMSUNGXSSDX830XSeries_S0XZNEAC706504
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-CcWC99o5zUNfNlf4Ib2BHaH8eYHjEiX70IAy0PSrfM8JuMf98pBrQ8PkLo6ogGpgdtOmcO_BuJvfqdPfXf8swYrhWdYSjMCjI448myNuMf7xIixs33RRms5b1j5hxqeEPKfKQU2WvF7-yiuYODb1ojD3SUhUDA,,&q={searchTerms}
SearchScopes: HKLM -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-CcWC99o5zUNfNlf4Ib2BHaH8eYHjEiX70IAy0PSrfM8JuMf98pBrQ8PkLo6ogGpgdtOmcO_BuJvfqdPfXf8swYrhWdYSjMCjI448myNuMf7xIixs33RRms5b1j5hxqeEPKfKQU2WvF7-yiuYODb1ojD3SUhUDA,,&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1413317456&from=tugs&uid=SAMSUNGXSSDX830XSeries_S0XZNEAC706504&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-CcWC99o5zUNfNlf4Ib2BHaH8eYHjEiX70IAy0PSrfM8JuMf98pBrQ8PkLo6ogGpgdtOmcO_BuJvfqdPfXf8swYrhWdYSjMCjI448myNuMf7xIixs33RRms5b1j5hxqeEPKfKQU2WvF7-yiuYODb1ojD3SUhUDA,,&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-CcWC99o5zUNfNlf4Ib2BHaH8eYHjEiX70IAy0PSrfM8JuMf98pBrQ8PkLo6ogGpgdtOmcO_BuJvfqdPfXf8swYrhWdYSjMCjI448myNuMf7xIixs33RRms5b1j5hxqeEPKfKQU2WvF7-yiuYODb1ojD3SUhUDA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-533857234-3230724435-3058745666-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-CcWC99o5zUNfNlf4Ib2BHaH8eYHjEiX70IAy0PSrfM8JuMf98pBrQ8PkLo6ogGpgdtOmcO_BuJvfqdPfXf8swYrhWdYSjMCjI448myNuMf7xIixs33RRms5b1j5hxqeEPKfKQU2WvF7-zQISKvGtvH6WDh1A8w,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-533857234-3230724435-3058745666-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1413317456&from=tugs&uid=SAMSUNGXSSDX830XSeries_S0XZNEAC706504&q={searchTerms}
BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\SupTab\SupTab.dll No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKU\S-1-5-21-533857234-3230724435-3058745666-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 212.121.128.10 212.121.128.11
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1413317456&from=tugs&uid=SAMSUNGXSSDX830XSeries_S0XZNEAC706504
FireFox:
========
FF ProfilePath: C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default
FF DefaultSearchEngine: mystartsearch
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M64CF35CC-251B-472E-BF7E-3A2B61099B12&SearchSource=55&CUI=&UM=6&UP=SP97E46BA3-2AAB-4E25-8EFD-3CC3FF5DDF3C&SSPV=
FF SelectedSearchEngine: Trovi search
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-533857234-3230724435-3058745666-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-533857234-3230724435-3058745666-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default\user.js
FF SearchPlugin: C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mystartsearch.xml
FF Extension: Radio Canyon - C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default\Extensions\1853a82e-ce44-4a8c-a6fe-9bcf74a65575@4b6b1c16-5f0a-4ef0-866f-b063e235ef97.com [2014-10-14]
FF Extension: videos_MediaPlayers_v1.1 - C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default\Extensions\975af956-6d8c-4897-837a-25c267d2cec1@gmail.com [2014-10-14]
FF Extension: Fast Start - C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default\Extensions\faststartff@gmail.com [2014-10-14]
FF Extension: remotexulmanagerxulforgecom - C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default\Extensions\remotexulmanager@xulforge.com [2014-10-24]
FF Extension: WEB.DE MailCheck - C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default\Extensions\toolbar@web.de.xpi [2014-09-20]
FF Extension: UITBAutoInstaller - C:\Program Files\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2014-09-20]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default\extensions\faststartff@gmail.com
FF Extension: No Name - C:\Program Files\ver5SpeedChecker\180.xpi [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M64CF35CC-251B-472E-BF7E-3A2B61099B12&SearchSource=55&CUI=&UM=6&UP=SP97E46BA3-2AAB-4E25-8EFD-3CC3FF5DDF3C&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M64CF35CC-251B-472E-BF7E-3A2B61099B12&SearchSource=55&CUI=&UM=6&UP=SP97E46BA3-2AAB-4E25-8EFD-3CC3FF5DDF3C&SSPV=", "chrome://newtab/?source=home", "hxxp://www.mystartsearch.com/?type=hp&ts=1413317456&from=tugs&uid=SAMSUNGXSSDX830XSeries_S0XZNEAC706504", "hxxp://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M64CF35CC-251B-472E-BF7E-3A2B61099B12&SearchSource=55&CUI=&UM=6&UP=SP97E46BA3-2AAB-4E25-8EFD-3CC3FF5DDF3C&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultNewTabURL: Default -> https://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M64CF35CC-251B-472E-BF7E-3A2B61099B12&SearchSource=69&CUI=&SSPV=&lay=5&p=cnts&UM=6&UP=SP97E46BA3-2AAB-4E25-8EFD-3CC3FF5DDF3C&SAT=CNTS
CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (almhciamckkbjlmapgjalcpciigohefi) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\almhciamckkbjlmapgjalcpciigohefi [2014-10-25]
CHR Extension: (Google Docs) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-21]
CHR Extension: (Google Drive) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-12]
CHR Extension: (YouTube) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-21]
CHR Extension: (Adblock Plus) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-21]
CHR Extension: (Google-Suche) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-21]
CHR Extension: (Blöcke Deluxe) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpeikjapgbmncgiaijjfondlfflajnlb [2014-06-21]
CHR Extension: (CHIP Online) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhjmdobefakhdbfdpnnopoaldabldbgd [2014-06-21]
CHR Extension: (The QR Code Generator) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2014-06-21]
CHR Extension: (AdBlock) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-21]
CHR Extension: (Dropbox) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-06-21]
CHR Extension: (View Plug-ins) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjpifmjicccpbkfjdkehimhgklfkbanh [2014-10-24]
CHR Extension: (Google Wallet) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-21]
CHR Extension: (Google Mail) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-21]
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma.crx [2014-10-14]
StartMenuInternet: Google Chrome.BFEL4LOH3ZTRW2USQVE3O2GWV4 - C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 FastPlayerUpdaterService; C:\Program Files\FastPlayer\FPUpdaterService.exe [382464 2015-01-22] () [File not signed]
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-10-14] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-10-14] (globalUpdate) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 RGMUpdater; C:\Users\Vroni\AppData\Local\RGMService\RGMUpdater.exe [28160 2014-10-27] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [202112 2005-10-18] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [998656 2005-10-18] (Conexant Systems, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R3 Mvc25U870_VID_1262&PID_25FD; C:\Windows\System32\Drivers\Mvc25U870.sys [55680 2005-12-29] (Micro Vision Co.,Ltd)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45968 2011-11-03] (Rovi Corporation)
R3 SPI; C:\Windows\System32\DRIVERS\SonyPI.sys [14720 2007-08-03] (Sony Corporation)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1076472 2005-11-17] (SigmaTel, Inc.)
R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [217472 2005-10-04] (Texas Instruments)
S3 toshidpt; C:\Windows\System32\drivers\Toshidpt.sys [3712 2005-07-11] (TOSHIBA Corporation.) [File not signed]
R3 tosporte; C:\Windows\System32\DRIVERS\tosporte.sys [46592 2005-09-16] (TOSHIBA Corporation) [File not signed]
S3 Tosrfbd; C:\Windows\System32\Drivers\tosrfbd.sys [108672 2005-10-07] (TOSHIBA CORPORATION) [File not signed]
S3 Tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [36480 2005-09-15] (TOSHIBA Corporation) [File not signed]
R1 Tosrfcom; C:\Windows\System32\Drivers\tosrfcom.sys [64896 2005-08-01] (TOSHIBA Corporation) [File not signed]
S3 Tosrfhid; C:\Windows\System32\DRIVERS\Tosrfhid.sys [62848 2005-10-07] (TOSHIBA Corporation.) [File not signed]
S3 tosrfnds; C:\Windows\System32\DRIVERS\tosrfnds.sys [18612 2005-01-06] (TOSHIBA Corporation.) [File not signed]
S3 TosRfSnd; C:\Windows\System32\drivers\TosRfSnd.sys [52864 2005-11-11] (TOSHIBA Corporation) [File not signed]
S3 Tosrfusb; C:\Windows\System32\Drivers\tosrfusb.sys [36736 2005-11-15] (TOSHIBA CORPORATION) [File not signed]
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [587176 2012-11-13] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [551208 2012-11-13] (eMPIA Technology, Inc.)
