| |
| |||||||
Log-Analyse und Auswertung: CPU-Auslastung 100% und blinkende Sanduhr und und und....Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.04.2015, 19:51
| #1 |
| |  CPU-Auslastung 100% und blinkende Sanduhr und und und.... Hallo, ratlos und überfordert wende ich mich an Euch: Gebe zu, ich bin niemand, der seine Hard- und Software pflegt, es muss halt irgendwie funktionieren. Wahrscheinlich sträuben sich Euch jetzt die Haare: Mein Notebook mitsamt aller Komponenten ist jetzt ca. 6 Jahre alt und außer hin und wieder virenscannen und updaten bekommt es von mir keine besondere Behandlung. Mit der Zeit wurde es immer langsamer. Daran könnte ich mich notfalls noch gewöhnen. Aber seit mein Sohn Minecraft-besessen ist und alles Mögliche und Unmögliche dafür auf diese Rechner geladen hat, habe ich ernsthafte Probleme. Die da wären: 1. Filme ruckeln und hängen. Streamen über mein Ama...Prime ist jetzt sinnlos! 2. Beim Mauszeiger sitzt jetzt immer die Sanduhr (also IMMER), und diese flackert 3. CPU-Auslastung bei 100% (wenn ich nichts geöffnet habe!). Ich hab ja leider kaum Ahnung von der Materie. Nach Eurer supertollen Anleitung (auch für Doofe ;-) habe ich den ESET-Scan durchgeführt. Ganze 50 infizierte Dateien! Den Log stelle ich gleich hier mit rein. Bin schon ganz aufgeregt!  Ich hoffe, Ihr könnt etwas erkennen und mir irgendwas raten (außer, mir ne neue Kiste zu kaufen...) 1000 Dank schonmal! ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=aac5762d330ed543964b63e221e129ae # engine=23253 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-04-06 06:16:45 # local_time=2015-04-06 08:16:45 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode_1='' # compatibility_mode=5892 16776574 100 100 196777 265876933 0 0 # scanned=221802 # found=50 # cleaned=0 # scan_time=11972 sh=CC9173458DA2B4828925A11AC304A4B7C567E26E ft=1 fh=3e0a7ef28e598d37 vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\65Uninstall FromDocToPDF.dll" sh=ACB72817BC69A304BDC4777FDE40AD273B746BD3 ft=1 fh=731c2e0b79d3789c vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Shareaza Applications\MediaBar\Datamngr\datamngr.dll" sh=0D5C033522664DEFC9EA9783E5F42220FC3985BB ft=1 fh=b5f6f8c7239c11fb vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Shareaza Applications\MediaBar\Datamngr\IEBHO.dll" sh=E58398E45A076F76C94F5D41D80B190A4E9E96A1 ft=1 fh=434b0a4e5fe2f937 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Shareaza Applications\MediaBar\ToolBar\shbandmltbpi.dll" sh=00B65D53820FBC97BBD03671A515215B22FD12AD ft=1 fh=333eeb5c310e548b vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Shareaza Applications\MediaBar\ToolBar\shdtxmltbpi.dll" sh=99DF98DFEF4B483889FA88162D20EE46340A5DBE ft=1 fh=e6e2c196b2ffcb6f vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64auxstb.dll" sh=15780E2D434C0E4141659CE6CBF61C7C6ACA059F ft=1 fh=4015be178e691f54 vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll" sh=56CF4F2AC44C6ADD5CDCD419BA4B99D22DC7A0E3 ft=1 fh=46ed14ba69906e9f vn="Win32/Toolbar.MyWebSearch.X evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe" sh=12FF3195BDACA5482034AAC3C3E132D5ADA421A9 ft=1 fh=982f80d197512813 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64brstub.dll" sh=BAEFCB03679575349E01668C4F0938643BAAA022 ft=1 fh=45ba6b521529362d vn="Variante von Win32/Toolbar.MyWebSearch.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64datact.dll" sh=0C88EFCFA1C77D597111125A6C031CEB47B18BA7 ft=1 fh=b856def4c7346ea3 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64dlghk.dll" sh=8090E240F528004402B29C11E5072BED79D95384 ft=1 fh=73e118282d8d3c4a vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64dyn.dll" sh=2CA2EA6CF1AD1FE87C25D4AB6B1C7729E48C6390 ft=1 fh=a34a8b9082c46c86 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64feedmg.dll" sh=9788294F2B8AB28DBAE4C73BB61A6B1200BDD89D ft=1 fh=af8ed8fd644fe8ac vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64highin.exe" sh=9D54BAF23397E5F1444BC6471052AD234B76FBD3 ft=1 fh=2ab58862c927227b vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64hkstub.dll" sh=53F3044159FFCF82C746898941DBE3DC2AC9A24C ft=1 fh=09fa8c8598e549f8 vn="Variante von Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64htmlmu.dll" sh=978867B422339E68971E56C49C66F14F2ACD745D ft=1 fh=dd289cd2c7a55037 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64httpct.dll" sh=DC971C75FFCE77CC952FB6660A2603E09D62D4D9 ft=1 fh=ac2f97e786bfc982 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64idle.dll" sh=92AC05FFF3AD68271062A3DCB87E12EE6B816DDB ft=1 fh=acec1e59f99ab2fd vn="Variante von Win32/Toolbar.MyWebSearch.P evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64ieovr.dll" sh=5AE09DF85A30864BBE5F3E6D782358C8F95CDB95 ft=1 fh=a6fc020f2a9ed637 vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64impipe.exe" sh=556C4FCA5D890F17B7B5040A601B42452A205E29 ft=1 fh=0f2a31b21601aeb5 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64medint.exe" sh=3EB4A6A25199E6339EC04F36189C71738DE63CE7 ft=1 fh=eafb3b5bfaf84345 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64mlbtn.dll" sh=DFD07B722E317D1CDDAAB7D5B31BFAB57CC5E739 ft=1 fh=507b4871517a4ad4 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64msg.dll" sh=E2D44843150192CEE5580CAA0A05BB015271B7CD ft=1 fh=8293caf33be135a7 vn="Variante von Win32/Toolbar.MyWebSearch evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64Plugin.dll" sh=77C8DC985373B1E5D9035ECB3A831C7DD1ABFD55 ft=1 fh=e1f880731de07609 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64radio.dll" sh=C5F26031D5E0C487BFF0D60AA44603135BF60395 ft=1 fh=a846ae5344ec78c3 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64regfft.dll" sh=C9C4AAE19A349C578399BAC5A5D780ED8BE3AB00 ft=1 fh=b136be0af2d0d6fc vn="Variante von Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64reghk.dll" sh=65D604A070334183E5034CDEEC5838E46D705794 ft=1 fh=3d9a604351eb1640 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64regiet.dll" sh=72E48F7F37E208A52AD975EAECAB29FC50223C27 ft=1 fh=958a563919bf5cc2 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64script.dll" sh=857980A7B7AB77FF8E34A090CCD76B8BA628E7E4 ft=1 fh=6c9ac10ea3ee1cdd vn="Variante von Win32/Toolbar.MyWebSearch.P evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64skin.dll" sh=496310EE0816B49176E03226DB102FAE9AA452B4 ft=1 fh=ceffc168909c0690 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64sknlcr.dll" sh=F5946D49A70A64072739370E7BAD592FE4799EA1 ft=1 fh=5bc3efb780caf8fa vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64skplay.exe" sh=BE21D76E502D546B2D88093E13F07923EB59380B ft=1 fh=7424967c664ed914 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll" sh=585A73EB1DFA6B0B5C5FF5D76212FD8D0CEF4DF4 ft=1 fh=4b5f86942f564423 vn="Variante von Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64SrchMn.exe" sh=41D9D722E583CBEB3DA15061BE203C4428E6EF60 ft=1 fh=ea5ef91dc0a8d24b vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64tpinst.dll" sh=110033F4A78DCA521E8BA73F75747E4E3B6AE545 ft=1 fh=21686246ae128bdd vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64uabtn.dll" sh=564173EA0828794311CA65A24B506DD5A01481A0 ft=1 fh=110c0f02df363965 vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\CREXT.DLL" sh=7C7F414357AE6EA119581D9F98F815A8E7F345AD ft=1 fh=36e26079e06cfa5e vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\CrExtP64.exe" sh=A8B4F9698C89EA7B44863A5617391F24825C4FC8 ft=1 fh=21f33d43b68f244b vn="Win32/Toolbar.MyWebSearch.T evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll" sh=244310F981448E11F34B9981614B6FA9BE973446 ft=1 fh=a66d4ad4dd5d0c5d vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\T8EXTEX.DLL" sh=B8944722E8D577E67925DD4A72D1D8E44C3BC6CA ft=1 fh=6f8a20cf4b11d7b0 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\T8EXTPEX.DLL" sh=1967506783A2EFD10777FBCA0DA4DA6D4EBE1D5B ft=1 fh=2f1744e0249338c5 vn="Variante von Win32/Toolbar.MyWebSearch.F evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\T8HTML.DLL" sh=7C98CBA50F261D738259554D4FE706C997C654F7 ft=1 fh=ac0773121b683aed vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\T8TICKER.DLL" sh=0F78FE90AF015B0A511EDE007BD1791A341E891E ft=1 fh=d4fd6df3b7cf992d vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\trzBBDF.tmp" sh=0CF45D227841C1D616BB7B710EA197D526E6CBB8 ft=1 fh=1c6e9b57881f0e26 vn="Mehrere Bedrohungen" ac=I fn="C:\ProgramData\Updater\Uninstall.exe" sh=0CF45D227841C1D616BB7B710EA197D526E6CBB8 ft=1 fh=1c6e9b57881f0e26 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\All Users\Updater\Uninstall.exe" sh=1549CF4F9282F1B42A58B5E050E12EF0AD669798 ft=1 fh=ffe6693d8bc7d6c5 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\srmdis\AppData\Roaming\BabSolution\Shared\BabMaint.exe" sh=671E3E4E9E4C9A039D9AD1479A0C91E670AF18E3 ft=1 fh=d643e79c9fb8f862 vn="Win32/Toolbar.Babylon.AE evtl. unerwünschte Anwendung" ac=I fn="C:\Users\srmdis\AppData\Roaming\BabSolution\Shared\BUSolution.dll" sh=511D06F2CCE4C759F2C44603CC19672211440B03 ft=1 fh=5adf7b3fb01f74be vn="Variante von Win32/Vittalia.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\srmdis\Downloads\installer_pou_for_pc_1_2_6_Deutsch.exe" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="${Memory}" |
|
06.04.2015, 20:01
| #2 |
| /// the machine /// TB-Ausbilder    | CPU-Auslastung 100% und blinkende Sanduhr und und und.... hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
07.04.2015, 13:58
| #3 |
| | Scan result of FRST Hallo Schrauber, hier die erste Datei:
__________________FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by srmdis (administrator) on MEINKLAPPTOP on 07-04-2015 10:42:59
Running from C:\Users\srmdis\Desktop
Loaded Profiles: srmdis (Available profiles: srmdis & Benito & Gast)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(O2Micro International) C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
(COMPANYVERS_NAME) C:\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Toshiba) C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation.) C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(Updater) C:\ProgramData\Updater\updater.exe
(Chicony) C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(TOSHIBA) C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SMARTAUDIO\SmAudio.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
(WatchDog) C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
(WatchDog) C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
(WatchDog) C:\ProgramData\RHelpers\IeHelper\IeHelper.exe
(TOSHIBA Corporation.) C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Google EULA Launcher] => c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [20480 2008-05-28] ( )
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-11-29] (Synaptics, Inc.)
HKLM\...\Run: [HDMICtrlMan] => C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [716800 2008-04-26] (TOSHIBA Corporation.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [652624 2007-10-26] (CANON INC.)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [TelevisionFanatic Search Scope Monitor] => C:\Program Files\TelevisionFanatic\bar\1.bin\64SrchMn.exe [42536 2012-09-23] (MindSpark)
HKLM\...\Run: [NPSStartup] => [X]
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [601928 2013-07-04] (BlueStack Systems, Inc.)
HKLM\...\Run: [Updater] => C:\ProgramData\Updater\Updater.exe [481656 2013-11-21] (Updater)
HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-04-29] (Chicony)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [704512 2015-04-06] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\...\Run: [Updater] => C:\ProgramData\Updater\updater.exe [481656 2013-11-21] (Updater)
HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\...\Run: [toscdspd] => TOSCDSPD.EXE
HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\...\Run: [SmAudio] => C:\Program Files\Conexant\SmartAudio\SmAudio.exe [2712912 2008-10-29] (Conexant Systems, Inc.)
HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\...\MountPoints2: {89ad53e2-6096-11e1-8f3e-00238b660176} - D:\setup.exe
HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\...\MountPoints2: {d16fbc23-f44b-11dd-ab11-806e6f6e6963} - F:\tools\shelexec.exe ..\html\index.htm
Startup: C:\Users\Anette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
BootExecute: autocheck autochk /r \??\C:autocheck autochk *
GroupPolicyUsers\S-1-5-21-4203143292-2018196265-3648757700-1004\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
URLSearchHook: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000 - (No Name) - {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark)
SearchScopes: HKLM -> DefaultScope {42D46B07-5919-4F66-9FBC-1B418FEE0FE5} URL = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
SearchScopes: HKLM -> {42D46B07-5919-4F66-9FBC-1B418FEE0FE5} URL = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
SearchScopes: HKLM -> {71C63272-91A7-436a-843D-A1C641D1C626} URL = hxxp://search.shareazaweb.com/web?src=ieb&systemid=3&q={searchTerms}
SearchScopes: HKLM -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^Y6^xdm043^YY^de&si=swissconverter&ptb=DECFA255-C580-4620-87F2-7028890C9E35&ind=2013112304&n=77fda7f0&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6A500022FA1EA5E2&affID=119357&tt=240913_246&tsp=5019
SearchScopes: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000 -> {42D46B07-5919-4F66-9FBC-1B418FEE0FE5} URL = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GPEA_de
SearchScopes: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000 -> {71C63272-91A7-436a-843D-A1C641D1C626} URL = hxxp://search.shareazaweb.com/web?src=ieb&systemid=3&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://www.bigseekpro.com/search/browser/videodownloadtoolbar/{9C821796-6988-4EB2-9A13-E74745671BC0}?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000 -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^Y6^xdm043^YY^de&si=swissconverter&ptb=DECFA255-C580-4620-87F2-7028890C9E35&ind=2013112304&n=77fda7f0&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000 -> {E52BE12D-A44A-4f51-9DC1-34F37A488CC7} URL = hxxp://search.videodownload-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Search Assistant BHO -> {5d79f641-c168-40df-a32f-bacea7509e75} -> C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll [2012-09-23] (MindSpark)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-23] (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
BHO: Toolbar BHO -> {cb41fc95-f1b3-4797-8bb6-1012ff62abba} -> C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll [2012-09-23] (MindSpark)
BHO: UrlHelper Class -> {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} -> C:\Program Files\Shareaza Applications\MediaBar\Datamngr\IEBHO.dll [2011-02-08] (Discordia, LTD)
BHO: MediaBar -> {d48c9ead-f59f-4dea-ac97-7065fea79f42} -> C:\Program Files\Shareaza Applications\MediaBar\ToolBar\shdtxmltbpi.dll [2011-01-25] ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-23] (Oracle Corporation)
BHO: PAYBACK Toolbar Browserhilfsobjekt -> {E141F5C3-2619-4996-8AF8-AA0A9439D986} -> C:\Program Files\Payback\PAYBACK Toolbar\PaybackToolbar.dll [2012-07-11] (PAYBACK GmbH)
Toolbar: HKLM - MediaBar - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - C:\Program Files\Shareaza Applications\MediaBar\ToolBar\shdtxmltbpi.dll [2011-01-25] ()
Toolbar: HKLM - PAYBACK Toolbar - {9613CB43-EA4C-48b5-878D-13DFE1818EFE} - C:\Program Files\Payback\PAYBACK Toolbar\PaybackToolbar.dll [2012-07-11] (PAYBACK GmbH)
Toolbar: HKLM - TelevisionFanatic - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll [2012-09-23] (MindSpark)
Toolbar: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000 -> No Name - {E52BE12D-A44A-4F51-9DC1-34F37A488CC7} - No File
Toolbar: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000 -> PAYBACK Toolbar - {9613CB43-EA4C-48B5-878D-13DFE1818EFE} - C:\Program Files\Payback\PAYBACK Toolbar\PaybackToolbar.dll [2012-07-11] (PAYBACK GmbH)
Toolbar: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000 -> TelevisionFanatic - {C98D5B61-B0EA-4D48-9839-1079D352D880} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll [2012-09-23] (MindSpark)
Toolbar: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 19 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Tcpip\..\Interfaces\{944C3433-49ED-4329-B601-C11A37843AB3}: [NameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default
FF SelectedSearchEngine: Delta Search
FF Homepage: https://www.google.de/
FF Keyword.URL: hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=DECFA255-C580-4620-87F2-7028890C9E35&n=77fd0a2e&ind=2013071918&p2=^Y6^xdm043^YY^de&si=swissconverter&searchfor=
FF NetworkProxy: "share_proxy_settings", true
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-14] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll [2013-04-26] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-07-12] (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @TelevisionFanatic.com/Plugin -> C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll [2012-09-23] (MindSpark)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4203143292-2018196265-3648757700-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\srmdis\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-08] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\user.js [2013-11-25]
FF SearchPlugin: C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\searchplugins\babylon.xml [2013-07-19]
FF SearchPlugin: C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\searchplugins\delta.xml [2013-07-19]
FF SearchPlugin: C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\searchplugins\my-web-search.xml [2013-05-20]
FF Extension: Avira Browser Safety - C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\Extensions\abs@avira.com [2015-04-06]
FF Extension: FoxyProxy Standard - C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\Extensions\foxyproxy@eric.h.jung [2015-04-04]
FF Extension: No Name - C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\Extensions\trash [2015-04-06]
FF Extension: Proxy-Listen.de - Proxyswitcher - C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\Extensions\admin@proxy-listen.de.xpi [2014-03-17]
FF Extension: Grooveshark Unlocker - C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\Extensions\groovesharkUnlocker@overlord1337.xpi [2013-09-25]
FF Extension: SciLor's Grooveshark(tm) Unlocker for Germany - C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\Extensions\SciLorsGrooveUnlocker@scilor.com.xpi [2013-09-25]
FF Extension: PAYBACK Internet Assistent fuer Firefox - C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\Extensions\toolbar-ff@payback.de.xpi [2013-11-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-17]
FF HKLM\...\Firefox\Extensions: [64ffxtbr@TelevisionFanatic.com] - C:\Program Files\TelevisionFanatic\bar\1.bin
FF Extension: TelevisionFanatic - C:\Program Files\TelevisionFanatic\bar\1.bin [2012-09-23]
FF HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
Chrome:
=======
CHR Profile: C:\Users\srmdis\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-04-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-04-06] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [393032 2013-07-04] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384840 2013-07-04] (BlueStack Systems, Inc.)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2009-03-31] (Teruten) [File not signed]
S2 gupdate1c9ce8ca7271c73; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 o2flash; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [65536 2007-02-12] (O2Micro International) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]
R3 SmartFaceVWatchSrv; C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [73728 2008-04-24] (Toshiba) [File not signed]
R2 TelevisionFanaticService; C:\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe [42504 2012-09-23] (COMPANYVERS_NAME)
R2 TemproMonitoringService; C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [116104 2009-04-21] (Toshiba Europe GmbH)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
U2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26032 2014-04-09] (Wondershare)
R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [24408 2012-03-07] (AVAST Software)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-04-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-04-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2015-04-06] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [63816 2013-07-04] (BlueStack Systems)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] () [File not signed]
R3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [8192 2007-04-09] (TOSHIBA)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [22184 2013-12-04] (Audials AG)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2015-04-06] (Avira GmbH)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39048 2013-12-04] (RapidSolution Software AG)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S3 igfx; system32\DRIVERS\igdkmd32.sys [X]
S3 IntcHdmiAddService; system32\drivers\IntcHdmi.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 Tosrfcom; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-07 10:42 - 2015-04-07 10:45 - 00025816 ____C () C:\Users\srmdis\Desktop\FRST.txt
2015-04-07 10:42 - 2015-04-07 10:43 - 00000000 ___DC () C:\FRST
2015-04-07 10:40 - 2015-04-07 10:40 - 01135104 ____C (Farbar) C:\Users\srmdis\Desktop\FRST.exe
2015-04-06 16:48 - 2015-04-06 16:48 - 00000937 ____C () C:\Users\srmdis\Desktop\esetsmartinstaller_deu - Verknüpfung.lnk
2015-04-06 16:48 - 2015-04-06 16:48 - 00000000 ___DC () C:\Program Files\ESET
2015-04-06 16:47 - 2015-04-06 16:47 - 02347384 ____C (ESET) C:\Users\srmdis\Downloads\esetsmartinstaller_deu.exe
2015-04-06 16:28 - 2015-04-06 16:28 - 00243656 ____C () C:\Users\srmdis\Downloads\Firefox Setup Stub 37.0.1.exe
2015-04-06 16:00 - 2015-04-06 16:02 - 24301976 ____C () C:\Users\srmdis\Downloads\driver_audio_conexant_TC70050000A(1).exe
2015-04-06 16:00 - 2015-04-06 16:01 - 24301976 ____C () C:\Users\srmdis\Downloads\driver_audio_conexant_TC70050000A.exe
2015-04-06 15:21 - 2015-04-06 15:21 - 00000000 ___DC () C:\Users\srmdis\AppData\Roaming\Avira
2015-04-06 15:19 - 2015-04-06 15:19 - 00001858 ____C () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-04-06 15:17 - 2015-04-06 15:10 - 00136216 ____C (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-06 15:17 - 2015-04-06 15:10 - 00105864 ____C (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-04-06 15:17 - 2015-04-06 15:10 - 00037352 ____C (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-04-06 15:17 - 2015-04-06 15:10 - 00028520 ____C (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2015-04-06 14:37 - 2015-04-06 14:53 - 00001128 ____C () C:\Windows\PFRO.log
2015-04-06 14:16 - 2015-04-06 14:16 - 00000918 ____C () C:\Users\srmdis\Documents\cc_20150406_141643.reg
2015-03-28 17:10 - 2015-04-06 16:31 - 00000000 ___DC () C:\Program Files\Mozilla Firefox
2015-03-18 16:59 - 2015-03-18 16:59 - 00000000 ___DC () C:\Users\srmdis\AppData\Local\ShdUpdate
2015-03-16 20:28 - 2015-03-16 20:28 - 01190415 ____C () C:\Users\srmdis\Downloads\ProcessExplorer.zip
2015-03-16 19:56 - 2015-03-16 19:56 - 00000000 ___DC () C:\ProgramData\McAfee
2015-03-15 17:21 - 2015-03-15 17:21 - 00021302 ____C () C:\Users\srmdis\Documents\cc_20150315_162134.reg
2015-03-15 16:13 - 2015-03-15 16:13 - 00000000 ___DC () C:\ProgramData\IsolatedStorage
2015-03-13 22:07 - 2015-03-13 22:30 - 712965003 ____C () C:\Users\srmdis\Downloads\Das Alte Böse Wir-HD(1).mp4
2015-03-13 22:00 - 2015-03-13 22:05 - 178937718 ____C () C:\Users\srmdis\Downloads\Das Alte Böse Wir-SD.mp4
2015-03-12 22:33 - 2015-01-29 03:35 - 00369664 ____C (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 22:32 - 2015-01-29 03:35 - 00975360 ____C (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 22:31 - 2015-02-26 02:18 - 02064384 ____C (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 22:22 - 2015-02-20 04:03 - 00034304 ____C (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 22:22 - 2015-02-20 02:28 - 00296960 ____C (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 22:20 - 2015-02-26 04:01 - 03604408 ____C (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-12 22:20 - 2015-02-26 04:01 - 03552184 ____C (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 22:20 - 2015-01-21 04:02 - 00807936 ____C (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 22:20 - 2015-01-09 04:04 - 00049152 ____C (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-12 22:20 - 2015-01-09 02:18 - 00064000 ____C (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 22:19 - 2015-03-06 06:01 - 00279040 ____C (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 22:17 - 2014-10-13 03:12 - 02264064 ____C (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-12 22:16 - 2015-02-18 04:02 - 11587584 ____C (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-12 21:22 - 2015-02-21 19:37 - 12375040 ____C (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-12 21:22 - 2015-02-21 19:34 - 00367104 ____C (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-12 21:22 - 2015-02-21 19:29 - 09747968 ____C (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-12 21:22 - 2015-02-21 19:28 - 01810944 ____C (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-12 21:22 - 2015-02-21 19:22 - 01139200 ____C (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-12 21:22 - 2015-02-21 19:21 - 01427968 ____C (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-12 21:22 - 2015-02-21 19:21 - 01129472 ____C (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-12 21:22 - 2015-02-21 19:20 - 00231936 ____C (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-12 21:22 - 2015-02-21 19:20 - 00065536 ____C (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-12 21:22 - 2015-02-21 19:19 - 01803264 ____C (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-12 21:22 - 2015-02-21 19:19 - 00717824 ____C (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-12 21:22 - 2015-02-21 19:19 - 00607744 ____C (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-12 21:22 - 2015-02-21 19:19 - 00421376 ____C (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-12 21:22 - 2015-02-21 19:19 - 00142848 ____C (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-12 21:22 - 2015-02-21 19:18 - 02382848 ____C (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-12 21:22 - 2015-02-21 19:18 - 00353792 ____C (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-12 21:22 - 2015-02-21 19:18 - 00223232 ____C (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-12 21:22 - 2015-02-21 19:18 - 00073216 ____C (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-12 21:22 - 2015-02-21 19:18 - 00041472 ____C (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-12 21:22 - 2015-02-21 19:18 - 00011776 ____C (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-12 21:22 - 2015-02-21 19:18 - 00010752 ____C (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-12 21:22 - 2015-02-21 19:17 - 00176640 ____C (Microsoft Corporation) C:\Windows\system32\ieui.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-07 10:45 - 2009-02-12 13:02 - 00000418 ___HC () C:\Windows\Tasks\User_Feed_Synchronization-{1D6C683A-5F44-44BD-A493-C7E113AD41AA}.job
2015-04-07 10:44 - 2010-01-24 21:53 - 01461726 ____C () C:\Windows\WindowsUpdate.log
2015-04-07 10:40 - 2013-09-28 22:40 - 00000296 ____C () C:\Windows\Tasks\DigitalSite.job
2015-04-07 10:39 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-07 10:39 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-07 10:36 - 2009-06-30 19:34 - 00001060 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-07 10:34 - 2012-04-03 21:01 - 00000884 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-06 16:31 - 2012-10-13 12:59 - 00000000 ___DC () C:\Program Files\Mozilla Maintenance Service
2015-04-06 16:31 - 2012-02-05 18:50 - 00000869 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-06 16:31 - 2012-02-05 18:23 - 00000857 ____C () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-06 15:28 - 2006-11-02 14:37 - 00000000 __RDC () C:\Users\srmdis\Desktop\Games
2015-04-06 15:19 - 2013-03-19 22:37 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-06 15:17 - 2013-03-19 22:37 - 00000000 ___DC () C:\ProgramData\Avira
2015-04-06 15:17 - 2013-03-19 22:37 - 00000000 ___DC () C:\Program Files\Avira
2015-04-06 15:14 - 2013-07-19 18:21 - 00000000 ___DC () C:\Users\srmdis\AppData\Roaming\.minecraft
2015-04-06 14:59 - 2009-02-06 15:41 - 00000000 ___DC () C:\Users\srmdis
2015-04-06 14:54 - 2013-05-31 22:29 - 00000350 ____C () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-04-06 14:54 - 2009-06-30 19:34 - 00001056 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-06 14:54 - 2006-11-02 15:01 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2015-04-06 14:53 - 2006-11-02 15:01 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-04 12:56 - 2010-08-15 15:01 - 00000680 ____C () C:\Users\srmdis\AppData\Local\d3d9caps.dat
2015-03-15 17:27 - 2012-08-16 22:13 - 00000000 ___DC () C:\Program Files\Samsung
2015-03-15 16:07 - 2008-07-10 10:11 - 00000000 ___DC () C:\ProgramData\Adobe
2015-03-15 12:44 - 2013-12-09 10:49 - 00000000 _SHDC () C:\Windows\system32\AI_RecycleBin
2015-03-14 22:01 - 2012-04-03 21:01 - 00778928 ____C (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-14 22:01 - 2011-05-17 09:42 - 00142512 ____C (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-14 21:59 - 2009-02-14 22:11 - 00000000 ___DC () C:\Users\srmdis\AppData\Local\Adobe
2015-03-13 19:23 - 2006-11-02 14:47 - 00325640 ____C () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 22:31 - 2013-08-15 23:15 - 00000000 ___DC () C:\Windows\system32\MRT
2015-03-12 22:23 - 2006-11-02 12:24 - 119837696 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
==================== Files in the root of some directories =======
2015-02-13 20:42 - 2013-05-20 15:40 - 0186752 ____C () C:\Program Files\65res.dll
2015-02-13 20:42 - 2013-05-20 15:40 - 0708168 ____C (MindSpark) C:\Program Files\65Uninstall FromDocToPDF.dll
2014-12-24 23:31 - 2014-12-24 23:39 - 0000369 ____C () C:\Users\srmdis\AppData\Roaming\.foobillardrc
2009-02-07 12:46 - 2009-02-07 12:46 - 0000016 ___HC () C:\Users\srmdis\AppData\Roaming\mxfilerelatedcache.mxc2
2009-11-07 21:59 - 2009-11-07 21:59 - 0025903 ____C () C:\Users\srmdis\AppData\Roaming\UserTile.png
2013-09-29 11:40 - 2014-10-21 16:38 - 0000093 ____C () C:\Users\srmdis\AppData\Roaming\WB.CFG
2013-09-29 11:40 - 2014-02-01 01:40 - 0000005 ____C () C:\Users\srmdis\AppData\Roaming\WBPU-TTL.DAT
2009-02-07 14:28 - 2015-02-22 18:22 - 0005558 ____C () C:\Users\srmdis\AppData\Roaming\wklnhst.dat
2010-08-15 15:01 - 2015-04-04 12:56 - 0000680 ____C () C:\Users\srmdis\AppData\Local\d3d9caps.dat
2009-12-05 23:47 - 2014-12-25 14:40 - 0045568 ____C () C:\Users\srmdis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-12-13 21:41 - 2009-12-13 21:41 - 0000016 ___HC () C:\Users\srmdis\AppData\Local\mxfilerelatedcache.mxc2
2014-06-10 18:55 - 2014-06-10 18:55 - 0000000 ____C () C:\Users\srmdis\AppData\Local\{46F898B1-04B3-4243-8B9E-0BDD44F8C4CA}
2009-11-20 21:44 - 2009-11-20 21:44 - 0000016 ___HC () C:\ProgramData\mxfilerelatedcache.mxc2
Files to move or delete:
====================
C:\Users\srmdis\googleupdatesetup.exe
Some content of TEMP:
====================
C:\Users\Benito\AppData\Local\Temp\avgnt.exe
C:\Users\srmdis\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-06 14:59
==================== End Of Log ============================
--- --- --- --- --- --- Hi Schrauber, hier kommt die zweite Datei, das scan result: (Hoffe, dass ich das hier an der richtigen Stelle in meinem Thread einstelle): Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by srmdis at 2015-04-07 10:46:32
Running from C:\Users\srmdis\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 4.65 (HKLM\...\{23170F69-40C1-2701-0465-000001000000}) (Version: 4.65.00.0 - Igor Pavlov)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Alles Murmel 1.81 (HKLM\...\Arcade Lines_is1) (Version: - Lobstersoft)
ATI Catalyst Install Manager (HKLM\...\{7CD8E2EF-AD40-7BD3-13E5-2B2847E568DD}) (Version: 3.0.664.0 - ATI Technologies, Inc.)