R1 {6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw; C:\Windows\System32\drivers\{6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw.sys [43152 2014-10-18] (StdLib)
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP6\WNt500x86\Sandra.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-30 12:29 - 2015-01-30 12:33 - 00001118 _____ () C:\Users\Vroni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-30 12:18 - 2015-01-30 12:18 - 00000000 ____D () C:\adobeTemp
2015-01-30 11:09 - 2015-01-30 11:10 - 00040420 _____ () C:\Users\Vroni\Desktop\Addition.txt
2015-01-30 11:08 - 2015-01-30 12:44 - 00022489 _____ () C:\Users\Vroni\Desktop\FRST.txt
2015-01-30 11:08 - 2015-01-30 12:43 - 00000000 ____D () C:\FRST
2015-01-30 11:06 - 2015-01-30 11:00 - 02130432 _____ (Farbar) C:\Users\Vroni\Desktop\FRST64.exe
2015-01-30 11:06 - 2015-01-30 11:00 - 01121792 _____ (Farbar) C:\Users\Vroni\Desktop\FRST.exe
2015-01-02 15:34 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-30 12:42 - 2013-10-16 15:18 - 01252446 _____ () C:\Windows\WindowsUpdate.log
2015-01-30 12:40 - 2014-12-11 13:15 - 00000000 ____D () C:\Users\Vroni\AppData\Local\RGMService
2015-01-30 12:39 - 2014-10-14 21:11 - 00000886 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-01-30 12:39 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-30 12:39 - 2009-07-14 05:39 - 00045414 _____ () C:\Windows\setupact.log
2015-01-30 12:39 - 2009-07-14 05:34 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-30 12:39 - 2009-07-14 05:34 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-30 12:34 - 2013-10-17 10:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-30 12:33 - 2014-10-14 21:05 - 00002056 _____ () C:\Users\Vroni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-01-30 12:33 - 2014-10-14 21:05 - 00001994 _____ () C:\Users\Vroni\Desktop\Search.lnk
2015-01-30 12:33 - 2013-10-17 08:52 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-30 12:33 - 2013-10-17 08:52 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-30 12:33 - 2013-10-16 15:18 - 00001409 _____ () C:\Users\Vroni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-30 12:28 - 2010-11-20 22:01 - 01619272 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-30 12:23 - 2014-10-25 09:55 - 00000000 ____D () C:\ProgramData\Norton
2015-01-30 12:23 - 2013-10-17 08:24 - 00058824 _____ () C:\Users\Vroni\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-30 12:23 - 2010-11-20 22:48 - 00696924 _____ () C:\Windows\PFRO.log
2015-01-30 12:23 - 2009-07-14 05:33 - 03770680 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-30 12:21 - 2013-10-18 14:50 - 00000000 ____D () C:\Program Files\Adobe
2015-01-30 12:20 - 2013-10-18 14:48 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-30 12:20 - 2013-10-18 14:48 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-30 12:16 - 2013-10-16 15:18 - 00000000 ____D () C:\Users\Vroni
2015-01-30 11:24 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-30 11:07 - 2013-10-17 10:28 - 00000000 ____D () C:\Users\Vroni\AppData\Local\Adobe
2015-01-30 10:57 - 2014-09-20 16:44 - 00000000 ____D () C:\Users\Vroni\AppData\Roaming\Skype
2015-01-29 14:02 - 2014-12-11 13:13 - 00001779 _____ () C:\Users\Vroni\Desktop\FastPlayer.lnk
2015-01-29 14:02 - 2014-10-14 21:10 - 00000000 ____D () C:\Program Files\FastPlayer
2015-01-02 15:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-01-02 15:33 - 2013-10-17 08:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-02 15:28 - 2013-10-17 08:28 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2014-10-14 21:14 - 2014-10-14 21:14 - 1484176 _____ (enter) C:\Users\Vroni\AppData\Roaming\RKJ.exe
2014-10-14 21:13 - 2014-10-14 21:13 - 1971088 _____ (enter) C:\Users\Vroni\AppData\Roaming\SLOBCEOV.exe
2014-07-19 17:43 - 2014-07-19 17:44 - 0001456 _____ () C:\Users\Vroni\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-08-05 10:49 - 2014-08-05 10:49 - 0007605 _____ () C:\Users\Vroni\AppData\Local\Resmon.ResmonCfg
Files to move or delete:
====================
C:\Users\Vroni\AppData\Local\Temp\Shuka\PackerV2.exe
Some content of TEMP:
====================
C:\Users\Vroni\AppData\Local\Temp\asrla0gc.dll
C:\Users\Vroni\AppData\Local\Temp\CLmt3.exe
C:\Users\Vroni\AppData\Local\Temp\cu7dz7vs.dll
C:\Users\Vroni\AppData\Local\Temp\d8ry5sp4.dll
C:\Users\Vroni\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Vroni\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Vroni\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Vroni\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Vroni\AppData\Local\Temp\jyjben87.dll
C:\Users\Vroni\AppData\Local\Temp\KUIU.EXE
C:\Users\Vroni\AppData\Local\Temp\mjakizdc.dll
C:\Users\Vroni\AppData\Local\Temp\optprosetup.exe
C:\Users\Vroni\AppData\Local\Temp\rlrkfmt9.dll
C:\Users\Vroni\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Vroni\AppData\Local\Temp\setup_337.exe
C:\Users\Vroni\AppData\Local\Temp\sytcuyo8.dll
C:\Users\Vroni\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Vroni\AppData\Local\Temp\zVHI6.dll
C:\Users\Vroni\AppData\Local\Temp\zVHI6.exe
C:\Users\Vroni\AppData\Local\Temp\~dl51A0.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-27 10:45
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-01-2015 01
Ran by Vroni at 2015-01-30 12:44:22
Running from C:\Users\Vroni\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArtRage 4 Demo (HKLM\...\ArtRage 4 Demo 4.0.4.0) (Version: 4.0.4.0 - Ambient Design)
ArtRage 4 Demo (Version: 4.0.4.0 - Ambient Design) Hidden
bl (Version: 1.0.0 - Your Company Name) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v4.00.20(SO) - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
FastPlayer (HKLM\...\FastPlayer) (Version: v1.0.0.6 - SoftForce LLC) <==== ATTENTION
Google Chrome (HKU\S-1-5-21-533857234-3230724435-3058745666-1000\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
HDAUDIO SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.450 - Oracle)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - )
ph (Version: 1.0.0 - Your Company Name) Hidden
Phase 5 HTML-Editor (HKLM\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4511.0 - SigmaTel)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
TERRATEC Cinergy Hybrid T USB XS FM (32 Bit) (HKLM\...\{271D6941-5F6C-4258-AD43-23839D46DC00}) (Version: 5.09.1202.00 - TERRATEC)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
WEB.DE MailCheck für Mozilla Firefox (HKLM\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 2.10.1.1735 - 1&1 Mail & Media GmbH)
Windows-Treiberpaket - TerraTec (USB28xxBGA) Media (12/02/2009 5.09.1202.00) (HKLM\...\BB2E2D0714CC6BBEFC9CD54767EBB829C39EADEB) (Version: 12/02/2009 5.09.1202.00 - TerraTec )
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Vroni\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Vroni\AppData\Local\Google\Chrome\Application\38.0.2125.111\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
==================== Restore Points =========================
14-10-2014 21:11:52 Uniblue SpeedUpMyPC installation
14-10-2014 21:53:23 Windows Update
18-10-2014 16:00:39 Windows Update
24-10-2014 21:02:12 Windows Update
27-10-2014 22:35:55 Windows Update
03-11-2014 21:41:44 Windows Update
19-11-2014 21:35:31 Windows Update
19-11-2014 22:43:43 Windows Update
11-12-2014 13:18:05 Windows Update
02-01-2015 15:28:01 Windows Update
30-01-2015 12:10:15 TuneUp Utilities 2014 wird entfernt
30-01-2015 12:11:20 TuneUp Utilities 2014 (de-DE) wird entfernt
30-01-2015 12:20:53 Removed Adobe Widget Browser
30-01-2015 12:21:07 Removed Adobe Help Manager
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2013-10-18 15:14 - 00000889 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {24A81D2E-DED1-40E6-9B84-A68F0A531872} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-10-14] (globalUpdate) <==== ATTENTION
Task: {5FD6F9A4-36BD-47CC-98AD-0BBCFBEDAD89} - System32\Tasks\{30A31F06-EBED-40F7-A45F-CA73290DA860} => pcalua.exe -a C:\Users\Vroni\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=tugs
Task: {A89E4C46-91F4-4E40-A223-747A7FDC39FB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B437AB69-C2A7-4EF9-9F66-BD2C7A76F443} - System32\Tasks\{F2F7615B-BBF4-44EB-870F-C631BF87AC03} => pcalua.exe -a C:\Users\Vroni\Downloads\SP32899\setup.exe -d C:\Users\Vroni\Downloads\SP32899
Task: {D26CBCDB-F271-4609-AC5B-70208743AEE5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-11] (Adobe Systems Incorporated)
Task: {D6E6E73D-3FC8-433C-ADD8-6F0DF62361FF} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2004-07-20 16:04 - 2004-07-20 16:04 - 00094208 _____ () C:\Windows\System32\TosBtHcrpAPI.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-22 11:49 - 2015-01-22 11:49 - 00382464 _____ () C:\Program Files\FastPlayer\FPUpdaterService.exe
2013-10-17 10:21 - 2005-11-10 13:48 - 00094208 _____ () C:\Windows\system32\Mv25U870Prp.ax
2014-12-09 09:28 - 2014-12-09 09:28 - 00192512 _____ () C:\Users\Vroni\AppData\Local\Temp\Shuka\UACGetter.exe
2015-01-21 16:54 - 2015-01-21 16:54 - 00134656 _____ () C:\Program Files\FastPlayer\WebBrowser.exe
2005-07-22 20:30 - 2005-07-22 20:30 - 00065536 _____ () C:\Windows\system32\TosCommAPI.dll
2014-10-27 16:04 - 2014-10-27 16:04 - 00028160 _____ () C:\Users\Vroni\AppData\Local\RGMService\RGMUpdater.exe
2014-10-27 23:19 - 2014-10-22 05:04 - 08910664 _____ () C:\Users\Vroni\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-27 23:19 - 2014-10-22 05:04 - 01681224 _____ () C:\Users\Vroni\AppData\Local\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-12-01 17:01 - 2014-12-01 17:01 - 00974848 _____ () C:\Users\Vroni\AppData\Local\RGMService\RGMLoader.exe
2014-12-01 17:01 - 2014-12-01 17:01 - 01686016 _____ () C:\Users\Vroni\AppData\Local\RGMService\RGMHost.dll
2014-12-01 17:01 - 2014-12-01 17:01 - 02745856 _____ () C:\Users\Vroni\AppData\Local\RGMService\MonetizationToolsManager.dll
2014-12-01 17:02 - 2014-12-01 17:02 - 01592832 _____ () C:\Users\Vroni\AppData\Local\RGMService\ProtectorsManager.dll
2014-06-21 06:47 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-06-21 06:47 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-533857234-3230724435-3058745666-500 - Administrator - Disabled)
Gast (S-1-5-21-533857234-3230724435-3058745666-501 - Limited - Disabled)
Vroni (S-1-5-21-533857234-3230724435-3058745666-1000 - Administrator - Enabled) => C:\Users\Vroni
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/30/2015 00:42:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/30/2015 00:41:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/30/2015 00:37:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/30/2015 00:31:02 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Vaio_Notebook)
Description: Die Anwendung oder der Dienst "linmsl" konnte nicht heruntergefahren werden.
Error: (01/30/2015 00:24:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/30/2015 00:21:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (01/30/2015 00:21:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (01/30/2015 00:21:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary EraserUtilRebootDrv.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (01/30/2015 00:21:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Eraser Control driver.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (01/30/2015 00:20:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver.
System Error:
Das System kann die angegebene Datei nicht finden.
.
System errors:
=============
Error: (01/30/2015 00:40:11 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 113.40.0.0
Aktualisierungsquelle: %NT-AUTORITÄT51
Aktualisierungsphase: 4.6.0305.00
Quellpfad: 4.6.0305.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\NETZWERKDIENST
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (01/30/2015 00:40:11 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.189.1901.0
Aktualisierungsquelle: %NT-AUTORITÄT51
Aktualisierungsphase: 4.6.0305.00
Quellpfad: 4.6.0305.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\NETZWERKDIENST
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (01/30/2015 00:40:11 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.189.1901.0
Aktualisierungsquelle: %NT-AUTORITÄT51
Aktualisierungsphase: 4.6.0305.00
Quellpfad: 4.6.0305.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\NETZWERKDIENST
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (01/30/2015 00:40:10 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.189.1901.0
Aktualisierungsquelle: %NT-AUTORITÄT59
Aktualisierungsphase: 4.6.0305.00
Quellpfad: 4.6.0305.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (01/30/2015 00:36:30 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 113.40.0.0
Aktualisierungsquelle: %NT-AUTORITÄT51
Aktualisierungsphase: 4.6.0305.00
Quellpfad: 4.6.0305.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\NETZWERKDIENST
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (01/30/2015 00:36:30 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.189.1901.0
Aktualisierungsquelle: %NT-AUTORITÄT51
Aktualisierungsphase: 4.6.0305.00
Quellpfad: 4.6.0305.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\NETZWERKDIENST
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (01/30/2015 00:36:30 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.189.1901.0
Aktualisierungsquelle: %NT-AUTORITÄT51
Aktualisierungsphase: 4.6.0305.00
Quellpfad: 4.6.0305.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\NETZWERKDIENST
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (01/30/2015 00:36:30 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.189.1901.0
Aktualisierungsquelle: %NT-AUTORITÄT59
Aktualisierungsphase: 4.6.0305.00
Quellpfad: 4.6.0305.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (01/30/2015 00:33:44 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 113.40.0.0
Aktualisierungsquelle: %NT-AUTORITÄT51
Aktualisierungsphase: 4.6.0305.00
Quellpfad: 4.6.0305.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\NETZWERKDIENST
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (01/30/2015 00:33:44 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.189.1901.0
Aktualisierungsquelle: %NT-AUTORITÄT51
Aktualisierungsphase: 4.6.0305.00
Quellpfad: 4.6.0305.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\NETZWERKDIENST
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Microsoft Office Sessions:
=========================
Error: (01/30/2015 00:42:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Users\Vroni\AppData\Local\Temp\Shuka\64.exe
Error: (01/30/2015 00:41:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/30/2015 00:37:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/30/2015 00:31:02 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Vaio_Notebook)
Description: 1C:\Program Files\LPT\linmsl.exelinmsl0511751200
Error: (01/30/2015 00:24:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/30/2015 00:21:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (01/30/2015 00:21:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (01/30/2015 00:21:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary EraserUtilRebootDrv.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (01/30/2015 00:21:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Eraser Control driver.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (01/30/2015 00:20:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver.
System Error:
Das System kann die angegebene Datei nicht finden.
==================== Memory info ===========================
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz
Percentage of memory in use: 47%
Total physical RAM: 3070.05 MB
Available physical RAM: 1608.45 MB
Total Pagefile: 6138.4 MB
Available Pagefile: 4645.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.55 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:238.37 GB) (Free:199.31 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 162EBCA0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
30.01.2015, 12:48
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win7 32Bit Home Premium - Windows Befehlsprozessor will ...\Shuka\PackerV2.exe starten Gut, dann bitte MBAR: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> Win7 32Bit Home Premium - Windows Befehlsprozessor will ...\Shuka\PackerV2.exe starten |
|
30.01.2015, 13:26
| #7 |
| | Win7 32Bit Home Premium - Windows Befehlsprozessor will ...\Shuka\PackerV2.exe starten Nur kurz eine Frage: Willst du das ich genau die Version von MBAR verwende auf die du verlinkt hast, denn wenn ich diese starte, sagt mir MBAR das es ein Update des Hauptprogramms gibt und ob ich die neuste Version runterladen will? Danke, Stonecrax |
|
30.01.2015, 13:51
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win7 32Bit Home Premium - Windows Befehlsprozessor will ...\Shuka\PackerV2.exe starten Bitte das Update bei MBAM/MBAR immer zulassen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.01.2015, 14:01
| #9 |
| | Win7 32Bit Home Premium - Windows Befehlsprozessor will ...\Shuka\PackerV2.exe starten Okay, dann paßt das ja :-) Hier die Logfiles vom MBAR. Es wurden 5 Sachen gelöscht. ...\shuka\packerv2.exe will nach dem reboot aber immer noch gestartet werden. Danke, Stonecrax vor dem Cleanup: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org
Database version:
main: v2015.01.30.04
rootkit: v2015.01.14.01
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17420
Vroni :: VAIO_NOTEBOOK [administrator]
30.01.2015 13:04:55
mbar-log-2015-01-30 (13-04-55).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 311699
Time elapsed: 17 minute(s), 55 second(s)
Memory Processes Detected: 1
C:\Program Files\FastPlayer\WebBrowser.exe (Trojan.Clicker) -> 2220 -> Delete on reboot. [8ffdc23b6d1c092dd80464b089798d73]
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 1
C:\ProgramData\2308189059 (Rogue.Multiple) -> Delete on reboot. [7715a6576c1d6fc7bf88ac8a838028d8]
Files Detected: 3
C:\Program Files\FastPlayer\WebBrowser.exe (Trojan.Clicker) -> Delete on reboot. [8ffdc23b6d1c092dd80464b089798d73]
C:\Windows\System32\drivers\Msft_Kernel_webinstrNew_01009.Wdf (PUP.Optional.WebInstr.A) -> Delete on reboot. []
C:\Windows\System32\drivers\{6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw.sys (PUP.Optional.Sanbreel.A) -> Delete on reboot. [d888c27c7eb72ecd11cdbbd704d9b733]
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Nach dem Cleanup: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org
Database version:
main: v2015.01.30.04
rootkit: v2015.01.14.01
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17420
Vroni :: VAIO_NOTEBOOK [administrator]
30.01.2015 13:39:50
mbar-log-2015-01-30 (13-39-50).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 311381
Time elapsed: 16 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
30.01.2015, 14:12
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win7 32Bit Home Premium - Windows Befehlsprozessor will ...\Shuka\PackerV2.exe starten Adware/Junkware/Toolbars entfernen (alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!) 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.01.2015, 14:49
| #11 |
| | Win7 32Bit Home Premium - Windows Befehlsprozessor will ...\Shuka\PackerV2.exe starten Hallo, die Packerv2.exe wird jetzt nicht mehr gestartet, ist aber noch auf der Platte vorhanden. hier kommen die Logs: Danke, Stonecrax adwcleaner: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 30/01/2015 um 14:24:51
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Vroni - VAIO_NOTEBOOK
# Gestartet von : C:\Users\Vroni\Desktop\AdwCleaner_4.109.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem
Dienst Gelöscht : FastPlayerUpdaterService
Dienst Gelöscht : RGMUpdater
[#] Dienst Gelöscht : {6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastPlayer
[!] Ordner Gelöscht : C:\Program Files\globalUpdate
Ordner Gelöscht : C:\Program Files\FastPlayer
Ordner Gelöscht : C:\Program Files\Radio Canyon
Ordner Gelöscht : C:\Users\Vroni\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Vroni\AppData\Local\Temp\Krab Web
Ordner Gelöscht : C:\Users\Vroni\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Vroni\AppData\Local\FastPlayer
Ordner Gelöscht : C:\Users\Vroni\AppData\Local\RGMService
Ordner Gelöscht : C:\Users\Vroni\AppData\Local\Genesis_10142010
Ordner Gelöscht : C:\Users\Vroni\AppData\Local\Genesis_10142012
Ordner Gelöscht : C:\Users\Vroni\AppData\LocalLow\Radio Canyon
Ordner Gelöscht : C:\Users\Vroni\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Vroni\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\Vroni\AppData\Roaming\RHEng
Ordner Gelöscht : C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default\Extensions\faststartff@gmail.com
Ordner Gelöscht : C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjpifmjicccpbkfjdkehimhgklfkbanh
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WebBrowserFastPlayer.lnk
Datei Gelöscht : C:\Users\Vroni\Desktop\Continue Live Installation.lnk
Datei Gelöscht : C:\Users\Vroni\Desktop\FastPlayer.lnk
Datei Gelöscht : C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default\searchplugins\trovi-search.xml
Datei Gelöscht : C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default\user.js
Datei Gelöscht : C:\Program Files\Mozilla Firefox\browser\searchplugins\mystartsearch.xml
Datei Gelöscht : C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage
Datei Gelöscht : C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage
Datei Gelöscht : C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
Datei Gelöscht : C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
Datei Gelöscht : C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
Datei Gelöscht : C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
Datei Gelöscht : C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.select-n-go00.select-n-go.com_0.localstorage
Datei Gelöscht : C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.select-n-go00.select-n-go.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage
Datei Gelöscht : C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage-journal
***** [ Tasks ] *****
Task Gelöscht : globalUpdateUpdateTaskMachineCore
Task Gelöscht : LaunchSignup
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [cmd]
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622082204}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655085504}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666086604}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644084404}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\genesis
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\MyBestOffersToday
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SupHpUISoft
Schlüssel Gelöscht : HKCU\Software\RGMService
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Radio Canyon
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\MyBestOffersToday
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\SupTab
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Radio Canyon
Schlüssel Gelöscht : HKLM\SOFTWARE\FastPlayer
Schlüssel Gelöscht : HKLM\SOFTWARE\mystartsearchSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\SPPDCOM
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4E732E5D-E577-451A-9BB1-CBE64A2CBC2F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FastPlayer
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17420
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
-\\ Mozilla Firefox v31.0 (x86 de)
[z06qvz7y.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename", "mystartsearch");
[z06qvz7y.default\prefs.js] - Zeile gelöscht : user_pref("extensions.a1853a82ece444a8ca6fe9bcf74a655754b6b1c165f0a4ef0866fb063e235ef97com60804.60804.internaldb.Resources_meta.value", "%7B%22popup.html%22%3A%7B%22id%22%3A824814%2C%22ver%22%3A9%2C%2[...]