Avira (Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.7.15.909 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM\...\{74C85607-9668-4F88-B1D5-244889192DFC}) (Version: 0.7.15.909 - BlueStack Systems, Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v6.10.07.2(T) - TOSHIBA CORPORATION)
Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.193.0508L - Chicony Electronics Co.,Ltd.)
Canon iP2600 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series) (Version: - )
Canon iP2600 series Benutzerregistrierung (HKLM\...\Canon iP2600 series Benutzerregistrierung) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - )
Catalyst Control Center - Branding (HKLM\...\{69E5255D-9D43-4CFF-8984-843ABD7753B7}) (Version: 1.00.0000 - ATI)
ccc-core-static (Version: 2008.0407.2139.36897 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.23 - Piriform)
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.03 - TOSHIBA)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.36.10.0 - Conexant)
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.3.20141009 - Landesfinanzdirektion Thüringen)
ElsterFormular 2008/2009 (HKLM\...\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}) (Version: 10.1.0.0 - Steuerverwaltung des Bundes und der Länder)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) (HKLM\...\Firebird SQL Server D) (Version: 2.0.0.1 - MAGIX AG)
GetDataBack for NTFS (HKLM\...\GetDataBack for NTFS) (Version: - )
Google Earth (HKLM\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179) (Version: 7.73.00 - Conexant Systems)
HDMI Control Manager (HKLM\...\{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}) (Version: 1.7 - TOSHIBA)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
lingDIALOG (HKLM\...\InstallShield_{071B843C-9A39-40B3-BB01-BBD6A8D2E1C5}) (Version: 3.0908 - WEVOSYS)
lingDIALOG (Version: 3.0908 - WEVOSYS) Hidden
Lula Flipper (HKLM\...\Lula Flipper) (Version: - )
MAGIX Digital Foto Maker SE 4.1.0.835 (D) (HKLM\...\MAGIX Digital Foto Maker SE D) (Version: 4.1.0.835 - MAGIX AG)
MAGIX Foto Suite 1.12.0.89 (D) (HKLM\...\MAGIX Foto Suite D) (Version: 1.12.0.89 - MAGIX AG)
MAGIX Online Druck Service 2.3.2.0 (D) (HKLM\...\MAGIX Online Druck Service D) (Version: 2.3.2.0 - MAGIX AG)
Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 10.57.3.3 - Marvell)
MediaBar (HKLM\...\Shareaza 3 MediaBar) (Version: 2.5.0.100449 - Discordia, LTD) <==== ATTENTION
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NAVIGON Fresh 3.4.1 (HKLM\...\NAVIGON Fresh) (Version: 3.4.1 - NAVIGON)
O2Micro Flash Memory Card Reader Driver (x86) (HKLM\...\{156E98D0-1AEC-4013-A41A-94A1A01BFD68}) (Version: 3.23 - O2Micro)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenAL (HKLM\...\OpenAL) (Version: - )
OpenOffice.org Installer 1.0 (HKLM\...\{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}) (Version: 1.0.9221 - Sun Microsystems)
PAYBACK Toolbar 1.2 (HKLM\...\PAYBACK Toolbar_is1) (Version: 1.2.0 - PAYBACK GmbH)
PC Connectivity Solution (HKLM\...\{AC599724-5755-48C1-ABE7-ABB857652930}) (Version: 8.15.0.0 - Nokia)
PicPick (HKLM\...\PicPick) (Version: 3.1.7 - NTeWORKS)
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Samsung New PC Studio USB Driver Installer (HKLM\...\InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio USB Driver Installer (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Skins (Version: 2008.0407.2139.36897 - ATI) Hidden
Skype Toolbars (HKLM\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.7.0 - Synaptics)
TelevisionFanatic Toolbar (HKLM\...\TelevisionFanaticbar Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTION
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.04 - TOSHIBA)
TOSHIBA Benutzerhandbücher (HKLM\...\{1C971EE3-B4C4-4367-9676-57549919C6CE}) (Version: 7.40 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}) (Version: 7.2.13 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.31.14 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 2.0.2.32 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}) (Version: 3.00.01.00 - TOSHIBA)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.1b - TOSHIBA)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.3 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM\...\InstallShield_{491DD193-1B57-4D1C-8B14-18B96992A89F}) (Version: 3.00.01.00 - TOSHIBA)
Toshiba TEMPRO (HKLM\...\{7C30283C-8DC7-4FBB-805E-52BEA5F580E8}) (Version: 2.0 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.19 - TOSHIBA Corporation)
TRDCReminder (HKLM\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0015 - TOSHIBA)
TRDCReminder (Version: 1.00.0015 - TOSHIBA) Hidden
TRORDCLauncher (HKLM\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.1 - TOSHIBA)
TRORDCLauncher (Version: 1.0.0.1 - TOSHIBA) Hidden
Unity Web Player (HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for Zip Extractor (HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\...\DigitalSite) (Version: - ) <==== ATTENTION
Updater (HKLM\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.49 - Creative Island Media, LLC) <==== ATTENTION
VistaClean (HKLM\...\{D4F4623B-DB62-43C2-A29B-7B223988980D}) (Version: 1.0.0 - www.xpclean.de)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Windows 7 Upgrade Advisor (HKLM\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live OneCare safety scanner (HKLM\...\Windows Live OneCare safety scanner) (Version: - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9-Reihe (HKLM\...\Windows Media Encoder 9) (Version: - )
Zylom Games Player Plugin (HKLM\...\Zylom Games Player Plugin) (Version: - Zylom Games)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000_Classes\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276}\InprocServer32 -> C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark)
CustomCLSID: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000_Classes\CLSID\{06EEE834-461C-42C2-8DCF-1502B527B1F9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\srmdis\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000_Classes\CLSID\{942BC614-676C-464E-B384-D3202AAA02DA}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000_Classes\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\InprocServer32 -> No File Path
==================== Restore Points =========================
Could not list restore points.
Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ___AC C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {3F880C5F-ADF1-4BDD-92D9-A651A9CAF8C2} - System32\Tasks\{3FE47B3A-5B7A-4A2A-9191-5DD17013C987} => pcalua.exe -a F:\INSTALL.EXE -d F:\
Task: {42437A94-DC25-4667-903F-FA145AC06CA1} - System32\Tasks\EPUpdater => C:\Users\srmdis\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-08-04] () <==== ATTENTION
Task: {45AD22DB-12FE-4BF8-9E45-362FA9DA0384} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - srmdis => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {4F4C09E7-4DD0-4960-BAFB-0AF21B6536CF} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {51325BA6-DB01-4CFC-B498-1E9CC9853CC2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {5DFA708E-4012-4C5E-AB2D-37246DCD9D63} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {6D7D43F1-D15A-4141-B95F-A34ACED2F7DB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {7EC9FB71-CF55-4A13-8D3C-E274F4C93B5A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-14] (Adobe Systems Incorporated)
Task: {8364A4E2-C20A-41AB-A82A-0E3B36CE52F9} - System32\Tasks\{046F743C-0B0C-48FE-B44F-D1E94B84D00D} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {9CF7CCCF-CB46-4505-88DF-40E2A9F5AED7} - System32\Tasks\{AC93752D-71BF-4251-B58A-2DB5BEE21E77} => pcalua.exe -a F:\INSTALL.EXE -d F:\
Task: {C8BCB885-E99C-41F1-AE88-A1F6F1088256} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{0E1C3716-F663-444B-899A-7D1D284AADBA}.exe
Task: {ECC1C278-7F60-40A5-A65D-847FFE819D0F} - System32\Tasks\DigitalSite => C:\Users\srmdis\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {EE8A62EB-DEDB-458E-B199-E1C77071757A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-09-24] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{0E1C3716-F663-444B-899A-7D1D284AADBA}.exe <==== ATTENTION
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\srmdis\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{1D6C683A-5F44-44BD-A493-C7E113AD41AA}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) ==============
2008-04-24 19:25 - 2008-04-24 19:25 - 00126976 _____ () C:\Windows\system32\SmartFaceVCtrl.dll
2008-04-24 19:25 - 2008-04-24 19:25 - 06701056 _____ () C:\Windows\system32\FaceHI.dll
2008-04-24 19:25 - 2008-04-24 19:25 - 00995328 _____ () C:\Windows\system32\FaceRec.dll
2008-07-10 09:30 - 2008-04-07 21:59 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2010-04-18 12:21 - 2010-05-02 19:14 - 00043520 ____C () C:\Windows\system32\CmdLineExt03.dll
2009-02-06 14:46 - 2008-05-08 11:11 - 04787712 ____C () C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\srmdis:zylomtest
AlternateDataStreams: C:\Users\srmdis:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVK8}
AlternateDataStreams: C:\Users\srmdis:zylomtr{000HQ7FF-AD7A-3FG1-3BG4-281NL05DCVTL}
AlternateDataStreams: C:\Users\srmdis:zylomtr{000HQ7FF-AD7A-3FG1-MOH5-27T8D7T4D000}
AlternateDataStreams: C:\Users\srmdis:zylomtr{000HQ7FF-AD7A-3FG4-74E3-28689HMLOVVS}
AlternateDataStreams: C:\Users\srmdis:zylomtr{000HQ7FF-AD7A-3FG4-HE44-22Q2HFA54VV2}
AlternateDataStreams: C:\Users\srmdis:zylomtr{000HQ7FF-AD7A-3FG5-8A6T-26VOTC6OMVV8}
AlternateDataStreams: C:\Users\srmdis:zylomtr{000HQ7FF-AD7A-3FG7-FCUD-28A45N46SVT9}
AlternateDataStreams: C:\ProgramData\TEMP:85376176
AlternateDataStreams: C:\ProgramData\TEMP:93EB7685
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\Users\srmdis\Documents\Beschwerde Klinik.eml:OECustomProperty
AlternateDataStreams: C:\Users\srmdis\Documents\Frigeo.eml:OECustomProperty
AlternateDataStreams: C:\Users\srmdis\Documents\Reime.eml:OECustomProperty
AlternateDataStreams: C:\Users\srmdis\Documents\REWE.eml:OECustomProperty
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\Software\Classes\.exe: => <===== ATTENTION!
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: AutoStartNPSAgent => C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
MSCONFIG\startupreg: HSON => C:\Program Files\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: SmoothView => C:\Program Files\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: Toshiba TEMPRO => C:\Program Files\Toshiba TEMPRO\TemproTray.exe
==================== Accounts: =============================
Administrator (S-1-5-21-4203143292-2018196265-3648757700-500 - Administrator - Disabled)
Benito (S-1-5-21-4203143292-2018196265-3648757700-1004 - Limited - Enabled) => C:\Users\Benito
Gast (S-1-5-21-4203143292-2018196265-3648757700-501 - Limited - Disabled) => C:\Users\Gast
srmdis (S-1-5-21-4203143292-2018196265-3648757700-1000 - Administrator - Enabled) => C:\Users\srmdis
==================== Faulty Device Manager Devices =============
Could not list Devices. Check "winmgmt" service or repair WMI.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/06/2015 02:54:16 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (04/06/2015 02:38:07 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (04/06/2015 01:38:03 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SRMDIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\05ORBZ0Y.DEFAULT\EXTENSIONS\TRASH> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (04/06/2015 01:38:03 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SRMDIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\05ORBZ0Y.DEFAULT\EXTENSIONS\TRASH> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (04/04/2015 01:11:33 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (04/04/2015 01:01:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SRMDIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\05ORBZ0Y.DEFAULT\SAFEBROWSING-BACKUP> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/16/2015 08:51:34 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/16/2015 08:47:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/16/2015 07:55:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/16/2015 07:54:37 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
System errors:
=============
Error: (04/04/2015 01:11:29 PM) (Source: Microsoft-Windows-ResourcePublication) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Provider\Microsoft.Base.Publication/Publication/Computer
Error: (04/04/2015 01:09:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (04/04/2015 01:09:01 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (03/16/2015 08:47:43 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error: (03/16/2015 07:55:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: BlueStacks Android Service%%1064
Error: (03/16/2015 07:54:30 PM) (Source: Microsoft-Windows-ResourcePublication) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Provider\Microsoft.Base.Publication/Publication/Computer
Error: (03/16/2015 07:54:16 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 3/16/2015 um 6:40:27 PM unerwartet heruntergefahren.