[z06qvz7y.default\prefs.js] - Zeile gelöscht : user_pref("extensions.a1853a82ece444a8ca6fe9bcf74a655754b6b1c165f0a4ef0866fb063e235ef97com60804.60804.internaldb.Resources_resource_824814.value", "%22%3C%21DOCTYPE%20html%3E%5Cr%5Cn%3Chtml%3E%5Cr%5Cn[...]
[z06qvz7y.default\prefs.js] - Zeile gelöscht : user_pref("extensions.a1853a82ece444a8ca6fe9bcf74a655754b6b1c165f0a4ef0866fb063e235ef97com60804.60804.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
[z06qvz7y.default\prefs.js] - Zeile gelöscht : user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22deal[...]
[z06qvz7y.default\prefs.js] - Zeile gelöscht : user_pref("extensions.crossrider.bic", "149104e7954adc2ba6c201e79e5883bc");
[z06qvz7y.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[z06qvz7y.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[z06qvz7y.default\prefs.js] - Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M64CF35CC-251B-472E-BF7E-3A2B61099B12&SearchSource=55&CUI=&UM=6&UP=SP97E46BA3-2AAB-4E25-8EFD[...]
[z06qvz7y.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "Trovi search");
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [19968 octets] - [30/01/2015 14:21:10]
AdwCleaner[S0].txt - [17584 octets] - [30/01/2015 14:24:51]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17645 octets] ##########
JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x86
Ran by Vroni on 30.01.2015 at 14:32:17,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Vroni\AppData\Roaming\mozilla\firefox\profiles\z06qvz7y.default\minidumps [9 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.01.2015 at 14:35:41,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01
Ran by Vroni (administrator) on VAIO_NOTEBOOK on 30-01-2015 14:40:13
Running from C:\Users\Vroni\Desktop
Loaded Profiles: Vroni (Available profiles: Vroni)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [mbot_de_154] => [X]
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\...\Run: [Google Update] => C:\Users\Vroni\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-21] (Google Inc.)
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\...\Run: [GoogleChromeAutoLaunch_45191224BF4F697402CEEF6853EA9D19] => C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe [843592 2015-01-27] (Google Inc.)
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\...\MountPoints2: {254fc985-3669-11e3-ad42-806e6f6e6963} - D:\shelexec.exe .\starter.html
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-CcWC99o5zUNfNlf4Ib2BHaH8eYHjEiX70IAy0PSrfM8JuMf98pBrQ8PkLo6ogGps3182xY2a1NdTJWekBtEYhW4L2qQ_8uef-WJUDiBt68mbtqS04HHB5wy09kVgkaCL8i31x6z8d0DrpySaetdI4nIk144svg,,
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-CcWC99o5zUNfNlf4Ib2BHaH8eYHjEiX70IAy0PSrfM8JuMf98pBrQ8PkLo6ogGpgdtOmcO_BuJvfqdPfXf8swYrhWdYSjMCjI448myNuMf7xIixs33RRms5b1j5hxqeEPKfKQU2WvF7-yiuYODb1ojD3SUhUDA,,&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-CcWC99o5zUNfNlf4Ib2BHaH8eYHjEiX70IAy0PSrfM8JuMf98pBrQ8PkLo6ogGpgdtOmcO_BuJvfqdPfXf8swYrhWdYSjMCjI448myNuMf7xIixs33RRms5b1j5hxqeEPKfKQU2WvF7-yiuYODb1ojD3SUhUDA,,&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-CcWC99o5zUNfNlf4Ib2BHaH8eYHjEiX70IAy0PSrfM8JuMf98pBrQ8PkLo6ogGpgdtOmcO_BuJvfqdPfXf8swYrhWdYSjMCjI448myNuMf7xIixs33RRms5b1j5hxqeEPKfKQU2WvF7-yiuYODb1ojD3SUhUDA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-533857234-3230724435-3058745666-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.40 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-533857234-3230724435-3058745666-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-533857234-3230724435-3058745666-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Radio Canyon - C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default\Extensions\1853a82e-ce44-4a8c-a6fe-9bcf74a65575@4b6b1c16-5f0a-4ef0-866f-b063e235ef97.com [2014-10-14]
FF Extension: videos_MediaPlayers_v1.1 - C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default\Extensions\975af956-6d8c-4897-837a-25c267d2cec1@gmail.com [2014-10-14]
FF Extension: remotexulmanagerxulforgecom - C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default\Extensions\remotexulmanager@xulforge.com [2014-10-24]
FF Extension: WEB.DE MailCheck - C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default\Extensions\toolbar@web.de.xpi [2014-09-20]
FF Extension: UITBAutoInstaller - C:\Program Files\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2014-09-20]
FF Extension: No Name - C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default\extensions\faststartff@gmail.com [Not Found]
FF Extension: No Name - C:\Program Files\ver5SpeedChecker\180.xpi [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M64CF35CC-251B-472E-BF7E-3A2B61099B12&SearchSource=55&CUI=&UM=6&UP=SP97E46BA3-2AAB-4E25-8EFD-3CC3FF5DDF3C&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M64CF35CC-251B-472E-BF7E-3A2B61099B12&SearchSource=55&CUI=&UM=6&UP=SP97E46BA3-2AAB-4E25-8EFD-3CC3FF5DDF3C&SSPV=", "chrome://newtab/?source=home", "hxxp://www.mystartsearch.com/?type=hp&ts=1413317456&from=tugs&uid=SAMSUNGXSSDX830XSeries_S0XZNEAC706504", "hxxp://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M64CF35CC-251B-472E-BF7E-3A2B61099B12&SearchSource=55&CUI=&UM=6&UP=SP97E46BA3-2AAB-4E25-8EFD-3CC3FF5DDF3C&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultNewTabURL: Default -> https://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M64CF35CC-251B-472E-BF7E-3A2B61099B12&SearchSource=69&CUI=&SSPV=&lay=5&p=cnts&UM=6&UP=SP97E46BA3-2AAB-4E25-8EFD-3CC3FF5DDF3C&SAT=CNTS
CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (almhciamckkbjlmapgjalcpciigohefi) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\almhciamckkbjlmapgjalcpciigohefi [2014-10-25]
CHR Extension: (Google Docs) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-21]
CHR Extension: (Google Drive) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-12]
CHR Extension: (YouTube) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-21]
CHR Extension: (Adblock Plus) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-21]
CHR Extension: (Google-Suche) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-21]
CHR Extension: (Blöcke Deluxe) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpeikjapgbmncgiaijjfondlfflajnlb [2014-06-21]
CHR Extension: (CHIP Online) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhjmdobefakhdbfdpnnopoaldabldbgd [2014-06-21]
CHR Extension: (The QR Code Generator) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2014-06-21]
CHR Extension: (AdBlock) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-21]
CHR Extension: (Dropbox) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-06-21]
CHR Extension: (View Plug-ins) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjpifmjicccpbkfjdkehimhgklfkbanh [2015-01-30]
CHR Extension: (Google Wallet) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-21]
CHR Extension: (Google Mail) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-21]
StartMenuInternet: Google Chrome.BFEL4LOH3ZTRW2USQVE3O2GWV4 - C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [202112 2005-10-18] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [998656 2005-10-18] (Conexant Systems, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R3 Mvc25U870_VID_1262&PID_25FD; C:\Windows\System32\Drivers\Mvc25U870.sys [55680 2005-12-29] (Micro Vision Co.,Ltd)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45968 2011-11-03] (Rovi Corporation)
R3 SPI; C:\Windows\System32\DRIVERS\SonyPI.sys [14720 2007-08-03] (Sony Corporation)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1076472 2005-11-17] (SigmaTel, Inc.)
R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [217472 2005-10-04] (Texas Instruments)
S3 toshidpt; C:\Windows\System32\drivers\Toshidpt.sys [3712 2005-07-11] (TOSHIBA Corporation.) [File not signed]
R3 tosporte; C:\Windows\System32\DRIVERS\tosporte.sys [46592 2005-09-16] (TOSHIBA Corporation) [File not signed]
S3 Tosrfbd; C:\Windows\System32\Drivers\tosrfbd.sys [108672 2005-10-07] (TOSHIBA CORPORATION) [File not signed]
S3 Tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [36480 2005-09-15] (TOSHIBA Corporation) [File not signed]
R1 Tosrfcom; C:\Windows\System32\Drivers\tosrfcom.sys [64896 2005-08-01] (TOSHIBA Corporation) [File not signed]
S3 Tosrfhid; C:\Windows\System32\DRIVERS\Tosrfhid.sys [62848 2005-10-07] (TOSHIBA Corporation.) [File not signed]
S3 tosrfnds; C:\Windows\System32\DRIVERS\tosrfnds.sys [18612 2005-01-06] (TOSHIBA Corporation.) [File not signed]
S3 TosRfSnd; C:\Windows\System32\drivers\TosRfSnd.sys [52864 2005-11-11] (TOSHIBA Corporation) [File not signed]
S3 Tosrfusb; C:\Windows\System32\Drivers\tosrfusb.sys [36736 2005-11-15] (TOSHIBA CORPORATION) [File not signed]
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [587176 2012-11-13] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [551208 2012-11-13] (eMPIA Technology, Inc.)