Error: (03/15/2015 06:47:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: BlueStacks Android Service%%1064
Error: (03/15/2015 06:43:54 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT-AUTORITÄT)
Description: 2147500053
Error: (03/15/2015 06:43:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows Update%%2147500053
Microsoft Office Sessions:
=========================
Error: (04/06/2015 02:54:16 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (04/06/2015 02:38:07 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (04/06/2015 01:38:03 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SRMDIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\05ORBZ0Y.DEFAULT\EXTENSIONS\TRASH
Error: (04/06/2015 01:38:03 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SRMDIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\05ORBZ0Y.DEFAULT\EXTENSIONS\TRASH
Error: (04/04/2015 01:11:33 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (04/04/2015 01:01:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SRMDIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\05ORBZ0Y.DEFAULT\SAFEBROWSING-BACKUP
Error: (03/16/2015 08:51:34 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/16/2015 08:47:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/16/2015 07:55:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/16/2015 07:54:37 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
CodeIntegrity Errors:
===================================
Date: 2015-04-07 10:44:32.990
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-07 10:44:32.054
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-07 10:44:31.071
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-07 10:44:29.963
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-05 13:30:28.692
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-05 13:30:28.254
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-05 13:30:27.748
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-05 13:30:27.231
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-11 21:32:29.579
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-11 21:32:29.283
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
Percentage of memory in use: 55%
Total physical RAM: 3066.11 MB
Available physical RAM: 1362.18 MB
Total Pagefile: 6337.22 MB
Available Pagefile: 4319.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.89 MB
==================== Drives ================================
Drive c: (Vista) (Fixed) (Total:150.66 GB) (Free:86.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Data) (Fixed) (Total:145.97 GB) (Free:114.48 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: D7A081DD)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=150.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=146 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
07.04.2015, 17:55
| #4 |
| /// the machine /// TB-Ausbilder | CPU-Auslastung 100% und blinkende Sanduhr und und und.... Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.04.2015, 15:04
| #5 |
| | CPU-Auslastung 100% und blinkende Sanduhr und und und.... Hallo Schrauber, bis zum Combo-Fix hat soweit alles gut geklappt. Leider habe ich keine Logdatei gefunden! Frage: Wie lange kann dieser Scan denn dauern? Ich habe während des Scans strikt nach Deiner Anweisung meine Kiste nicht angerührt. Nach zwei Stunden (Bildschirm komplett schwarz) bin ich nervös geworden und habe mal mein Mäuslein gaaaanz vorsichtig geschoben... :-) Da ich nichts weiter gesehen habe, hab ich einen Neustart gemacht, es wurde ausgiebig hochgebootet. Die Bootdatei könnte ich Dir glaub ich schicken. Aber im Combofix ist keine Testdatei abgelegt. Combofix ist zwar auf C: zu finden, klicke ich aber drauf, setzt er mich einen Schritt zurück, auf die Ebene drüber. Also ich kann praktisch nichts öffnen. Soll ich das Ganze wiederholen? Hätte ich länger warten sollen, bis die Kiste von selbst irgendwas macht oder anzeigt??? PS: Läuft übrigens alles immer noch sehr langsam, immer noch 100% Auslastung, ABER die Sanduhr am Mauszeiger ist endlich schonmal weg!!!!! *juhuuuuuu* Hallo Schrauber, bis zum Combo-Fix hat soweit alles gut geklappt. Leider habe ich keine Logdatei gefunden! Frage: Wie lange kann dieser Scan denn dauern? Ich habe während des Scans strikt nach Deiner Anweisung meine Kiste nicht angerührt. Nach zwei Stunden (Bildschirm komplett schwarz) bin ich nervös geworden und habe mal mein Mäuslein gaaaanz vorsichtig geschoben... :-) Da ich nichts weiter gesehen habe, hab ich einen Neustart gemacht, es wurde ausgiebig hochgebootet. Die Bootdatei könnte ich Dir glaub ich schicken. Aber im Combofix ist keine Testdatei abgelegt. Combofix ist zwar auf C: zu finden, klicke ich aber drauf, setzt er mich einen Schritt zurück, auf die Ebene drüber. Also ich kann praktisch nichts öffnen. Soll ich das Ganze wiederholen? Hätte ich länger warten sollen, bis die Kiste von selbst irgendwas macht oder anzeigt??? PS: Läuft übrigens alles immer noch sehr langsam, immer noch 100% Auslastung, ABER die Sanduhr am Mauszeiger ist endlich schonmal weg!!!!! *juhuuuuuu* |
|
08.04.2015, 19:06
| #6 |
| /// the machine /// TB-Ausbilder | CPU-Auslastung 100% und blinkende Sanduhr und und und.... Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> CPU-Auslastung 100% und blinkende Sanduhr und und und.... |
|
19.04.2015, 17:12
| #7 |
| | CPU-Auslastung 100% und blinkende Sanduhr und und und.... Hi, hier erst mal das Malwarebytes-Suchlauf-Ergebnis: (er meldete über 60 Funde, die hier aber nicht aufgeführt sind. Du wirst schon wissen, warum. Ich versteh das ja eh nicht....) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 19.04.2015 Suchlauf-Zeit: 15:20:39 Logdatei: mbam-log01.txt Administrator: Ja Version: 2.01.4.1018 Malware Datenbank: v2015.04.19.03 Rootkit Datenbank: v2015.03.31.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x86 Dateisystem: NTFS Benutzer: srmdis Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 433523 Verstrichene Zeit: 38 Min, 54 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 28 PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [78f7036b800add59b7dc0c6ca65de41c], PUP.Optional.Babylon.A, HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [115e412d6e1c55e1b185a59a4db6e020], PUP.Optional.Mindspark.A, HKU\S-1-5-21-4203143292-2018196265-3648757700-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{5D79F641-C168-40DF-A32F-BACEA7509E75}, , [85ea195518720036318c48f9f80bb947], PUP.Optional.Mindspark.A, HKU\S-1-5-21-4203143292-2018196265-3648757700-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{5D79F641-C168-40DF-A32F-BACEA7509E75}, , [85ea195518720036318c48f9f80bb947], PUP.Optional.Mindspark.A, HKU\S-1-5-21-4203143292-2018196265-3648757700-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}, , [501f19550486d363e1ccc180d92a629e], PUP.Optional.Mindspark.A, HKU\S-1-5-21-4203143292-2018196265-3648757700-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}, , [501f19550486d363e1ccc180d92a629e], PUP.Optional.Mindspark.A, HKU\S-1-5-21-4203143292-2018196265-3648757700-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C98D5B61-B0EA-4D48-9839-1079D352D880}, , [056ae985a1e930062b9584bdf40fd828], PUP.Optional.Mindspark.A, HKU\S-1-5-21-4203143292-2018196265-3648757700-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C98D5B61-B0EA-4D48-9839-1079D352D880}, , [056ae985a1e930062b9584bdf40fd828], PUP.Optional.Mindspark.A, HKU\S-1-5-21-4203143292-2018196265-3648757700-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}, , [3936b3bb6129cd69cef3271afa0928d8], PUP.Optional.Mindspark.A, HKU\S-1-5-21-4203143292-2018196265-3648757700-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}, , [3936b3bb6129cd69cef3271afa0928d8], PUP.Optional.Mindspark.A, HKU\S-1-5-21-4203143292-2018196265-3648757700-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F236CA79-3123-4AFB-9F74-E98117AD5625}, , [c0afe38b4a4060d68724aa970ff4b64a], PUP.Optional.Mindspark.A, HKU\S-1-5-21-4203143292-2018196265-3648757700-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F236CA79-3123-4AFB-9F74-E98117AD5625}, , [c0afe38b4a4060d68724aa970ff4b64a], PUP.Optional.Mindspark.A, HKLM\SOFTWARE\FromDocToPDF_65, , [84eb2b431d6d78be5e09a797f41133cd], PUP.Optional.BonanzaDeals.A, HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\SOFTWARE\BonanzaDealsLive, , [a9c6f27cbdcd61d58b27f33822e3d030], PUP.Optional.DigitalSites.A, HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\SOFTWARE\DSiteProducts, , [036c1b535e2ccb6b0617e467ce37d22e], PUP.Optional.Mindspark.A, HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\SOFTWARE\FromDocToPDF_65, , [006fef7f74169d996107bc82976ece32], PUP.Optional.MultiIE.A, HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, , [74fb90de177346f092135de3bc49a957], PUP.Optional.Mindspark.A, HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\SOFTWARE\APPDATALOW\SOFTWARE\FromDocToPDF_65, , [670876f866247bbb0d9a599c91729a66], PUP.Optional.Mindspark.A, HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\SOFTWARE\APPDATALOW\SOFTWARE\TelevisionFanatic, , [442bbdb1cfbbb87e386b5a9b7d86eb15], PUP.Optional.InstallCore.A, HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [6d02f97566249e9801e5fc11e81cea16], PUP.Optional.InstallCore.A, HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\SOFTWARE\INSTALLCORE, , [86e978f60486c6703583121117ee936d], PUP.Optional.BonanzaDeals.A, HKU\S-1-5-21-4203143292-2018196265-3648757700-1004\SOFTWARE\BonanzaDealsLive, , [006f7bf3b3d73df9a60c5fccf3122cd4], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4203143292-2018196265-3648757700-1004\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [fa75234b781249ed13ba9c9b7d8803fd], PUP.Optional.MultiIE.A, HKU\S-1-5-21-4203143292-2018196265-3648757700-1004\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, , [09665e10e4a64fe701a4da66af56ff01], PUP.Optional.Mindspark.A, HKU\S-1-5-21-4203143292-2018196265-3648757700-1004\SOFTWARE\APPDATALOW\SOFTWARE\FromDocToPDF_65, , [a2cddd91f39782b4d2d51cd99c67e917], PUP.Optional.Mindspark.A, HKU\S-1-5-21-4203143292-2018196265-3648757700-1004\SOFTWARE\APPDATALOW\SOFTWARE\TelevisionFanatic, , [28476c020e7c86b01093a64fac5708f8], PUP.Optional.Mindspark.A, HKU\S-1-5-21-4203143292-2018196265-3648757700-501\SOFTWARE\APPDATALOW\SOFTWARE\FromDocToPDF_65, , [a5ca195504860b2be0c7c62fbd46e719], PUP.Optional.Mindspark.A, HKU\S-1-5-21-4203143292-2018196265-3648757700-501\SOFTWARE\APPDATALOW\SOFTWARE\TelevisionFanatic, , [c4ab1b53602a3006594ae510dc27f10f], Registrierungswerte: 6 PUP.Optional.Mindspark.A, HKU\S-1-5-21-4203143292-2018196265-3648757700-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{0696f815-a3a9-490a-bb14-9ec3350b1276}, , [492689e5ec9e2016378476cb2dd6c040], PUP.Optional.Mindspark.A, HKU\S-1-5-21-4203143292-2018196265-3648757700-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{0696F815-A3A9-490A-BB14-9EC3350B1276}, , [492689e5ec9e2016378476cb2dd6c040], PUP.Optional.InstallCore.A, HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\SOFTWARE\INSTALLCORE|tb, 0L1N1H2O1S, , [86e978f60486c6703583121117ee936d] PUP.Optional.Babylon.A, HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|FaviconURL, search.babylon.com/favicon.ico, , [a6c9521c7911fd39711b1c3528dd9d63] Trojan.Agent, HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Updater, C:\ProgramData\Updater\updater.exe, , [195685e98307b97dbd6ed45c2dd8837d] Trojan.Agent, HKU\S-1-5-21-4203143292-2018196265-3648757700-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Updater, C:\ProgramData\Updater\updater.exe, , [0768adc1dbafc670bf6ca18f07fe4fb1] Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 7 PUP.Optional.Delta.A, C:\Users\srmdis\AppData\Roaming\BabSolution\Shared, , [f47b5618642665d114f19fa2867ff907], PUP.Optional.Searchagent, C:\ProgramData\RHelpers, , [b4bbef7f0387300653a9c0cdf40f55ab], PUP.Optional.Searchagent, C:\ProgramData\RHelpers\ChromeHelper, , [b4bbef7f0387300653a9c0cdf40f55ab], PUP.Optional.Searchagent, C:\ProgramData\RHelpers\FirefoxHelper, , [b4bbef7f0387300653a9c0cdf40f55ab], PUP.Optional.Searchagent, C:\ProgramData\RHelpers\IeHelper, , [b4bbef7f0387300653a9c0cdf40f55ab], PUP.Optional.Mindspark.A, C:\Users\Benito\AppData\Roaming\Mozilla\Firefox\Profiles\q2h8cqw5.default\extensions\65ffxtbr@FromDocToPDF_65.com, , [84eb6b039feb290d50d86b5121e28c74], PUP.Optional.Mindspark.A, C:\Users\Benito\AppData\Roaming\Mozilla\Firefox\Profiles\q2h8cqw5.default\extensions\65ffxtbr@FromDocToPDF_65.com\META-INF, , [84eb6b039feb290d50d86b5121e28c74], Dateien: 22 PUP.Optional.MultiExtension.A, C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe, , [a6c93e303b4f3402bb9f4cf240c058a8], PUP.Optional.MultiExtension.A, C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe, , [5a158ae412782d09cd8d7cc2fe0251af], PUP.Optional.MultiExtension.A, C:\ProgramData\RHelpers\IeHelper\IeHelper.exe, , [ef80ff6fcac0d165e27863db4ab69070], PUP.Optional.VIT, C:\Users\srmdis\Downloads\installer_pou_for_pc_1_2_6_Deutsch.exe, , [0768de907b0f0234e4a283c2f809c937], PUP.Optional.MyWebSearch.A, C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\searchplugins\my-web-search.xml, , [b2bd6a0463273105865737ba9f64d729], PUP.Optional.Babylon.A, C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\searchplugins\babylon.xml, , [acc3b0be0783082e1376d2318480a759], PUP.Optional.BProtector.A, C:\Users\Benito\AppData\Roaming\Mozilla\Firefox\Profiles\q2h8cqw5.default\bprotector_extensions.sqlite, , [2b443e3067236fc7d7be44bfaf5508f8], PUP.Optional.BProtector.A, C:\Users\Benito\AppData\Roaming\Mozilla\Firefox\Profiles\q2h8cqw5.default\bprotector_prefs.js, , [4b24c0ae058590a650460ef5a163946c], PUP.Optional.Delta.A, C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\searchplugins\delta.xml, , [5b14511dd5b5b6808a2f7a89c3419769], PUP.Optional.Delta.A, C:\Users\srmdis\AppData\Roaming\BabSolution\Shared\Delta.ico, , [f47b5618642665d114f19fa2867ff907], PUP.Optional.Delta.A, C:\Users\srmdis\AppData\Roaming\BabSolution\Shared\BabMaint.exe, , [f47b5618642665d114f19fa2867ff907], PUP.Optional.Delta.A, C:\Users\srmdis\AppData\Roaming\BabSolution\Shared\BUSolution.dll, , [f47b5618642665d114f19fa2867ff907], PUP.Optional.Delta.A, C:\Users\srmdis\AppData\Roaming\BabSolution\Shared\chu.js, , [f47b5618642665d114f19fa2867ff907], PUP.Optional.Delta.A, C:\Users\srmdis\AppData\Roaming\BabSolution\Shared\GUninstaller.exe, , [f47b5618642665d114f19fa2867ff907], PUP.Optional.Delta.A, C:\Users\srmdis\AppData\Roaming\BabSolution\Shared\SetupParams.ini, , [f47b5618642665d114f19fa2867ff907], PUP.Optional.Delta.A, C:\Users\srmdis\AppData\Roaming\BabSolution\Shared\sqlite3.dll, , [f47b5618642665d114f19fa2867ff907], PUP.Optional.Mindspark.A, C:\Users\Benito\AppData\Roaming\Mozilla\Firefox\Profiles\q2h8cqw5.default\extensions\65ffxtbr@FromDocToPDF_65.com\META-INF\manifest.mf, , [84eb6b039feb290d50d86b5121e28c74], PUP.Optional.Mindspark.A, C:\Users\Benito\AppData\Roaming\Mozilla\Firefox\Profiles\q2h8cqw5.default\extensions\65ffxtbr@FromDocToPDF_65.com\META-INF\zigbert.rsa, , [84eb6b039feb290d50d86b5121e28c74], PUP.Optional.Mindspark.A, C:\Users\Benito\AppData\Roaming\Mozilla\Firefox\Profiles\q2h8cqw5.default\extensions\65ffxtbr@FromDocToPDF_65.com\META-INF\zigbert.sf, , [84eb6b039feb290d50d86b5121e28c74], PUP.Optional.SearchGol.A, C:\Users\Benito\AppData\Roaming\Mozilla\Firefox\Profiles\q2h8cqw5.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=6A500022FA1EA5E2&affID=119357&tt=240913_246&tsp=5019");), ,[5b148ce2c1c962d439def94822e4728e] PUP.Optional.SearchGol.A, C:\Users\Benito\AppData\Roaming\Mozilla\Firefox\Profiles\q2h8cqw5.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://www.searchgol.com/?babsrc=NT_ss&mntrId=6A500022FA1EA5E2&affID=119357&tt=240913_246&tsp=5019");), ,[056ab7b70387ae88ad9b6dd445c106fa] PUP.Optional.CrossRider.A, C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "142844f0c903b98c02adadfe77910329");), ,[f778620cbcce171f45919da35aacc13f] Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter # AdwCleaner v4.201 - Bericht erstellt 19/04/2015 um 17:27:47