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP6\WNt500x86\Sandra.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-30 14:35 - 2015-01-30 14:35 - 00001059 _____ () C:\Users\Vroni\Desktop\JRT.txt
2015-01-30 14:32 - 2015-01-30 14:32 - 00000000 ____D () C:\Windows\ERUNT
2015-01-30 14:20 - 2015-01-30 14:24 - 00000000 ____D () C:\AdwCleaner
2015-01-30 14:17 - 2015-01-30 14:14 - 01707939 _____ (Thisisu) C:\Users\Vroni\Desktop\JRT.exe
2015-01-30 14:17 - 2015-01-30 14:13 - 02194432 _____ () C:\Users\Vroni\Desktop\AdwCleaner_4.109.exe
2015-01-30 13:04 - 2015-01-30 14:26 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-30 13:04 - 2015-01-30 13:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-30 13:04 - 2015-01-30 13:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-30 13:03 - 2015-01-30 13:39 - 00082648 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-30 13:02 - 2015-01-30 13:03 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Vroni\Downloads\mbar-1.08.3.1004.exe
2015-01-30 13:01 - 2015-01-30 13:57 - 00000000 ____D () C:\Users\Vroni\Desktop\mbar
2015-01-30 13:00 - 2015-01-30 12:55 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Vroni\Desktop\mbar-1.08.3.1004.exe
2015-01-30 12:29 - 2015-01-30 12:33 - 00001118 _____ () C:\Users\Vroni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-30 12:18 - 2015-01-30 12:18 - 00000000 ____D () C:\adobeTemp
2015-01-30 11:09 - 2015-01-30 12:44 - 00028717 _____ () C:\Users\Vroni\Desktop\Addition.txt
2015-01-30 11:08 - 2015-01-30 14:40 - 00016254 _____ () C:\Users\Vroni\Desktop\FRST.txt
2015-01-30 11:08 - 2015-01-30 14:40 - 00000000 ____D () C:\FRST
2015-01-30 11:06 - 2015-01-30 11:00 - 01121792 _____ (Farbar) C:\Users\Vroni\Desktop\FRST.exe
2015-01-02 15:34 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-30 14:39 - 2014-09-20 16:44 - 00000000 ____D () C:\Users\Vroni\AppData\Roaming\Skype
2015-01-30 14:39 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-30 14:38 - 2013-10-16 15:18 - 01522373 _____ () C:\Windows\WindowsUpdate.log
2015-01-30 14:38 - 2009-07-14 05:39 - 00045582 _____ () C:\Windows\setupact.log
2015-01-30 14:35 - 2009-07-14 05:34 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-30 14:35 - 2009-07-14 05:34 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-30 14:34 - 2013-10-17 10:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-30 14:31 - 2010-11-20 22:01 - 01619272 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-30 14:26 - 2010-11-20 22:48 - 00698008 _____ () C:\Windows\PFRO.log
2015-01-30 13:38 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\twain_32
2015-01-30 12:33 - 2014-10-14 21:05 - 00002056 _____ () C:\Users\Vroni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-01-30 12:33 - 2013-10-17 08:52 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-30 12:33 - 2013-10-17 08:52 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-30 12:33 - 2013-10-16 15:18 - 00001409 _____ () C:\Users\Vroni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-30 12:23 - 2014-10-25 09:55 - 00000000 ____D () C:\ProgramData\Norton
2015-01-30 12:23 - 2013-10-17 08:24 - 00058824 _____ () C:\Users\Vroni\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-30 12:23 - 2009-07-14 05:33 - 03770680 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-30 12:21 - 2013-10-18 14:50 - 00000000 ____D () C:\Program Files\Adobe
2015-01-30 12:20 - 2013-10-18 14:48 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-30 12:20 - 2013-10-18 14:48 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-30 12:16 - 2013-10-16 15:18 - 00000000 ____D () C:\Users\Vroni
2015-01-30 11:24 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-30 11:07 - 2013-10-17 10:28 - 00000000 ____D () C:\Users\Vroni\AppData\Local\Adobe
2015-01-02 15:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-01-02 15:33 - 2013-10-17 08:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-02 15:28 - 2013-10-17 08:28 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-31 12:13 - 2013-10-16 15:33 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2014-10-14 21:14 - 2014-10-14 21:14 - 1484176 _____ (enter) C:\Users\Vroni\AppData\Roaming\RKJ.exe
2014-10-14 21:13 - 2014-10-14 21:13 - 1971088 _____ (enter) C:\Users\Vroni\AppData\Roaming\SLOBCEOV.exe
2014-07-19 17:43 - 2014-07-19 17:44 - 0001456 _____ () C:\Users\Vroni\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-08-05 10:49 - 2014-08-05 10:49 - 0007605 _____ () C:\Users\Vroni\AppData\Local\Resmon.ResmonCfg
Some content of TEMP:
====================
C:\Users\Vroni\AppData\Local\Temp\asrla0gc.dll
C:\Users\Vroni\AppData\Local\Temp\CLmt3.exe
C:\Users\Vroni\AppData\Local\Temp\cu7dz7vs.dll
C:\Users\Vroni\AppData\Local\Temp\d8ry5sp4.dll
C:\Users\Vroni\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Vroni\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Vroni\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Vroni\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Vroni\AppData\Local\Temp\jyjben87.dll
C:\Users\Vroni\AppData\Local\Temp\KUIU.EXE
C:\Users\Vroni\AppData\Local\Temp\mjakizdc.dll
C:\Users\Vroni\AppData\Local\Temp\optprosetup.exe
C:\Users\Vroni\AppData\Local\Temp\Quarantine.exe
C:\Users\Vroni\AppData\Local\Temp\rlrkfmt9.dll
C:\Users\Vroni\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Vroni\AppData\Local\Temp\setup_337.exe
C:\Users\Vroni\AppData\Local\Temp\sqlite3.dll
C:\Users\Vroni\AppData\Local\Temp\sytcuyo8.dll
C:\Users\Vroni\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Vroni\AppData\Local\Temp\zVHI6.dll
C:\Users\Vroni\AppData\Local\Temp\zVHI6.exe
C:\Users\Vroni\AppData\Local\Temp\~dl51A0.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-30 14:15
==================== End Of Log ============================
--- --- --- Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-01-2015 01
Ran by Vroni at 2015-01-30 14:40:52
Running from C:\Users\Vroni\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArtRage 4 Demo (HKLM\...\ArtRage 4 Demo 4.0.4.0) (Version: 4.0.4.0 - Ambient Design)
ArtRage 4 Demo (Version: 4.0.4.0 - Ambient Design) Hidden
bl (Version: 1.0.0 - Your Company Name) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v4.00.20(SO) - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Google Chrome (HKU\S-1-5-21-533857234-3230724435-3058745666-1000\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
HDAUDIO SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.450 - Oracle)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - )
ph (Version: 1.0.0 - Your Company Name) Hidden
Phase 5 HTML-Editor (HKLM\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4511.0 - SigmaTel)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
TERRATEC Cinergy Hybrid T USB XS FM (32 Bit) (HKLM\...\{271D6941-5F6C-4258-AD43-23839D46DC00}) (Version: 5.09.1202.00 - TERRATEC)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
WEB.DE MailCheck für Mozilla Firefox (HKLM\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 2.10.1.1735 - 1&1 Mail & Media GmbH)
Windows-Treiberpaket - TerraTec (USB28xxBGA) Media (12/02/2009 5.09.1202.00) (HKLM\...\BB2E2D0714CC6BBEFC9CD54767EBB829C39EADEB) (Version: 12/02/2009 5.09.1202.00 - TerraTec )
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Vroni\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Vroni\AppData\Local\Google\Chrome\Application\40.0.2214.94\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
==================== Restore Points =========================
18-10-2014 16:00:39 Windows Update
24-10-2014 21:02:12 Windows Update
27-10-2014 22:35:55 Windows Update
03-11-2014 21:41:44 Windows Update
19-11-2014 21:35:31 Windows Update
19-11-2014 22:43:43 Windows Update
11-12-2014 13:18:05 Windows Update
02-01-2015 15:28:01 Windows Update
30-01-2015 12:10:15 TuneUp Utilities 2014 wird entfernt
30-01-2015 12:11:20 TuneUp Utilities 2014 (de-DE) wird entfernt
30-01-2015 12:20:53 Removed Adobe Widget Browser
30-01-2015 12:21:07 Removed Adobe Help Manager
30-01-2015 13:14:39 Windows Update
30-01-2015 13:37:31 Malwarebytes Anti-Rootkit Restore Point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2013-10-18 15:14 - 00000889 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {5FD6F9A4-36BD-47CC-98AD-0BBCFBEDAD89} - System32\Tasks\{30A31F06-EBED-40F7-A45F-CA73290DA860} => pcalua.exe -a C:\Users\Vroni\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=tugs
Task: {A89E4C46-91F4-4E40-A223-747A7FDC39FB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B437AB69-C2A7-4EF9-9F66-BD2C7A76F443} - System32\Tasks\{F2F7615B-BBF4-44EB-870F-C631BF87AC03} => pcalua.exe -a C:\Users\Vroni\Downloads\SP32899\setup.exe -d C:\Users\Vroni\Downloads\SP32899
Task: {D26CBCDB-F271-4609-AC5B-70208743AEE5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-11] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-17 10:21 - 2005-11-10 13:48 - 00094208 _____ () C:\Windows\system32\Mv25U870Prp.ax
2005-07-22 20:30 - 2005-07-22 20:30 - 00065536 _____ () C:\Windows\system32\TosCommAPI.dll
2015-01-30 13:40 - 2015-01-27 04:44 - 09171272 _____ () C:\Users\Vroni\AppData\Local\Google\Chrome\Application\40.0.2214.94\pdf.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-533857234-3230724435-3058745666-500 - Administrator - Disabled)
Gast (S-1-5-21-533857234-3230724435-3058745666-501 - Limited - Disabled)
Vroni (S-1-5-21-533857234-3230724435-3058745666-1000 - Administrator - Enabled) => C:\Users\Vroni
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/30/2015 02:40:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Microsoft Office Sessions:
=========================
Error: (01/30/2015 02:40:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz
Percentage of memory in use: 30%
Total physical RAM: 3070.05 MB
Available physical RAM: 2135.52 MB
Total Pagefile: 6138.4 MB
Available Pagefile: 5123.4 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.27 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:238.37 GB) (Free:199.15 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 162EBCA0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
30.01.2015, 15:07
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win7 32Bit Home Premium - Windows Befehlsprozessor will ...\Shuka\PackerV2.exe starten Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-CcWC99o5zUNfNlf4Ib2BHaH8eYHjEiX70IAy0PSrfM8JuMf98pBrQ8PkLo6ogGps3182xY2a1NdTJWekBtEYhW4L2qQ_8uef-WJUDiBt68mbtqS04HHB5wy09kVgkaCL8i31x6z8d0DrpySaetdI4nIk144svg,,
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-CcWC99o5zUNfNlf4Ib2BHaH8eYHjEiX70IAy0PSrfM8JuMf98pBrQ8PkLo6ogGpgdtOmcO_BuJvfqdPfXf8swYrhWdYSjMCjI448myNuMf7xIixs33RRms5b1j5hxqeEPKfKQU2WvF7-yiuYODb1ojD3SUhUDA,,&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-CcWC99o5zUNfNlf4Ib2BHaH8eYHjEiX70IAy0PSrfM8JuMf98pBrQ8PkLo6ogGpgdtOmcO_BuJvfqdPfXf8swYrhWdYSjMCjI448myNuMf7xIixs33RRms5b1j5hxqeEPKfKQU2WvF7-yiuYODb1ojD3SUhUDA,,&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-CcWC99o5zUNfNlf4Ib2BHaH8eYHjEiX70IAy0PSrfM8JuMf98pBrQ8PkLo6ogGpgdtOmcO_BuJvfqdPfXf8swYrhWdYSjMCjI448myNuMf7xIixs33RRms5b1j5hxqeEPKfKQU2WvF7-yiuYODb1ojD3SUhUDA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-533857234-3230724435-3058745666-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Extension: UITBAutoInstaller - C:\Program Files\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2014-09-20]
FF Extension: No Name - C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default\extensions\faststartff@gmail.com [Not Found]
FF Extension: No Name - C:\Program Files\ver5SpeedChecker\180.xpi [Not Found]
CHR HomePage: Default -> http://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M64CF35CC-251B-472E-BF7E-3A2B61099B12&SearchSource=55&CUI=&UM=6&UP=SP97E46BA3-2AAB-4E25-8EFD-3CC3FF5DDF3C&SSPV=
CHR StartupUrls: Default -> "http://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M64CF35CC-251B-472E-BF7E-3A2B61099B12&SearchSource=55&CUI=&UM=6&UP=SP97E46BA3-2AAB-4E25-8EFD-3CC3FF5DDF3C&SSPV=", "chrome://newtab/?source=home", "http://www.mystartsearch.com/?type=hp&ts=1413317456&from=tugs&uid=SAMSUNGXSSDX830XSeries_S0XZNEAC706504", "http://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M64CF35CC-251B-472E-BF7E-3A2B61099B12&SearchSource=55&CUI=&UM=6&UP=SP97E46BA3-2AAB-4E25-8EFD-3CC3FF5DDF3C&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultNewTabURL: Default -> https://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M64CF35CC-251B-472E-BF7E-3A2B61099B12&SearchSource=69&CUI=&SSPV=&lay=5&p=cnts&UM=6&UP=SP97E46BA3-2AAB-4E25-8EFD-3CC3FF5DDF3C&SAT=CNTS
CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
C:\Users\Vroni\AppData\Local\Temp\asrla0gc.dll
C:\Users\Vroni\AppData\Local\Temp\CLmt3.exe
C:\Users\Vroni\AppData\Local\Temp\cu7dz7vs.dll
C:\Users\Vroni\AppData\Local\Temp\d8ry5sp4.dll
C:\Users\Vroni\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Vroni\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Vroni\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Vroni\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Vroni\AppData\Local\Temp\jyjben87.dll
C:\Users\Vroni\AppData\Local\Temp\KUIU.EXE
C:\Users\Vroni\AppData\Local\Temp\mjakizdc.dll
C:\Users\Vroni\AppData\Local\Temp\optprosetup.exe
C:\Users\Vroni\AppData\Local\Temp\Quarantine.exe
C:\Users\Vroni\AppData\Local\Temp\rlrkfmt9.dll
C:\Users\Vroni\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Vroni\AppData\Local\Temp\setup_337.exe
C:\Users\Vroni\AppData\Local\Temp\sqlite3.dll
C:\Users\Vroni\AppData\Local\Temp\sytcuyo8.dll
C:\Users\Vroni\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Vroni\AppData\Local\Temp\zVHI6.dll
C:\Users\Vroni\AppData\Local\Temp\zVHI6.exe
C:\Users\Vroni\AppData\Local\Temp\~dl51A0.exe
EmptyTemp:
Hosts:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.01.2015, 15:46
| #13 |
| | Win7 32Bit Home Premium - Windows Befehlsprozessor will ...\Shuka\PackerV2.exe starten Hier kommt die fixlog.txt: Danke, Stonecrax Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-01-2015 01
Ran by Vroni at 2015-01-30 15:43:52 Run:1
Running from C:\Users\Vroni\Desktop
Loaded Profiles: Vroni (Available profiles: Vroni)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-CcWC99o5zUNfNlf4Ib2BHaH8eYHjEiX70IAy0PSrfM8JuMf98pBrQ8PkLo6ogGps3182xY2a1NdTJWekBtEYhW4L2qQ_8uef-WJUDiBt68mbtqS04HHB5wy09kVgkaCL8i31x6z8d0DrpySaetdI4nIk144svg,,
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-CcWC99o5zUNfNlf4Ib2BHaH8eYHjEiX70IAy0PSrfM8JuMf98pBrQ8PkLo6ogGpgdtOmcO_BuJvfqdPfXf8swYrhWdYSjMCjI448myNuMf7xIixs33RRms5b1j5hxqeEPKfKQU2WvF7-yiuYODb1ojD3SUhUDA,,&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-CcWC99o5zUNfNlf4Ib2BHaH8eYHjEiX70IAy0PSrfM8JuMf98pBrQ8PkLo6ogGpgdtOmcO_BuJvfqdPfXf8swYrhWdYSjMCjI448myNuMf7xIixs33RRms5b1j5hxqeEPKfKQU2WvF7-yiuYODb1ojD3SUhUDA,,&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb-CcWC99o5zUNfNlf4Ib2BHaH8eYHjEiX70IAy0PSrfM8JuMf98pBrQ8PkLo6ogGpgdtOmcO_BuJvfqdPfXf8swYrhWdYSjMCjI448myNuMf7xIixs33RRms5b1j5hxqeEPKfKQU2WvF7-yiuYODb1ojD3SUhUDA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-533857234-3230724435-3058745666-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Extension: UITBAutoInstaller - C:\Program Files\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2014-09-20]
FF Extension: No Name - C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default\extensions\faststartff@gmail.com [Not Found]
FF Extension: No Name - C:\Program Files\ver5SpeedChecker\180.xpi [Not Found]
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M64CF35CC-251B-472E-BF7E-3A2B61099B12&SearchSource=55&CUI=&UM=6&UP=SP97E46BA3-2AAB-4E25-8EFD-3CC3FF5DDF3C&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M64CF35CC-251B-472E-BF7E-3A2B61099B12&SearchSource=55&CUI=&UM=6&UP=SP97E46BA3-2AAB-4E25-8EFD-3CC3FF5DDF3C&SSPV=", "chrome://newtab/?source=home", "hxxp://www.mystartsearch.com/?type=hp&ts=1413317456&from=tugs&uid=SAMSUNGXSSDX830XSeries_S0XZNEAC706504", "hxxp://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M64CF35CC-251B-472E-BF7E-3A2B61099B12&SearchSource=55&CUI=&UM=6&UP=SP97E46BA3-2AAB-4E25-8EFD-3CC3FF5DDF3C&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultNewTabURL: Default -> https://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M64CF35CC-251B-472E-BF7E-3A2B61099B12&SearchSource=69&CUI=&SSPV=&lay=5&p=cnts&UM=6&UP=SP97E46BA3-2AAB-4E25-8EFD-3CC3FF5DDF3C&SAT=CNTS
CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
C:\Users\Vroni\AppData\Local\Temp\asrla0gc.dll
C:\Users\Vroni\AppData\Local\Temp\CLmt3.exe
C:\Users\Vroni\AppData\Local\Temp\cu7dz7vs.dll
C:\Users\Vroni\AppData\Local\Temp\d8ry5sp4.dll
C:\Users\Vroni\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Vroni\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Vroni\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Vroni\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Vroni\AppData\Local\Temp\jyjben87.dll
C:\Users\Vroni\AppData\Local\Temp\KUIU.EXE
C:\Users\Vroni\AppData\Local\Temp\mjakizdc.dll
C:\Users\Vroni\AppData\Local\Temp\optprosetup.exe
C:\Users\Vroni\AppData\Local\Temp\Quarantine.exe
C:\Users\Vroni\AppData\Local\Temp\rlrkfmt9.dll
C:\Users\Vroni\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Vroni\AppData\Local\Temp\setup_337.exe
C:\Users\Vroni\AppData\Local\Temp\sqlite3.dll
C:\Users\Vroni\AppData\Local\Temp\sytcuyo8.dll
C:\Users\Vroni\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Vroni\AppData\Local\Temp\zVHI6.dll
C:\Users\Vroni\AppData\Local\Temp\zVHI6.exe
C:\Users\Vroni\AppData\Local\Temp\~dl51A0.exe
EmptyTemp:
Hosts:
*****************
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-533857234-3230724435-3058745666-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully.
HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
C:\Program Files\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} => Moved successfully.
C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default\extensions\faststartff@gmail.com => not found.
C:\Program Files\ver5SpeedChecker\180.xpi => not found.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
CHR DefaultNewTabURL: Default -> https://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M64CF35CC-251B-472E-BF7E-3A2B61099B12&SearchSource=69&CUI=&SSPV=&lay=5&p=cnts&UM=6&UP=SP97E46BA3-2AAB-4E25-8EFD-3CC3FF5DDF3C&SAT=CNTS => Error: No automatic fix found for this entry.
Chrome DefaultSuggestURL deleted successfully.
C:\Users\Vroni\AppData\Local\Temp\asrla0gc.dll => Moved successfully.
C:\Users\Vroni\AppData\Local\Temp\CLmt3.exe => Moved successfully.
C:\Users\Vroni\AppData\Local\Temp\cu7dz7vs.dll => Moved successfully.