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-08.1 [Lokal]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Benutzername : srmdis - MEINKLAPPTOP
# Gestarted von : C:\Users\srmdis\Downloads\AdwCleaner_4.201(1).exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\srmdis\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\srmdis\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\srmdis\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\srmdis\AppData\Roaming\digitalsite
Ordner Gelöscht : C:\Users\srmdis\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\srmdis\AppData\Roaming\registry mechanic
Ordner Gelöscht : C:\Users\Benito\AppData\Roaming\Mozilla\Firefox\Profiles\q2h8cqw5.default\Extensions\65ffxtbr@FromDocToPDF_65.com
Datei Gelöscht : C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\bprotector_extensions.rdf
Datei Gelöscht : C:\Users\Benito\AppData\Roaming\Mozilla\Firefox\Profiles\q2h8cqw5.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Benito\AppData\Roaming\Mozilla\Firefox\Profiles\q2h8cqw5.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\Benito\AppData\Roaming\Mozilla\Firefox\Profiles\q2h8cqw5.default\invalidprefs.js
Datei Gelöscht : C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\invalidprefs.js
Datei Gelöscht : C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\searchplugins\my-web-search.xml
Datei Gelöscht : C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\user.js
***** [ Geplante Tasks ] *****
Task Gelöscht : DigitalSite
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Updater]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKCU\Software\5d57dbd9b73be440
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455185568}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466186668}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D48C9EAD-F59F-4DEA-AC97-7065FEA79F42}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D48C9EAD-F59F-4DEA-AC97-7065FEA79F42}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{71C63272-91A7-436a-843D-A1C641D1C626}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{71C63272-91A7-436a-843D-A1C641D1C626}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}
Schlüssel Gelöscht : HKCU\Software\BonanzaDealsLive
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\FromDocToPDF_65
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\FromDocToPDF_65
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Mediabarsh
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\TelevisionFanatic
Schlüssel Gelöscht : HKLM\SOFTWARE\FromDocToPDF_65
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledThirdPartyPrograms
Schlüssel Gelöscht : HKLM\SOFTWARE\Trymedia Systems
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bonanza Deals
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DigitalSite
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\TelevisionFanaticbar Uninstall
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Whilokii
***** [ Internetbrowser ] *****
-\\ Internet Explorer v9.0.8112.16633
-\\ Mozilla Firefox v37.0.1 (x86 de)
[q2h8cqw5.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "hxxp://www.searchgol.com/?babsrc=NT_ss&mntrId=6A500022FA1EA5E2&affID=119357&tt=240913_246&tsp=5019");
[q2h8cqw5.default\prefs.js] - Zeile Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=6A500022FA1EA5E2&affID=119357&tt=240913_246&tsp=5019");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Delta Search");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.crossrider.bic", "142844f0c903b98c02adadfe77910329");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.admin", false);
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.aflt", "babsst");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.dfltLng", "de");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.excTlbr", false);
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.id", "6a5037810000000000000022fa1ea5e2");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.instlDay", "15976");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.instlRef", "sst");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.newTab", false);
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.prdct", "delta");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.rvrt", "false");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.smplGrp", "none");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.tlbrId", "base");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.vrsn", "1.8.24.6");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.24.622:41:14");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.vrsni", "1.8.24.6");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta_i.babExt", "");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119357&tt=240913_246&tsp=5019");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.dynconff.cache.dft.pathmapping.net.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1500_1520_1164_1524_1146_1169_1348_1482_1493_1521_1675\"><content id=\"us810_commonScr[...]
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.dynconff.cache.grooveshark.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1500_1520_1164_1524_1146_1169_1348_1482_1493_1521_1675\"><content id=\"us810_commonScript\[...]
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.dynconff.cache.www.northseasurfradio.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1500_1520_1164_1524_1146_1169_1348_1482_1493_1521_1675\"><content id=\"us810_com[...]
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mywebsearch.prevDefaultEngine", "");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mywebsearch.prevSelectedEngine", "");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=DECFA255-C580-4620-87F2-7028890C9E35&n=77fd0a2e&p2=^Y6^xdm043^YY^de&si=swissconverter");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.hp.enabled", false);
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.hp.lastGuardTime", 1970018210);
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.hp.numGuards", 1);
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.hp.user.defined", true);
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.initialized", true);
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.contextKey", "");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.installDate", "2013071918");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerId", "^Y6^xdm043^YY^de");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerSubId", "swissconverter");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.success", true);
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.toolbarId", "DECFA255-C580-4620-87F2-7028890C9E35");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.lastActivePing", "1423851875318");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.options.defaultSearch", true);
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.options.homePageEnabled", true);
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.options.keywordEnabled", false);
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.options.tabEnabled", false);
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.weather.location", "10001");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "fromdoctopdf@mindspark.com");
[05orbz0y.default\prefs.js] - Zeile Gelöscht : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=DECFA255-C580-4620-87F2-7028890C9E35&n=77fd0a2e&ind=2013071918&p2=^Y6^xdm043^YY^de&si=swissconverter&searchf[...]
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [14037 Bytes] - [19/04/2015 16:16:21]
AdwCleaner[R1].txt - [13660 Bytes] - [19/04/2015 17:21:57]
AdwCleaner[S0].txt - [901 Bytes] - [19/04/2015 17:12:19]
AdwCleaner[S1].txt - [13976 Bytes] - [19/04/2015 17:27:47]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [14036 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.8 (04.17.2015:1)
OS: Windows Vista (TM) Home Premium x86
Ran by srmdis on 19.04.2015 at 17:55:46,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440444184468}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440444184468}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E141F5C3-2619-4996-8AF8-AA0A9439D986}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E141F5C3-2619-4996-8AF8-AA0A9439D986}
~~~ Files
Successfully deleted: [File] C:\Windows\wininit.ini
~~~ Folders
Successfully deleted: [Folder] C:\Users\srmdis\AppData\Roaming\getrighttogo
Successfully deleted: [Folder] C:\Windows\system32\ai_recyclebin
~~~ FireFox
Emptied folder: C:\Users\srmdis\AppData\Roaming\mozilla\firefox\profiles\05orbz0y.default\minidumps [143 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.04.2015 at 18:00:55,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-04-2015 01
Ran by srmdis (administrator) on MEINKLAPPTOP on 19-04-2015 18:10:15
Running from C:\Users\srmdis\Desktop
Loaded Profiles: srmdis (Available profiles: srmdis & Benito & Gast)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Google EULA Launcher] => c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [20480 2008-05-28] ( )
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-11-29] (Synaptics, Inc.)
HKLM\...\Run: [HDMICtrlMan] => C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [716800 2008-04-26] (TOSHIBA Corporation.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [652624 2007-10-26] (CANON INC.)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [NPSStartup] => [X]
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [601928 2013-07-04] (BlueStack Systems, Inc.)
HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-04-29] (Chicony)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\...\Run: [toscdspd] => TOSCDSPD.EXE
HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\...\Run: [SmAudio] => C:\Program Files\Conexant\SmartAudio\SmAudio.exe [2712912 2008-10-29] (Conexant Systems, Inc.)
HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\...\Policies\Explorer: [NoInstrumentation] 1
Startup: C:\Users\Anette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-11-03]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2008-07-10]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2008-07-10]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
GroupPolicyUsers\S-1-5-21-4203143292-2018196265-3648757700-1004\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM -> {42D46B07-5919-4F66-9FBC-1B418FEE0FE5} URL = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000 -> {42D46B07-5919-4F66-9FBC-1B418FEE0FE5} URL = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GPEA_de
SearchScopes: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000 -> {E52BE12D-A44A-4f51-9DC1-34F37A488CC7} URL = hxxp://search.videodownload-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-23] (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-23] (Oracle Corporation)
Toolbar: HKLM - PAYBACK Toolbar - {9613CB43-EA4C-48b5-878D-13DFE1818EFE} - C:\Program Files\Payback\PAYBACK Toolbar\PaybackToolbar.dll [2012-07-11] (PAYBACK GmbH)
Toolbar: HKLM - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000 -> No Name - {E52BE12D-A44A-4F51-9DC1-34F37A488CC7} - No File
Toolbar: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000 -> PAYBACK Toolbar - {9613CB43-EA4C-48B5-878D-13DFE1818EFE} - C:\Program Files\Payback\PAYBACK Toolbar\PaybackToolbar.dll [2012-07-11] (PAYBACK GmbH)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\..\Interfaces\{944C3433-49ED-4329-B601-C11A37843AB3}: [NameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default
FF Homepage: https://www.google.de/
FF NetworkProxy: "share_proxy_settings", true
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-19] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll [2013-04-26] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-07-12] (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4203143292-2018196265-3648757700-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\srmdis\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-08] (Unity Technologies ApS)
FF Extension: Segurança do navegador Avira - C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\Extensions\abs@avira.com [2015-04-06]
FF Extension: FoxyProxy Standard - C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\Extensions\foxyproxy@eric.h.jung [2015-04-19]
FF Extension: Proxy-Listen.de - Proxyswitcher - C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\Extensions\admin@proxy-listen.de.xpi [2014-03-17]
FF Extension: Grooveshark Unlocker - C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\Extensions\groovesharkUnlocker@overlord1337.xpi [2013-09-25]
FF Extension: SciLor's Grooveshark(tm) Unlocker for Germany - C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\Extensions\SciLorsGrooveUnlocker@scilor.com.xpi [2013-09-25]
FF Extension: PAYBACK Internet Assistent fuer Firefox - C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\Extensions\toolbar-ff@payback.de.xpi [2013-11-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-17]
FF HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
Chrome:
=======
CHR Profile: C:\Users\srmdis\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [815352 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1004032 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [393032 2013-07-04] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384840 2013-07-04] (BlueStack Systems, Inc.)
S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2009-03-31] (Teruten) [File not signed]
S2 gupdate1c9ce8ca7271c73; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S2 o2flash; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [65536 2007-02-12] (O2Micro International) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]
S3 SmartFaceVWatchSrv; C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [73728 2008-04-24] (Toshiba) [File not signed]
S2 TemproMonitoringService; C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [116104 2009-04-21] (Toshiba Europe GmbH)
S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26032 2014-04-09] (Wondershare)
R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [24408 2012-03-07] (AVAST Software)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-04-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-04-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2015-04-06] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [63816 2013-07-04] (BlueStack Systems)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [8192 2007-04-09] (TOSHIBA)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [22184 2013-12-04] (Audials AG)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2015-04-06] (Avira GmbH)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39048 2013-12-04] (RapidSolution Software AG)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\srmdis\AppData\Local\Temp\catchme.sys [X]
S3 igfx; system32\DRIVERS\igdkmd32.sys [X]
S3 IntcHdmiAddService; system32\drivers\IntcHdmi.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 Tosrfcom; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-19 18:08 - 2015-04-19 18:09 - 00035184 ____C () C:\Users\srmdis\Desktop\Addition.txt
2015-04-19 18:07 - 2015-04-19 18:07 - 01137664 ____C (Farbar) C:\Users\srmdis\Desktop\FRST.exe
2015-04-19 18:04 - 2015-04-19 18:04 - 00000000 ___DC () C:\Users\srmdis\Desktop\FRST-OlderVersion
2015-04-19 18:00 - 2015-04-19 18:00 - 00001441 ____C () C:\Users\srmdis\Desktop\JRT.txt
2015-04-19 17:56 - 2015-04-19 17:56 - 00000207 ____C () C:\Windows\tweaking.com-regbackup-MEINKLAPPTOP-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2015-04-19 17:55 - 2015-04-19 17:55 - 00000000 ___DC () C:\RegBackup
2015-04-19 17:54 - 2015-04-19 17:54 - 02686254 ____C (Thisisu) C:\Users\srmdis\Desktop\JRT.exe
2015-04-19 17:19 - 2015-04-19 17:19 - 02217984 ____C () C:\Users\srmdis\Downloads\AdwCleaner_4.201(1).exe
2015-04-19 16:16 - 2015-04-19 17:28 - 00000000 ___DC () C:\AdwCleaner
2015-04-19 16:15 - 2015-04-19 16:15 - 02217984 ____C () C:\Users\srmdis\Downloads\AdwCleaner_4.201.exe
2015-04-19 16:04 - 2015-04-19 16:04 - 00011718 ____C () C:\Malwarebytes Suchlauf 01.txt
2015-04-19 15:18 - 2015-04-19 15:19 - 00119512 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-19 15:18 - 2015-04-19 15:18 - 00000904 ____C () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-19 15:17 - 2015-04-19 15:18 - 00000000 ___DC () C:\Program Files\ Malwarebytes Anti-Malware
2015-04-19 15:17 - 2015-04-19 15:17 - 00000000 ___DC () C:\ProgramData\Malwarebytes
2015-04-19 15:17 - 2015-03-17 06:15 - 00092888 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-19 15:17 - 2015-03-17 06:15 - 00051928 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-19 15:17 - 2015-03-17 06:15 - 00023256 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-19 15:14 - 2015-04-19 15:15 - 21540440 ____C (Malwarebytes Corporation ) C:\Users\srmdis\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-11 11:05 - 2015-04-11 11:05 - 00000000 ___DC () C:\ProgramData\Package Cache
2015-04-08 15:50 - 2015-04-08 15:51 - 00000000 __SDC () C:\ComboFix
2015-04-08 12:18 - 2011-06-26 08:45 - 00256000 ____C () C:\Windows\PEV.exe
2015-04-08 12:18 - 2010-11-07 19:20 - 00208896 ____C () C:\Windows\MBR.exe
2015-04-08 12:18 - 2009-04-20 06:56 - 00060416 ____C (NirSoft) C:\Windows\NIRCMD.exe
2015-04-08 12:18 - 2000-08-31 02:00 - 00518144 ____C (SteelWerX) C:\Windows\SWREG.exe
2015-04-08 12:18 - 2000-08-31 02:00 - 00406528 ____C (SteelWerX) C:\Windows\SWSC.exe
2015-04-08 12:18 - 2000-08-31 02:00 - 00098816 ____C () C:\Windows\sed.exe
2015-04-08 12:18 - 2000-08-31 02:00 - 00080412 ____C () C:\Windows\grep.exe
2015-04-08 12:18 - 2000-08-31 02:00 - 00068096 ____C () C:\Windows\zip.exe
2015-04-08 12:16 - 2015-04-08 12:18 - 00000000 ___DC () C:\Qoobox
2015-04-08 12:15 - 2015-04-08 12:15 - 00000000 ___DC () C:\Windows\erdnt
2015-04-08 12:14 - 2015-04-08 15:50 - 00000000 __SDC () C:\32788R22FWJFW
2015-04-08 12:13 - 2015-04-08 12:14 - 05617096 ___RC (Swearware) C:\Users\srmdis\Desktop\ComboFix.exe
2015-04-08 11:49 - 2012-09-23 22:35 - 00699536 ____C (MindSpark) C:\Program Files\64Uninstall TelevisionFanatic.dll
2015-04-08 11:49 - 2012-09-23 22:35 - 00172456 ____C () C:\Program Files\64res.dll
2015-04-08 11:15 - 2015-04-08 11:15 - 00001080 ____C () C:\Users\srmdis\Desktop\Revo Uninstaller.lnk
2015-04-08 11:15 - 2015-04-08 11:15 - 00000000 ___DC () C:\Program Files\VS Revo Group
2015-04-08 11:13 - 2015-04-08 11:13 - 02623656 ____C (VS Revo Group Ltd.) C:\Users\srmdis\Downloads\revosetup95.exe
2015-04-07 10:42 - 2015-04-19 18:10 - 00018686 ____C () C:\Users\srmdis\Desktop\FRST.txt
2015-04-07 10:42 - 2015-04-19 18:10 - 00000000 ___DC () C:\FRST
2015-04-06 16:48 - 2015-04-06 16:48 - 00000937 ____C () C:\Users\srmdis\Desktop\esetsmartinstaller_deu - Verknüpfung.lnk
2015-04-06 16:48 - 2015-04-06 16:48 - 00000000 ___DC () C:\Program Files\ESET
2015-04-06 16:47 - 2015-04-06 16:47 - 02347384 ____C (ESET) C:\Users\srmdis\Downloads\esetsmartinstaller_deu.exe
2015-04-06 16:28 - 2015-04-06 16:28 - 00243656 ____C () C:\Users\srmdis\Downloads\Firefox Setup Stub 37.0.1.exe
2015-04-06 16:00 - 2015-04-06 16:02 - 24301976 ____C () C:\Users\srmdis\Downloads\driver_audio_conexant_TC70050000A(1).exe
2015-04-06 16:00 - 2015-04-06 16:01 - 24301976 ____C () C:\Users\srmdis\Downloads\driver_audio_conexant_TC70050000A.exe
2015-04-06 15:21 - 2015-04-07 14:38 - 00000000 ___DC () C:\Users\srmdis\AppData\Roaming\Avira
2015-04-06 15:17 - 2015-04-06 15:10 - 00136216 ____C (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-06 15:17 - 2015-04-06 15:10 - 00105864 ____C (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-04-06 15:17 - 2015-04-06 15:10 - 00037352 ____C (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-04-06 15:17 - 2015-04-06 15:10 - 00028520 ____C (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2015-04-06 14:37 - 2015-04-19 17:30 - 00174298 ____C () C:\Windows\PFRO.log
2015-04-06 14:16 - 2015-04-06 14:16 - 00000918 ____C () C:\Users\srmdis\Documents\cc_20150406_141643.reg
2015-03-28 17:10 - 2015-04-08 15:34 - 00000000 ___DC () C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-19 18:10 - 2009-02-12 13:02 - 00000418 ___HC () C:\Windows\Tasks\User_Feed_Synchronization-{1D6C683A-5F44-44BD-A493-C7E113AD41AA}.job
2015-04-19 17:58 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-19 17:58 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-19 17:37 - 2008-01-21 09:16 - 01565124 ____C () C:\Windows\system32\PerfStringBackup.INI
2015-04-19 17:36 - 2009-06-30 19:34 - 00001060 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-19 17:35 - 2010-01-24 21:53 - 01541719 ____C () C:\Windows\WindowsUpdate.log
2015-04-19 17:33 - 2013-05-31 22:29 - 00000350 ____C () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-04-19 17:33 - 2009-06-30 19:34 - 00001056 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-19 17:30 - 2012-04-03 21:01 - 00000884 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-19 17:30 - 2006-11-02 15:01 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2015-04-19 17:29 - 2006-11-02 15:01 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-19 15:29 - 2012-04-03 21:01 - 00778416 ____C (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-19 15:29 - 2011-05-17 09:42 - 00142512 ____C (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-11 11:06 - 2013-03-19 22:37 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-11 11:06 - 2013-03-19 22:37 - 00000000 ___DC () C:\Program Files\Avira
2015-04-08 15:34 - 2013-06-17 18:18 - 00000000 ___DC () C:\Program Files\OXXOGames
2015-04-08 15:34 - 2012-10-13 12:59 - 00000000 ___DC () C:\Program Files\Mozilla Maintenance Service
2015-04-08 12:37 - 2009-02-06 15:41 - 00000000 ___DC () C:\Users\srmdis
2015-04-08 11:31 - 2011-04-15 20:17 - 00000000 ___DC () C:\Program Files\Shareaza Applications
2015-04-07 17:58 - 2006-11-02 14:37 - 00000000 __RDC () C:\Users\srmdis\Desktop\Games
2015-04-07 14:36 - 2013-03-19 22:37 - 00000000 ___DC () C:\ProgramData\Avira
2015-04-06 16:31 - 2012-02-05 18:50 - 00000869 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-06 16:31 - 2012-02-05 18:23 - 00000857 ____C () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-06 15:14 - 2013-07-19 18:21 - 00000000 ___DC () C:\Users\srmdis\AppData\Roaming\.minecraft
2015-04-04 12:56 - 2010-08-15 15:01 - 00000680 ____C () C:\Users\srmdis\AppData\Local\d3d9caps.dat
==================== Files in the root of some directories =======
2015-04-08 11:49 - 2012-09-23 22:35 - 0172456 ____C () C:\Program Files\64res.dll
2015-04-08 11:49 - 2012-09-23 22:35 - 0699536 ____C (MindSpark) C:\Program Files\64Uninstall TelevisionFanatic.dll
2015-02-13 20:42 - 2013-05-20 15:40 - 0186752 ____C () C:\Program Files\65res.dll
2015-02-13 20:42 - 2013-05-20 15:40 - 0708168 ____C (MindSpark) C:\Program Files\65Uninstall FromDocToPDF.dll
2014-12-24 23:31 - 2014-12-24 23:39 - 0000369 ____C () C:\Users\srmdis\AppData\Roaming\.foobillardrc
2009-02-07 12:46 - 2009-02-07 12:46 - 0000016 ___HC () C:\Users\srmdis\AppData\Roaming\mxfilerelatedcache.mxc2
2009-11-07 21:59 - 2009-11-07 21:59 - 0025903 ____C () C:\Users\srmdis\AppData\Roaming\UserTile.png
2013-09-29 11:40 - 2014-10-21 16:38 - 0000093 ____C () C:\Users\srmdis\AppData\Roaming\WB.CFG
2013-09-29 11:40 - 2014-02-01 01:40 - 0000005 ____C () C:\Users\srmdis\AppData\Roaming\WBPU-TTL.DAT
2009-02-07 14:28 - 2015-02-22 18:22 - 0005558 ____C () C:\Users\srmdis\AppData\Roaming\wklnhst.dat
2010-08-15 15:01 - 2015-04-04 12:56 - 0000680 ____C () C:\Users\srmdis\AppData\Local\d3d9caps.dat
2009-12-05 23:47 - 2014-12-25 14:40 - 0045568 ____C () C:\Users\srmdis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-12-13 21:41 - 2009-12-13 21:41 - 0000016 ___HC () C:\Users\srmdis\AppData\Local\mxfilerelatedcache.mxc2
2014-06-10 18:55 - 2014-06-10 18:55 - 0000000 ____C () C:\Users\srmdis\AppData\Local\{46F898B1-04B3-4243-8B9E-0BDD44F8C4CA}
2009-11-20 21:44 - 2009-11-20 21:44 - 0000016 ___HC () C:\ProgramData\mxfilerelatedcache.mxc2
Some content of TEMP:
====================
C:\Users\srmdis\AppData\Local\Temp\avgnt.exe
C:\Users\srmdis\AppData\Local\Temp\Quarantine.exe
C:\Users\srmdis\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-19 17:38
==================== End Of Log ============================
--- --- --- |
|
20.04.2015, 13:15
| #8 |
| /// the machine /// TB-Ausbilder | CPU-Auslastung 100% und blinkende Sanduhr und und und....ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.04.2015, 10:09
| #9 |
| | CPU-Auslastung 100% und blinkende Sanduhr und und und.... Hi Schrauber, Eset-Logfile: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=aac5762d330ed543964b63e221e129ae
# engine=23253
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-06 06:16:45
# local_time=2015-04-06 08:16:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 196777 265876933 0 0
# scanned=221802
# found=50
# cleaned=0
# scan_time=11972
sh=CC9173458DA2B4828925A11AC304A4B7C567E26E ft=1 fh=3e0a7ef28e598d37 vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\65Uninstall FromDocToPDF.dll"
sh=ACB72817BC69A304BDC4777FDE40AD273B746BD3 ft=1 fh=731c2e0b79d3789c vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Shareaza Applications\MediaBar\Datamngr\datamngr.dll"
sh=0D5C033522664DEFC9EA9783E5F42220FC3985BB ft=1 fh=b5f6f8c7239c11fb vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Shareaza Applications\MediaBar\Datamngr\IEBHO.dll"
sh=E58398E45A076F76C94F5D41D80B190A4E9E96A1 ft=1 fh=434b0a4e5fe2f937 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Shareaza Applications\MediaBar\ToolBar\shbandmltbpi.dll"
sh=00B65D53820FBC97BBD03671A515215B22FD12AD ft=1 fh=333eeb5c310e548b vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Shareaza Applications\MediaBar\ToolBar\shdtxmltbpi.dll"
sh=99DF98DFEF4B483889FA88162D20EE46340A5DBE ft=1 fh=e6e2c196b2ffcb6f vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64auxstb.dll"
sh=15780E2D434C0E4141659CE6CBF61C7C6ACA059F ft=1 fh=4015be178e691f54 vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll"
sh=56CF4F2AC44C6ADD5CDCD419BA4B99D22DC7A0E3 ft=1 fh=46ed14ba69906e9f vn="Win32/Toolbar.MyWebSearch.X evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe"
sh=12FF3195BDACA5482034AAC3C3E132D5ADA421A9 ft=1 fh=982f80d197512813 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64brstub.dll"
sh=BAEFCB03679575349E01668C4F0938643BAAA022 ft=1 fh=45ba6b521529362d vn="Variante von Win32/Toolbar.MyWebSearch.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64datact.dll"
sh=0C88EFCFA1C77D597111125A6C031CEB47B18BA7 ft=1 fh=b856def4c7346ea3 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64dlghk.dll"
sh=8090E240F528004402B29C11E5072BED79D95384 ft=1 fh=73e118282d8d3c4a vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64dyn.dll"
sh=2CA2EA6CF1AD1FE87C25D4AB6B1C7729E48C6390 ft=1 fh=a34a8b9082c46c86 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64feedmg.dll"
sh=9788294F2B8AB28DBAE4C73BB61A6B1200BDD89D ft=1 fh=af8ed8fd644fe8ac vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64highin.exe"
sh=9D54BAF23397E5F1444BC6471052AD234B76FBD3 ft=1 fh=2ab58862c927227b vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64hkstub.dll"
sh=53F3044159FFCF82C746898941DBE3DC2AC9A24C ft=1 fh=09fa8c8598e549f8 vn="Variante von Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64htmlmu.dll"