C:\Users\Vroni\AppData\Local\Temp\d8ry5sp4.dll => Moved successfully.
C:\Users\Vroni\AppData\Local\Temp\DseShExt-x86.dll => Moved successfully.
C:\Users\Vroni\AppData\Local\Temp\fp_pl_pfs_installer.exe => Moved successfully.
C:\Users\Vroni\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\Vroni\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
C:\Users\Vroni\AppData\Local\Temp\jyjben87.dll => Moved successfully.
C:\Users\Vroni\AppData\Local\Temp\KUIU.EXE => Moved successfully.
C:\Users\Vroni\AppData\Local\Temp\mjakizdc.dll => Moved successfully.
C:\Users\Vroni\AppData\Local\Temp\optprosetup.exe => Moved successfully.
C:\Users\Vroni\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Vroni\AppData\Local\Temp\rlrkfmt9.dll => Moved successfully.
C:\Users\Vroni\AppData\Local\Temp\SDShelEx-win32.dll => Moved successfully.
C:\Users\Vroni\AppData\Local\Temp\setup_337.exe => Moved successfully.
C:\Users\Vroni\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Vroni\AppData\Local\Temp\sytcuyo8.dll => Moved successfully.
C:\Users\Vroni\AppData\Local\Temp\vcredist_x86.exe => Moved successfully.
C:\Users\Vroni\AppData\Local\Temp\zVHI6.dll => Moved successfully.
C:\Users\Vroni\AppData\Local\Temp\zVHI6.exe => Moved successfully.
C:\Users\Vroni\AppData\Local\Temp\~dl51A0.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 1.7 GB temporary data.
The system needed a reboot.
==== End of Fixlog 15:44:18 ====
|
|
30.01.2015, 15:54
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win7 32Bit Home Premium - Windows Befehlsprozessor will ...\Shuka\PackerV2.exe starten Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.01.2015, 16:03
| #15 |
| | Win7 32Bit Home Premium - Windows Befehlsprozessor will ...\Shuka\PackerV2.exe starten Bitte sehr, Danke, Stonecrax FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01
Ran by Vroni (administrator) on VAIO_NOTEBOOK on 30-01-2015 15:58:00
Running from C:\Users\Vroni\Desktop
Loaded Profiles: Vroni (Available profiles: Vroni)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [mbot_de_154] => [X]
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\...\Run: [Google Update] => C:\Users\Vroni\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-21] (Google Inc.)
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\...\Run: [GoogleChromeAutoLaunch_45191224BF4F697402CEEF6853EA9D19] => C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe [843592 2015-01-27] (Google Inc.)
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-533857234-3230724435-3058745666-1000\...\MountPoints2: {254fc985-3669-11e3-ad42-806e6f6e6963} - D:\shelexec.exe .\starter.html
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.40 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-533857234-3230724435-3058745666-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-533857234-3230724435-3058745666-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Radio Canyon - C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default\Extensions\1853a82e-ce44-4a8c-a6fe-9bcf74a65575@4b6b1c16-5f0a-4ef0-866f-b063e235ef97.com [2014-10-14]
FF Extension: videos_MediaPlayers_v1.1 - C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default\Extensions\975af956-6d8c-4897-837a-25c267d2cec1@gmail.com [2014-10-14]
FF Extension: remotexulmanagerxulforgecom - C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default\Extensions\remotexulmanager@xulforge.com [2014-10-24]
FF Extension: WEB.DE MailCheck - C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default\Extensions\toolbar@web.de.xpi [2014-09-20]
FF Extension: No Name - C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\z06qvz7y.default\extensions\faststartff@gmail.com [Not Found]
FF Extension: No Name - C:\Program Files\ver5SpeedChecker\180.xpi [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M64CF35CC-251B-472E-BF7E-3A2B61099B12&SearchSource=55&CUI=&UM=6&UP=SP97E46BA3-2AAB-4E25-8EFD-3CC3FF5DDF3C&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M64CF35CC-251B-472E-BF7E-3A2B61099B12&SearchSource=55&CUI=&UM=6&UP=SP97E46BA3-2AAB-4E25-8EFD-3CC3FF5DDF3C&SSPV=", "chrome://newtab/?source=home", "hxxp://www.mystartsearch.com/?type=hp&ts=1413317456&from=tugs&uid=SAMSUNGXSSDX830XSeries_S0XZNEAC706504", "hxxp://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M64CF35CC-251B-472E-BF7E-3A2B61099B12&SearchSource=55&CUI=&UM=6&UP=SP97E46BA3-2AAB-4E25-8EFD-3CC3FF5DDF3C&SSPV="
CHR Profile: C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (almhciamckkbjlmapgjalcpciigohefi) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\almhciamckkbjlmapgjalcpciigohefi [2014-10-25]
CHR Extension: (Google Docs) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-21]
CHR Extension: (Google Drive) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-12]
CHR Extension: (YouTube) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-21]
CHR Extension: (Adblock Plus) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-21]
CHR Extension: (Google-Suche) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-21]
CHR Extension: (Blöcke Deluxe) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpeikjapgbmncgiaijjfondlfflajnlb [2014-06-21]
CHR Extension: (CHIP Online) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhjmdobefakhdbfdpnnopoaldabldbgd [2014-06-21]
CHR Extension: (The QR Code Generator) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2014-06-21]
CHR Extension: (AdBlock) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-21]
CHR Extension: (Dropbox) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-06-21]
CHR Extension: (View Plug-ins) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjpifmjicccpbkfjdkehimhgklfkbanh [2015-01-30]
CHR Extension: (Google Wallet) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-21]
CHR Extension: (Google Mail) - C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-21]
StartMenuInternet: Google Chrome.BFEL4LOH3ZTRW2USQVE3O2GWV4 - C:\Users\Vroni\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [202112 2005-10-18] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [998656 2005-10-18] (Conexant Systems, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R3 Mvc25U870_VID_1262&PID_25FD; C:\Windows\System32\Drivers\Mvc25U870.sys [55680 2005-12-29] (Micro Vision Co.,Ltd)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45968 2011-11-03] (Rovi Corporation)
R3 SPI; C:\Windows\System32\DRIVERS\SonyPI.sys [14720 2007-08-03] (Sony Corporation)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1076472 2005-11-17] (SigmaTel, Inc.)
R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [217472 2005-10-04] (Texas Instruments)
S3 toshidpt; C:\Windows\System32\drivers\Toshidpt.sys [3712 2005-07-11] (TOSHIBA Corporation.) [File not signed]
R3 tosporte; C:\Windows\System32\DRIVERS\tosporte.sys [46592 2005-09-16] (TOSHIBA Corporation) [File not signed]
S3 Tosrfbd; C:\Windows\System32\Drivers\tosrfbd.sys [108672 2005-10-07] (TOSHIBA CORPORATION) [File not signed]
S3 Tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [36480 2005-09-15] (TOSHIBA Corporation) [File not signed]
S3 Tosrfhid; C:\Windows\System32\DRIVERS\Tosrfhid.sys [62848 2005-10-07] (TOSHIBA Corporation.) [File not signed]
S3 tosrfnds; C:\Windows\System32\DRIVERS\tosrfnds.sys [18612 2005-01-06] (TOSHIBA Corporation.) [File not signed]
S3 TosRfSnd; C:\Windows\System32\drivers\TosRfSnd.sys [52864 2005-11-11] (TOSHIBA Corporation) [File not signed]
S3 Tosrfusb; C:\Windows\System32\Drivers\tosrfusb.sys [36736 2005-11-15] (TOSHIBA CORPORATION) [File not signed]
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [587176 2012-11-13] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [551208 2012-11-13] (eMPIA Technology, Inc.)