sh=978867B422339E68971E56C49C66F14F2ACD745D ft=1 fh=dd289cd2c7a55037 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64httpct.dll"
sh=DC971C75FFCE77CC952FB6660A2603E09D62D4D9 ft=1 fh=ac2f97e786bfc982 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64idle.dll"
sh=92AC05FFF3AD68271062A3DCB87E12EE6B816DDB ft=1 fh=acec1e59f99ab2fd vn="Variante von Win32/Toolbar.MyWebSearch.P evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64ieovr.dll"
sh=5AE09DF85A30864BBE5F3E6D782358C8F95CDB95 ft=1 fh=a6fc020f2a9ed637 vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64impipe.exe"
sh=556C4FCA5D890F17B7B5040A601B42452A205E29 ft=1 fh=0f2a31b21601aeb5 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64medint.exe"
sh=3EB4A6A25199E6339EC04F36189C71738DE63CE7 ft=1 fh=eafb3b5bfaf84345 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64mlbtn.dll"
sh=DFD07B722E317D1CDDAAB7D5B31BFAB57CC5E739 ft=1 fh=507b4871517a4ad4 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64msg.dll"
sh=E2D44843150192CEE5580CAA0A05BB015271B7CD ft=1 fh=8293caf33be135a7 vn="Variante von Win32/Toolbar.MyWebSearch evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64Plugin.dll"
sh=77C8DC985373B1E5D9035ECB3A831C7DD1ABFD55 ft=1 fh=e1f880731de07609 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64radio.dll"
sh=C5F26031D5E0C487BFF0D60AA44603135BF60395 ft=1 fh=a846ae5344ec78c3 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64regfft.dll"
sh=C9C4AAE19A349C578399BAC5A5D780ED8BE3AB00 ft=1 fh=b136be0af2d0d6fc vn="Variante von Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64reghk.dll"
sh=65D604A070334183E5034CDEEC5838E46D705794 ft=1 fh=3d9a604351eb1640 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64regiet.dll"
sh=72E48F7F37E208A52AD975EAECAB29FC50223C27 ft=1 fh=958a563919bf5cc2 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64script.dll"
sh=857980A7B7AB77FF8E34A090CCD76B8BA628E7E4 ft=1 fh=6c9ac10ea3ee1cdd vn="Variante von Win32/Toolbar.MyWebSearch.P evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64skin.dll"
sh=496310EE0816B49176E03226DB102FAE9AA452B4 ft=1 fh=ceffc168909c0690 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64sknlcr.dll"
sh=F5946D49A70A64072739370E7BAD592FE4799EA1 ft=1 fh=5bc3efb780caf8fa vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64skplay.exe"
sh=BE21D76E502D546B2D88093E13F07923EB59380B ft=1 fh=7424967c664ed914 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll"
sh=585A73EB1DFA6B0B5C5FF5D76212FD8D0CEF4DF4 ft=1 fh=4b5f86942f564423 vn="Variante von Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64SrchMn.exe"
sh=41D9D722E583CBEB3DA15061BE203C4428E6EF60 ft=1 fh=ea5ef91dc0a8d24b vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64tpinst.dll"
sh=110033F4A78DCA521E8BA73F75747E4E3B6AE545 ft=1 fh=21686246ae128bdd vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\64uabtn.dll"
sh=564173EA0828794311CA65A24B506DD5A01481A0 ft=1 fh=110c0f02df363965 vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\CREXT.DLL"
sh=7C7F414357AE6EA119581D9F98F815A8E7F345AD ft=1 fh=36e26079e06cfa5e vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\CrExtP64.exe"
sh=A8B4F9698C89EA7B44863A5617391F24825C4FC8 ft=1 fh=21f33d43b68f244b vn="Win32/Toolbar.MyWebSearch.T evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll"
sh=244310F981448E11F34B9981614B6FA9BE973446 ft=1 fh=a66d4ad4dd5d0c5d vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\T8EXTEX.DLL"
sh=B8944722E8D577E67925DD4A72D1D8E44C3BC6CA ft=1 fh=6f8a20cf4b11d7b0 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\T8EXTPEX.DLL"
sh=1967506783A2EFD10777FBCA0DA4DA6D4EBE1D5B ft=1 fh=2f1744e0249338c5 vn="Variante von Win32/Toolbar.MyWebSearch.F evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\T8HTML.DLL"
sh=7C98CBA50F261D738259554D4FE706C997C654F7 ft=1 fh=ac0773121b683aed vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\T8TICKER.DLL"
sh=0F78FE90AF015B0A511EDE007BD1791A341E891E ft=1 fh=d4fd6df3b7cf992d vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\TelevisionFanatic\bar\1.bin\trzBBDF.tmp"
sh=0CF45D227841C1D616BB7B710EA197D526E6CBB8 ft=1 fh=1c6e9b57881f0e26 vn="Mehrere Bedrohungen" ac=I fn="C:\ProgramData\Updater\Uninstall.exe"
sh=0CF45D227841C1D616BB7B710EA197D526E6CBB8 ft=1 fh=1c6e9b57881f0e26 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\All Users\Updater\Uninstall.exe"
sh=1549CF4F9282F1B42A58B5E050E12EF0AD669798 ft=1 fh=ffe6693d8bc7d6c5 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\srmdis\AppData\Roaming\BabSolution\Shared\BabMaint.exe"
sh=671E3E4E9E4C9A039D9AD1479A0C91E670AF18E3 ft=1 fh=d643e79c9fb8f862 vn="Win32/Toolbar.Babylon.AE evtl. unerwünschte Anwendung" ac=I fn="C:\Users\srmdis\AppData\Roaming\BabSolution\Shared\BUSolution.dll"
sh=511D06F2CCE4C759F2C44603CC19672211440B03 ft=1 fh=5adf7b3fb01f74be vn="Variante von Win32/Vittalia.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\srmdis\Downloads\installer_pou_for_pc_1_2_6_Deutsch.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="${Memory}"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=aac5762d330ed543964b63e221e129ae
# engine=23552
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-25 08:19:25
# local_time=2015-04-25 10:19:25 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 1802537 267482693 0 0
# scanned=220353
# found=9
# cleaned=0
# scan_time=5833
sh=1549CF4F9282F1B42A58B5E050E12EF0AD669798 ft=1 fh=ffe6693d8bc7d6c5 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\srmdis\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=671E3E4E9E4C9A039D9AD1479A0C91E670AF18E3 ft=1 fh=d643e79c9fb8f862 vn="Win32/Toolbar.Babylon.AE evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\srmdis\AppData\Roaming\BabSolution\Shared\BUSolution.dll.vir"
sh=15780E2D434C0E4141659CE6CBF61C7C6ACA059F ft=1 fh=4015be178e691f54 vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\64Uninstall TelevisionFanatic.dll"
sh=CC9173458DA2B4828925A11AC304A4B7C567E26E ft=1 fh=3e0a7ef28e598d37 vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\65Uninstall FromDocToPDF.dll"
sh=15780E2D434C0E4141659CE6CBF61C7C6ACA059F ft=1 fh=4015be178e691f54 vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll.vir"
sh=56CF4F2AC44C6ADD5CDCD419BA4B99D22DC7A0E3 ft=1 fh=46ed14ba69906e9f vn="Win32/Toolbar.MyWebSearch.X evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe.vir"
sh=F5946D49A70A64072739370E7BAD592FE4799EA1 ft=1 fh=5bc3efb780caf8fa vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64skplay.exe.vir"
sh=BE21D76E502D546B2D88093E13F07923EB59380B ft=1 fh=7424967c664ed914 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll.vir"
sh=511D06F2CCE4C759F2C44603CC19672211440B03 ft=1 fh=5adf7b3fb01f74be vn="Variante von Win32/Vittalia.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\srmdis\Downloads\installer_pou_for_pc_1_2_6_Deutsch.exe"
Code:
ATTFilter Results of screen317's Security Check version 1.00
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
JavaFX 2.1.1
Java 8 Update 31
Java version 32-bit out of Date!
Adobe Flash Player 17.0.0.169
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (37.0.2)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-04-2015
Ran by srmdis (administrator) on MEINKLAPPTOP on 25-04-2015 10:33:58
Running from C:\Users\srmdis\Desktop
Loaded Profiles: srmdis (Available profiles: srmdis & Benito & Gast)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(O2Micro International) C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Toshiba) C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation.) C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(Chicony) C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(TOSHIBA) C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SMARTAUDIO\SmAudio.exe
() C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(TOSHIBA Corporation.) C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Google EULA Launcher] => c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [20480 2008-05-28] ( )
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-11-29] (Synaptics, Inc.)
HKLM\...\Run: [HDMICtrlMan] => C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [716800 2008-04-26] (TOSHIBA Corporation.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [652624 2007-10-26] (CANON INC.)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [NPSStartup] => [X]
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [601928 2013-07-04] (BlueStack Systems, Inc.)
HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-04-29] (Chicony)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\...\Run: [toscdspd] => TOSCDSPD.EXE
HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\...\Run: [SmAudio] => C:\Program Files\Conexant\SmartAudio\SmAudio.exe [2712912 2008-10-29] (Conexant Systems, Inc.)
Startup: C:\Users\Anette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-11-03]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2008-07-10]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2008-07-10]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
GroupPolicyUsers\S-1-5-21-4203143292-2018196265-3648757700-1004\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM -> {42D46B07-5919-4F66-9FBC-1B418FEE0FE5} URL = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000 -> {42D46B07-5919-4F66-9FBC-1B418FEE0FE5} URL = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GPEA_de
SearchScopes: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000 -> {E52BE12D-A44A-4f51-9DC1-34F37A488CC7} URL = hxxp://search.videodownload-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-23] (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-23] (Oracle Corporation)
Toolbar: HKLM - PAYBACK Toolbar - {9613CB43-EA4C-48b5-878D-13DFE1818EFE} - C:\Program Files\Payback\PAYBACK Toolbar\PaybackToolbar.dll [2012-07-11] (PAYBACK GmbH)
Toolbar: HKLM - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000 -> No Name - {E52BE12D-A44A-4F51-9DC1-34F37A488CC7} - No File
Toolbar: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-4203143292-2018196265-3648757700-1000 -> PAYBACK Toolbar - {9613CB43-EA4C-48B5-878D-13DFE1818EFE} - C:\Program Files\Payback\PAYBACK Toolbar\PaybackToolbar.dll [2012-07-11] (PAYBACK GmbH)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
Tcpip\..\Interfaces\{944C3433-49ED-4329-B601-C11A37843AB3}: [NameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default
FF Homepage: https://www.google.de/
FF NetworkProxy: "share_proxy_settings", true
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-19] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll [2013-04-26] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-07-12] (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4203143292-2018196265-3648757700-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\srmdis\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-08] (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\Extensions\abs@avira.com [2015-04-06]
FF Extension: FoxyProxy Standard - C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\Extensions\foxyproxy@eric.h.jung [2015-04-19]
FF Extension: Proxy-Listen.de - Proxyswitcher - C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\Extensions\admin@proxy-listen.de.xpi [2014-03-17]
FF Extension: Grooveshark Unlocker - C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\Extensions\groovesharkUnlocker@overlord1337.xpi [2013-09-25]
FF Extension: SciLor's Grooveshark(tm) Unlocker for Germany - C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\Extensions\SciLorsGrooveUnlocker@scilor.com.xpi [2013-09-25]
FF Extension: PAYBACK Internet Assistent fuer Firefox - C:\Users\srmdis\AppData\Roaming\Mozilla\Firefox\Profiles\05orbz0y.default\Extensions\toolbar-ff@payback.de.xpi [2013-11-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-17]
FF HKU\S-1-5-21-4203143292-2018196265-3648757700-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
Chrome:
=======
CHR Profile: C:\Users\srmdis\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [815352 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1004032 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [393032 2013-07-04] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384840 2013-07-04] (BlueStack Systems, Inc.)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2009-03-31] (Teruten) [File not signed]
S2 gupdate1c9ce8ca7271c73; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 o2flash; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [65536 2007-02-12] (O2Micro International) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]
R3 SmartFaceVWatchSrv; C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [73728 2008-04-24] (Toshiba) [File not signed]
R2 TemproMonitoringService; C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [116104 2009-04-21] (Toshiba Europe GmbH)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26032 2014-04-09] (Wondershare)
R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [24408 2012-03-07] (AVAST Software)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-04-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-04-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2015-04-06] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [63816 2013-07-04] (BlueStack Systems)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [8192 2007-04-09] (TOSHIBA)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [22184 2013-12-04] (Audials AG)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2015-04-06] (Avira GmbH)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39048 2013-12-04] (RapidSolution Software AG)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\srmdis\AppData\Local\Temp\catchme.sys [X]
S3 igfx; system32\DRIVERS\igdkmd32.sys [X]
S3 IntcHdmiAddService; system32\drivers\IntcHdmi.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 Tosrfcom; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-25 10:33 - 2015-04-25 10:33 - 00020257 ____C () C:\Users\srmdis\Desktop\FRST.txt
2015-04-25 10:26 - 2015-04-25 10:26 - 00852616 ____C () C:\Users\srmdis\Desktop\SecurityCheck.exe
2015-04-25 09:18 - 2015-04-25 09:18 - 00000000 ____C () C:\Windows\setuperr.log
2015-04-25 09:18 - 2015-04-25 09:18 - 00000000 ____C () C:\Windows\setupact.log
2015-04-25 08:39 - 2015-04-25 08:39 - 02347384 ____C (ESET) C:\Users\srmdis\Downloads\esetsmartinstaller_deu(1).exe
2015-04-25 08:25 - 2015-04-25 08:25 - 00000000 ___DC () C:\Program Files\Mozilla Firefox
2015-04-20 03:27 - 2015-03-09 03:01 - 01249280 ____C (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-20 03:10 - 2015-03-05 04:24 - 00297984 ____C (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-20 03:09 - 2015-03-05 04:32 - 00244152 ____C (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-20 03:09 - 2015-03-05 04:23 - 00057344 ____C (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-20 03:08 - 2015-03-14 04:21 - 01205168 ____C (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-20 03:08 - 2015-03-13 03:51 - 03604920 ____C (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-20 03:08 - 2015-03-13 03:51 - 03552184 ____C (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-20 03:04 - 2015-04-20 03:04 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-20 03:04 - 2015-04-20 03:04 - 00000000 ___DC () C:\Program Files\Common Files\Skype
2015-04-19 18:24 - 2015-03-10 01:06 - 12377600 ____C (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-19 18:24 - 2015-03-10 01:03 - 00367104 ____C (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-19 18:24 - 2015-03-10 01:02 - 01810944 ____C (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-19 18:24 - 2015-03-10 01:00 - 09747968 ____C (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-19 18:24 - 2015-03-10 00:57 - 01139200 ____C (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-19 18:24 - 2015-03-10 00:57 - 01129472 ____C (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-19 18:24 - 2015-03-10 00:56 - 01803264 ____C (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-19 18:24 - 2015-03-10 00:56 - 01427968 ____C (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-19 18:24 - 2015-03-10 00:56 - 00717824 ____C (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-19 18:24 - 2015-03-10 00:56 - 00421376 ____C (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-19 18:24 - 2015-03-10 00:56 - 00231936 ____C (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-19 18:24 - 2015-03-10 00:56 - 00065024 ____C (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-19 18:24 - 2015-03-10 00:55 - 02382848 ____C (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-19 18:24 - 2015-03-10 00:55 - 00607744 ____C (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-19 18:24 - 2015-03-10 00:55 - 00353792 ____C (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-19 18:24 - 2015-03-10 00:55 - 00223232 ____C (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-19 18:24 - 2015-03-10 00:55 - 00176640 ____C (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-19 18:24 - 2015-03-10 00:55 - 00142848 ____C (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-19 18:24 - 2015-03-10 00:55 - 00073216 ____C (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-19 18:24 - 2015-03-10 00:55 - 00041472 ____C (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-19 18:24 - 2015-03-10 00:55 - 00011776 ____C (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-19 18:24 - 2015-03-10 00:55 - 00010752 ____C (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-19 18:08 - 2015-04-19 18:09 - 00035184 ____C () C:\Users\srmdis\Desktop\Addition.txt
2015-04-19 18:07 - 2015-04-25 10:33 - 01139200 ____C (Farbar) C:\Users\srmdis\Desktop\FRST.exe
2015-04-19 17:56 - 2015-04-19 17:56 - 00000207 ____C () C:\Windows\tweaking.com-regbackup-MEINKLAPPTOP-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2015-04-19 17:55 - 2015-04-19 17:55 - 00000000 ___DC () C:\RegBackup
2015-04-19 17:54 - 2015-04-19 17:54 - 02686254 ____C (Thisisu) C:\Users\srmdis\Desktop\JRT.exe
2015-04-19 17:19 - 2015-04-19 17:19 - 02217984 ____C () C:\Users\srmdis\Downloads\AdwCleaner_4.201(1).exe
2015-04-19 16:16 - 2015-04-19 17:28 - 00000000 ___DC () C:\AdwCleaner
2015-04-19 16:15 - 2015-04-19 16:15 - 02217984 ____C () C:\Users\srmdis\Downloads\AdwCleaner_4.201.exe
2015-04-19 16:04 - 2015-04-19 16:04 - 00011718 ____C () C:\Malwarebytes Suchlauf 01.txt
2015-04-19 15:18 - 2015-04-19 15:19 - 00119512 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-19 15:18 - 2015-04-19 15:18 - 00000904 ____C () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-19 15:17 - 2015-04-19 15:18 - 00000000 ___DC () C:\Program Files\ Malwarebytes Anti-Malware
2015-04-19 15:17 - 2015-04-19 15:17 - 00000000 ___DC () C:\ProgramData\Malwarebytes
2015-04-19 15:17 - 2015-03-17 06:15 - 00092888 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-19 15:17 - 2015-03-17 06:15 - 00051928 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-19 15:17 - 2015-03-17 06:15 - 00023256 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-19 15:14 - 2015-04-19 15:15 - 21540440 ____C (Malwarebytes Corporation ) C:\Users\srmdis\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-11 11:05 - 2015-04-11 11:05 - 00000000 ___DC () C:\ProgramData\Package Cache
2015-04-08 15:50 - 2015-04-08 15:51 - 00000000 __SDC () C:\ComboFix
2015-04-08 12:18 - 2011-06-26 08:45 - 00256000 ____C () C:\Windows\PEV.exe
2015-04-08 12:18 - 2010-11-07 19:20 - 00208896 ____C () C:\Windows\MBR.exe
2015-04-08 12:18 - 2009-04-20 06:56 - 00060416 ____C (NirSoft) C:\Windows\NIRCMD.exe
2015-04-08 12:18 - 2000-08-31 02:00 - 00518144 ____C (SteelWerX) C:\Windows\SWREG.exe
2015-04-08 12:18 - 2000-08-31 02:00 - 00406528 ____C (SteelWerX) C:\Windows\SWSC.exe
2015-04-08 12:18 - 2000-08-31 02:00 - 00098816 ____C () C:\Windows\sed.exe
2015-04-08 12:18 - 2000-08-31 02:00 - 00080412 ____C () C:\Windows\grep.exe
2015-04-08 12:18 - 2000-08-31 02:00 - 00068096 ____C () C:\Windows\zip.exe
2015-04-08 12:16 - 2015-04-08 12:18 - 00000000 ___DC () C:\Qoobox
2015-04-08 12:15 - 2015-04-08 12:15 - 00000000 ___DC () C:\Windows\erdnt
2015-04-08 12:14 - 2015-04-08 15:50 - 00000000 __SDC () C:\32788R22FWJFW
2015-04-08 12:13 - 2015-04-08 12:14 - 05617096 ___RC (Swearware) C:\Users\srmdis\Desktop\ComboFix.exe
2015-04-08 11:49 - 2012-09-23 22:35 - 00699536 ____C (MindSpark) C:\Program Files\64Uninstall TelevisionFanatic.dll
2015-04-08 11:49 - 2012-09-23 22:35 - 00172456 ____C () C:\Program Files\64res.dll
2015-04-08 11:15 - 2015-04-08 11:15 - 00001080 ____C () C:\Users\srmdis\Desktop\Revo Uninstaller.lnk
2015-04-08 11:15 - 2015-04-08 11:15 - 00000000 ___DC () C:\Program Files\VS Revo Group
2015-04-08 11:13 - 2015-04-08 11:13 - 02623656 ____C (VS Revo Group Ltd.) C:\Users\srmdis\Downloads\revosetup95.exe
2015-04-07 10:42 - 2015-04-25 10:34 - 00000000 ___DC () C:\FRST
2015-04-06 16:48 - 2015-04-06 16:48 - 00000000 ___DC () C:\Program Files\ESET
2015-04-06 16:47 - 2015-04-06 16:47 - 02347384 ____C (ESET) C:\Users\srmdis\Downloads\esetsmartinstaller_deu.exe
2015-04-06 16:28 - 2015-04-06 16:28 - 00243656 ____C () C:\Users\srmdis\Downloads\Firefox Setup Stub 37.0.1.exe
2015-04-06 16:00 - 2015-04-06 16:02 - 24301976 ____C () C:\Users\srmdis\Downloads\driver_audio_conexant_TC70050000A(1).exe
2015-04-06 16:00 - 2015-04-06 16:01 - 24301976 ____C () C:\Users\srmdis\Downloads\driver_audio_conexant_TC70050000A.exe
2015-04-06 15:21 - 2015-04-07 14:38 - 00000000 ___DC () C:\Users\srmdis\AppData\Roaming\Avira
2015-04-06 15:17 - 2015-04-06 15:10 - 00136216 ____C (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-06 15:17 - 2015-04-06 15:10 - 00105864 ____C (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-04-06 15:17 - 2015-04-06 15:10 - 00037352 ____C (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-04-06 15:17 - 2015-04-06 15:10 - 00028520 ____C (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2015-04-06 14:37 - 2015-04-19 17:30 - 00174298 ____C () C:\Windows\PFRO.log
2015-04-06 14:16 - 2015-04-06 14:16 - 00000918 ____C () C:\Users\srmdis\Documents\cc_20150406_141643.reg
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-25 10:30 - 2009-02-12 13:02 - 00000418 ___HC () C:\Windows\Tasks\User_Feed_Synchronization-{1D6C683A-5F44-44BD-A493-C7E113AD41AA}.job
2015-04-25 10:29 - 2012-04-03 21:01 - 00000884 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-25 10:23 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-25 10:23 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-25 09:56 - 2010-01-24 21:53 - 01733656 ____C () C:\Windows\WindowsUpdate.log
2015-04-25 09:36 - 2009-06-30 19:34 - 00001060 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-25 08:31 - 2012-10-13 12:59 - 00000000 ___DC () C:\Program Files\Mozilla Maintenance Service
2015-04-24 17:30 - 2009-06-30 19:34 - 00001056 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-20 07:01 - 2013-05-31 22:29 - 00000350 ____C () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-04-20 03:53 - 2008-01-21 09:16 - 01566088 ____C () C:\Windows\system32\PerfStringBackup.INI
2015-04-20 03:46 - 2006-11-02 15:01 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2015-04-20 03:43 - 2006-11-02 15:01 - 00032668 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-20 03:27 - 2013-08-15 23:15 - 00000000 ___DC () C:\Windows\system32\MRT
2015-04-20 03:27 - 2006-11-02 13:18 - 00000000 ___DC () C:\Windows\Microsoft.NET
2015-04-20 03:12 - 2006-11-02 12:24 - 125832184 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-04-20 03:04 - 2010-01-09 23:13 - 00000000 __RDC () C:\Program Files\Skype
2015-04-20 03:04 - 2009-05-14 21:42 - 00000000 ___DC () C:\ProgramData\Skype
2015-04-19 20:49 - 2006-11-02 14:37 - 00000000 __RDC () C:\Users\srmdis\Desktop\Games
2015-04-19 15:29 - 2012-04-03 21:01 - 00778416 ____C (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-19 15:29 - 2011-05-17 09:42 - 00142512 ____C (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-11 11:06 - 2013-03-19 22:37 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-11 11:06 - 2013-03-19 22:37 - 00000000 ___DC () C:\Program Files\Avira
2015-04-08 15:34 - 2013-06-17 18:18 - 00000000 ___DC () C:\Program Files\OXXOGames
2015-04-08 12:37 - 2009-02-06 15:41 - 00000000 ___DC () C:\Users\srmdis
2015-04-08 11:31 - 2011-04-15 20:17 - 00000000 ___DC () C:\Program Files\Shareaza Applications
2015-04-07 14:36 - 2013-03-19 22:37 - 00000000 ___DC () C:\ProgramData\Avira
2015-04-06 16:31 - 2012-02-05 18:50 - 00000869 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-06 16:31 - 2012-02-05 18:23 - 00000857 ____C () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-06 15:14 - 2013-07-19 18:21 - 00000000 ___DC () C:\Users\srmdis\AppData\Roaming\.minecraft
2015-04-04 12:56 - 2010-08-15 15:01 - 00000680 ____C () C:\Users\srmdis\AppData\Local\d3d9caps.dat
==================== Files in the root of some directories =======
2015-04-08 11:49 - 2012-09-23 22:35 - 0172456 ____C () C:\Program Files\64res.dll
2015-04-08 11:49 - 2012-09-23 22:35 - 0699536 ____C (MindSpark) C:\Program Files\64Uninstall TelevisionFanatic.dll
2015-02-13 20:42 - 2013-05-20 15:40 - 0186752 ____C () C:\Program Files\65res.dll
2015-02-13 20:42 - 2013-05-20 15:40 - 0708168 ____C (MindSpark) C:\Program Files\65Uninstall FromDocToPDF.dll
2014-12-24 23:31 - 2014-12-24 23:39 - 0000369 ____C () C:\Users\srmdis\AppData\Roaming\.foobillardrc
2009-02-07 12:46 - 2009-02-07 12:46 - 0000016 ___HC () C:\Users\srmdis\AppData\Roaming\mxfilerelatedcache.mxc2
2009-11-07 21:59 - 2009-11-07 21:59 - 0025903 ____C () C:\Users\srmdis\AppData\Roaming\UserTile.png
2013-09-29 11:40 - 2014-10-21 16:38 - 0000093 ____C () C:\Users\srmdis\AppData\Roaming\WB.CFG
2013-09-29 11:40 - 2014-02-01 01:40 - 0000005 ____C () C:\Users\srmdis\AppData\Roaming\WBPU-TTL.DAT
2009-02-07 14:28 - 2015-02-22 18:22 - 0005558 ____C () C:\Users\srmdis\AppData\Roaming\wklnhst.dat
2010-08-15 15:01 - 2015-04-04 12:56 - 0000680 ____C () C:\Users\srmdis\AppData\Local\d3d9caps.dat
2009-12-05 23:47 - 2014-12-25 14:40 - 0045568 ____C () C:\Users\srmdis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-12-13 21:41 - 2009-12-13 21:41 - 0000016 ___HC () C:\Users\srmdis\AppData\Local\mxfilerelatedcache.mxc2
2014-06-10 18:55 - 2014-06-10 18:55 - 0000000 ____C () C:\Users\srmdis\AppData\Local\{46F898B1-04B3-4243-8B9E-0BDD44F8C4CA}
2009-11-20 21:44 - 2009-11-20 21:44 - 0000016 ___HC () C:\ProgramData\mxfilerelatedcache.mxc2
Some content of TEMP:
====================
C:\Users\srmdis\AppData\Local\Temp\avgnt.exe
C:\Users\srmdis\AppData\Local\Temp\Quarantine.exe
C:\Users\srmdis\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-20 03:50
==================== End Of Log ============================
--- --- --- --- --- --- Abschlussbericht: :-) CPU-Auslastung harmlos, liegt nach dem Hochfahren und im jungfräulichen Zustand im einstelligen Bereich!  Filme scheinen wieder ruckelfrei zu laufen und auch ansonsten ist der Rechner beim Arbeiten nahezu schneller als sein Schatten. Ich bin begeistert! Kannst Du denn nachvollziehen oder zusammenfassen, wo das Problem letztendlich lag? Damit ich das künftig erkennen oder vermeiden kann? Viele liebe Grüße, tausend thanks! Du bist mein Held!  |
|
25.04.2015, 19:27
| #10 |
| /// the machine /// TB-Ausbilder | CPU-Auslastung 100% und blinkende Sanduhr und und und.... Java und adobe updaten. Da war jede Menge Adware Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Program Files\64Uninstall TelevisionFanatic.dll
C:\Program Files\65Uninstall FromDocToPDF.dll
GroupPolicyUsers\S-1-5-21-4203143292-2018196265-3648757700-1004\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
 Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst... und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