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP6\WNt500x86\Sandra.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-30 15:39 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-30 15:39 - 2014-12-11 18:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-30 15:39 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-01-30 15:32 - 2015-01-30 15:32 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-30 15:17 - 2013-10-02 01:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-01-30 15:17 - 2013-10-02 01:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-01-30 15:17 - 2013-10-02 01:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-30 15:17 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-01-30 15:17 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-01-30 15:17 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-01-30 15:17 - 2013-10-02 00:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-01-30 15:17 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-01-30 15:17 - 2013-10-01 23:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-01-30 15:17 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-01-30 14:35 - 2015-01-30 14:35 - 00001059 _____ () C:\Users\Vroni\Desktop\JRT.txt
2015-01-30 14:32 - 2015-01-30 14:32 - 00000000 ____D () C:\Windows\ERUNT
2015-01-30 14:20 - 2015-01-30 14:24 - 00000000 ____D () C:\AdwCleaner
2015-01-30 14:17 - 2015-01-30 14:14 - 01707939 _____ (Thisisu) C:\Users\Vroni\Desktop\JRT.exe
2015-01-30 14:17 - 2015-01-30 14:13 - 02194432 _____ () C:\Users\Vroni\Desktop\AdwCleaner_4.109.exe
2015-01-30 13:04 - 2015-01-30 14:26 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-30 13:04 - 2015-01-30 13:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-30 13:04 - 2015-01-30 13:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-30 13:03 - 2015-01-30 13:39 - 00082648 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-30 13:03 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-30 13:03 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-30 13:03 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-30 13:03 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-30 13:03 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-30 13:03 - 2014-12-04 05:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-01-30 13:03 - 2014-12-04 05:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-01-30 13:03 - 2014-12-04 05:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-01-30 13:03 - 2014-12-04 05:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-01-30 13:03 - 2014-12-04 05:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-01-30 13:03 - 2014-12-04 05:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-01-30 13:03 - 2014-12-04 05:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-01-30 13:03 - 2014-12-02 00:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-01-30 13:03 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-01-30 13:03 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-01-30 13:03 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-01-30 13:03 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-01-30 13:03 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-01-30 13:02 - 2015-01-30 13:03 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Vroni\Downloads\mbar-1.08.3.1004.exe
2015-01-30 13:02 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-01-30 13:02 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-30 13:02 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-30 13:02 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-01-30 13:02 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-30 13:02 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-01-30 13:02 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-01-30 13:02 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-01-30 13:02 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-30 13:02 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-01-30 13:02 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-01-30 13:02 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-01-30 13:02 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-01-30 13:02 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-01-30 13:02 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-01-30 13:02 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-01-30 13:02 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-01-30 13:02 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-01-30 13:02 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-30 13:02 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-30 13:02 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-30 13:02 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-30 13:02 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-01-30 13:02 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-30 13:02 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-01-30 13:02 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-30 13:02 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-30 13:02 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-30 13:02 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-01-30 13:01 - 2015-01-30 13:57 - 00000000 ____D () C:\Users\Vroni\Desktop\mbar
2015-01-30 13:00 - 2015-01-30 12:55 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Vroni\Desktop\mbar-1.08.3.1004.exe
2015-01-30 12:29 - 2015-01-30 12:33 - 00001118 _____ () C:\Users\Vroni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-30 12:18 - 2015-01-30 12:18 - 00000000 ____D () C:\adobeTemp
2015-01-30 11:09 - 2015-01-30 14:41 - 00014663 _____ () C:\Users\Vroni\Desktop\Addition.txt
2015-01-30 11:08 - 2015-01-30 15:58 - 00013755 _____ () C:\Users\Vroni\Desktop\FRST.txt
2015-01-30 11:08 - 2015-01-30 15:58 - 00000000 ____D () C:\FRST
2015-01-30 11:06 - 2015-01-30 11:00 - 01121792 _____ (Farbar) C:\Users\Vroni\Desktop\FRST.exe
2015-01-29 08:14 - 2015-01-29 08:14 - 00071000 _____ (TOSHIBA Corporation) C:\Windows\system32\Drivers\tosrfcom.sys
2015-01-02 15:34 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-30 15:57 - 2013-10-16 15:18 - 01788826 _____ () C:\Windows\WindowsUpdate.log
2015-01-30 15:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-30 15:52 - 2009-07-14 05:34 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-30 15:52 - 2009-07-14 05:34 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-30 15:49 - 2010-11-20 22:01 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-30 15:45 - 2010-11-20 22:48 - 00698342 _____ () C:\Windows\PFRO.log
2015-01-30 15:45 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-30 15:45 - 2009-07-14 05:39 - 00045806 _____ () C:\Windows\setupact.log
2015-01-30 15:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-01-30 15:34 - 2013-10-17 10:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-30 15:33 - 2014-09-20 16:44 - 00000000 ____D () C:\Users\Vroni\AppData\Roaming\Skype
2015-01-30 15:32 - 2014-05-06 06:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-30 15:32 - 2010-11-21 01:46 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE
2015-01-30 15:32 - 2009-07-14 03:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-30 15:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-01-30 15:24 - 2013-10-17 08:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-30 15:18 - 2013-10-17 08:28 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-30 13:38 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\twain_32
2015-01-30 12:33 - 2013-10-17 08:52 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-30 12:33 - 2013-10-17 08:52 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-30 12:33 - 2013-10-16 15:18 - 00001409 _____ () C:\Users\Vroni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-30 12:23 - 2014-10-25 09:55 - 00000000 ____D () C:\ProgramData\Norton
2015-01-30 12:23 - 2013-10-17 08:24 - 00058824 _____ () C:\Users\Vroni\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-30 12:23 - 2009-07-14 05:33 - 03770680 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-30 12:21 - 2013-10-18 14:50 - 00000000 ____D () C:\Program Files\Adobe
2015-01-30 12:20 - 2013-10-18 14:48 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-30 12:20 - 2013-10-18 14:48 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-30 12:16 - 2013-10-16 15:18 - 00000000 ____D () C:\Users\Vroni
2015-01-30 11:07 - 2013-10-17 10:28 - 00000000 ____D () C:\Users\Vroni\AppData\Local\Adobe
2014-12-31 12:13 - 2013-10-16 15:33 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2014-10-14 21:14 - 2014-10-14 21:14 - 1484176 _____ (enter) C:\Users\Vroni\AppData\Roaming\RKJ.exe
2014-10-14 21:13 - 2014-10-14 21:13 - 1971088 _____ (enter) C:\Users\Vroni\AppData\Roaming\SLOBCEOV.exe
2014-07-19 17:43 - 2014-07-19 17:44 - 0001456 _____ () C:\Users\Vroni\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-08-05 10:49 - 2014-08-05 10:49 - 0007605 _____ () C:\Users\Vroni\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-30 14:15
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-01-2015 01
Ran by Vroni at 2015-01-30 15:58:41
Running from C:\Users\Vroni\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArtRage 4 Demo (HKLM\...\ArtRage 4 Demo 4.0.4.0) (Version: 4.0.4.0 - Ambient Design)
ArtRage 4 Demo (Version: 4.0.4.0 - Ambient Design) Hidden
bl (Version: 1.0.0 - Your Company Name) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v4.00.20(SO) - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Google Chrome (HKU\S-1-5-21-533857234-3230724435-3058745666-1000\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
HDAUDIO SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.450 - Oracle)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - )
ph (Version: 1.0.0 - Your Company Name) Hidden
Phase 5 HTML-Editor (HKLM\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4511.0 - SigmaTel)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
TERRATEC Cinergy Hybrid T USB XS FM (32 Bit) (HKLM\...\{271D6941-5F6C-4258-AD43-23839D46DC00}) (Version: 5.09.1202.00 - TERRATEC)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
WEB.DE MailCheck für Mozilla Firefox (HKLM\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 2.10.1.1735 - 1&1 Mail & Media GmbH)
Windows-Treiberpaket - TerraTec (USB28xxBGA) Media (12/02/2009 5.09.1202.00) (HKLM\...\BB2E2D0714CC6BBEFC9CD54767EBB829C39EADEB) (Version: 12/02/2009 5.09.1202.00 - TerraTec )
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Vroni\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Vroni\AppData\Local\Google\Chrome\Application\40.0.2214.94\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-533857234-3230724435-3058745666-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Vroni\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
==================== Restore Points =========================
27-10-2014 22:35:55 Windows Update
03-11-2014 21:41:44 Windows Update
19-11-2014 21:35:31 Windows Update
19-11-2014 22:43:43 Windows Update
11-12-2014 13:18:05 Windows Update
02-01-2015 15:28:01 Windows Update
30-01-2015 12:10:15 TuneUp Utilities 2014 wird entfernt
30-01-2015 12:11:20 TuneUp Utilities 2014 (de-DE) wird entfernt
30-01-2015 12:20:53 Removed Adobe Widget Browser
30-01-2015 12:21:07 Removed Adobe Help Manager
30-01-2015 13:14:39 Windows Update
30-01-2015 13:37:31 Malwarebytes Anti-Rootkit Restore Point
30-01-2015 15:08:50 Windows Update
30-01-2015 15:39:50 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2015-01-30 15:43 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {5FD6F9A4-36BD-47CC-98AD-0BBCFBEDAD89} - System32\Tasks\{30A31F06-EBED-40F7-A45F-CA73290DA860} => pcalua.exe -a C:\Users\Vroni\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=tugs
Task: {A89E4C46-91F4-4E40-A223-747A7FDC39FB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B437AB69-C2A7-4EF9-9F66-BD2C7A76F443} - System32\Tasks\{F2F7615B-BBF4-44EB-870F-C631BF87AC03} => pcalua.exe -a C:\Users\Vroni\Downloads\SP32899\setup.exe -d C:\Users\Vroni\Downloads\SP32899
Task: {D26CBCDB-F271-4609-AC5B-70208743AEE5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-11] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2004-07-20 16:04 - 2004-07-20 16:04 - 00094208 _____ () C:\Windows\System32\TosBtHcrpAPI.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-17 10:21 - 2005-11-10 13:48 - 00094208 _____ () C:\Windows\system32\Mv25U870Prp.ax
2005-07-22 20:30 - 2005-07-22 20:30 - 00065536 _____ () C:\Windows\system32\TosCommAPI.dll
2015-01-30 13:40 - 2015-01-27 04:44 - 09171272 _____ () C:\Users\Vroni\AppData\Local\Google\Chrome\Application\40.0.2214.94\pdf.dll
2014-06-21 06:47 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-06-21 06:47 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-533857234-3230724435-3058745666-500 - Administrator - Disabled)
Gast (S-1-5-21-533857234-3230724435-3058745666-501 - Limited - Disabled)
Vroni (S-1-5-21-533857234-3230724435-3058745666-1000 - Administrator - Enabled) => C:\Users\Vroni
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/30/2015 03:47:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/30/2015 03:44:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/30/2015 03:34:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/30/2015 02:48:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/30/2015 02:45:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/30/2015 02:40:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (01/30/2015 03:57:45 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR5 gefunden.
Error: (01/30/2015 03:57:44 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR5 gefunden.
Error: (01/30/2015 03:43:28 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
Error: (01/30/2015 03:43:27 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
Error: (01/30/2015 03:43:26 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
Error: (01/30/2015 03:16:59 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f020b fehlgeschlagen: TOSHIBA - Audio Device, Other hardware - BT Port
Error: (01/30/2015 02:43:06 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
Error: (01/30/2015 02:43:04 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
Microsoft Office Sessions:
=========================
Error: (01/30/2015 03:47:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/30/2015 03:44:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/30/2015 03:34:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/30/2015 02:48:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/30/2015 02:45:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Users\Vroni\AppData\Local\Temp\Shuka\64.exe
Error: (01/30/2015 02:40:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz
Percentage of memory in use: 36%
Total physical RAM: 3070.05 MB
Available physical RAM: 1942.12 MB
Total Pagefile: 6138.4 MB
Available Pagefile: 4875.15 MB
Total Virtual: 2047.88 MB
Available Virtual: 1924.11 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:238.37 GB) (Free:202.36 GB) NTFS
Drive h: (TCL) (Removable) (Total:3.74 GB) (Free:0.34 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 162EBCA0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (Size: 3.7 GB) (Disk ID: B78A99B8)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0B)
==================== End Of Log ============================
|
|
| Themen zu Win7 32Bit Home Premium - Windows Befehlsprozessor will ...\Shuka\PackerV2.exe starten |
| adobe, adware, bonjour, booten, browser, cpu, defender, error, failed, fehler, flash player, home, homepage, installmanager.exe, mozilla, newtab, packerv2.exe, registry, rundll, scan, security, services.exe, shuka, software, starten, svchost.exe, symantec, teredo, updates, vcredist, windows |
Linear-Darstellung
