| |
| |||||||
Log-Analyse und Auswertung: Google :We're sorry... ... but your computer or network may be sending automated...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.06.2015, 18:54
| #1 |
| |  Google :We're sorry... ... but your computer or network may be sending automated...Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e78ad24ee4d06545bf981f452a0e8503
# end=init
# utc_time=2015-06-22 04:30:41
# local_time=2015-06-22 06:30:41 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24446
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e78ad24ee4d06545bf981f452a0e8503
# end=updated
# utc_time=2015-06-22 04:34:11
# local_time=2015-06-22 06:34:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=e78ad24ee4d06545bf981f452a0e8503
# engine=24446
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-06-22 05:44:19
# local_time=2015-06-22 07:44:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Bitdefender Antivirus'
# compatibility_mode=2065 16777213 100 100 6600 138840368 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 11319917 186624909 0 0
# scanned=151835
# found=57
# cleaned=54
# scan_time=4207
sh=6A216382E24BD70BC88551503269C7EF733F6970 ft=1 fh=ae60b985305d3c4a vn="Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{A4E81EB5-D09A-4338-A1D3-98B87F0B3C43}\Custom.dll"
sh=6A216382E24BD70BC88551503269C7EF733F6970 ft=1 fh=ae60b985305d3c4a vn="Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{D470A951-175F-4581-A76A-5F7D0F938BA7}\Custom.dll"
sh=6C5F221B49AD2693D21EE0528FE6286A410D7517 ft=1 fh=fdf8e68f729f4ef4 vn="Variante von Win32/Adware.MultiPlug.I Anwendung" ac=I fn="C:\Users\All Users\SearchNewTab\51a9d76930fe2.dll"
sh=6A216382E24BD70BC88551503269C7EF733F6970 ft=1 fh=ae60b985305d3c4a vn="Win32/InstalleRex.T evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\InstallMate\{A4E81EB5-D09A-4338-A1D3-98B87F0B3C43}\Custom.dll"
sh=6A216382E24BD70BC88551503269C7EF733F6970 ft=1 fh=ae60b985305d3c4a vn="Win32/InstalleRex.T evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\InstallMate\{D470A951-175F-4581-A76A-5F7D0F938BA7}\Custom.dll"
sh=6C5F221B49AD2693D21EE0528FE6286A410D7517 ft=1 fh=fdf8e68f729f4ef4 vn="Variante von Win32/Adware.MultiPlug.I Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\SearchNewTab\51a9d76930fe2.dll"
sh=97C98A20388FD894B92FD8325545966CA945BCFB ft=1 fh=6121d07ea56d1649 vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Frank\AppData\Roaming\OpenCandy\A633ADA795F84DC78FC2942BB5C44615\Setupsft_chr_p1v7.exe"
sh=C39527647E8321C2BF2ECB74DB4B646CD8207092 ft=1 fh=2362701e1f7946fe vn="Win32/Systweak.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Frank\AppData\Roaming\Systweak\ssd\SSDPTstub.exe"
sh=5A469A250A7B31794739022DF482EAE979A8FB26 ft=1 fh=d2eddc04976c8153 vn="Variante von Win32/InstallCore.JO evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Frank\Downloads\AdobeFlashPlayer.exe"
sh=1977F2F0A49C992E60324A527A5887305D48E3D7 ft=1 fh=dc889aa2aa041916 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\roboot64.exe"
sh=2679B1ADCDBF42B1FF23CFE2A001B14D63DCFB00 ft=1 fh=24ec196a8fe302a1 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Download\advanced_renamer_setup-Downloader.exe"
sh=382BAAB8CC1A2B4ECEC195893DEE6F5F0CB71044 ft=1 fh=e3931fd31f92ce40 vn="Win32/OpenCandy potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Download\avc-free.exe"
sh=8568E5906A1002015D71E4D0FA4389BE2E6C79EE ft=1 fh=e3fdcb28992303ed vn="Win32/OpenCandy potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Download\clipgrab-3.3.0.4.exe"
sh=8A324746091B39CAE5343CAC323E60621CD23629 ft=1 fh=ec691b604c2e1869 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Download\FFSetup3.0.1.1.exe"
sh=B99513B2BF0AAD69EB5AD23CF7EE8EEAE5A99F26 ft=1 fh=9e16ef67a5995f70 vn="Win32/OpenCandy potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Download\FreeAVIVideoConverter_5.0.22.128.exe"
sh=20CBD93A0041DA2EEEF6350F6426407DF660858D ft=1 fh=d759e13467cf5f31 vn="Win32/OpenCandy potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Download\FreemakeVideo4121ConverterSetup.exe"
sh=ACC17BCCC72620F6CAB9D9B8CEC82B5D9BF84542 ft=1 fh=511df113c0e83a4f vn="Win32/OpenCandy potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Download\FreemakeVideoDownloaderSetup_3.5.1.exe"
sh=D8C8A9C6597F324CEB29F637730D8AF141248966 ft=1 fh=d47b987c964d4577 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Download\Google Chrome Backup - CHIP-Downloader.exe"
sh=D7575DDFDB18BDAE8ECBE7D33CC6108EDD7FEE99 ft=1 fh=bdf27a521dc3e6f4 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Download\iLividSetup-r394-n-bf.exe"
sh=CC5B2E6CB51F3A74206B56F243166367C90C54EC ft=1 fh=c71c00118ee1f6e1 vn="Variante von Win32/InstallCore.MJ evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Download\Media-Player.exe"
sh=7B045982347A89210E5C566DC2AE1522E4646C1D ft=1 fh=c702b9ad13c53045 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Download\MP3jam - CHIP-Downloader.exe"
sh=CA3F0BC2688FF21992A8B2DEABC7C83123FDE080 ft=1 fh=b9dd3379253ebb40 vn="Win32/InstallMonetizer.AL evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Download\P1140856.JPG.exe"
sh=0C5B0C39D36AAC25DC4456F3CEEE7DB37CF06959 ft=1 fh=7ad1234d22b252c9 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Download\PDFXVwer_2.5.209.exe"
sh=521EDD93E5BB286E50ED6158227E3D6CC1647F20 ft=1 fh=97284526f85a6573 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Download\rcsetup145.exe"
sh=F7511D8F7E2D032A517A400EEA63374798FF4BB0 ft=1 fh=ec17a1732fd24011 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Download\rcsetup149.exe"
sh=8BE4C277A62F2400C3B0A20F39297D310774E2AC ft=1 fh=d69c639933d87dfe vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Download\Setup21_FreeConverter.exe"
sh=1FD7261F934534FC6C76297454C8A33D32BB6994 ft=1 fh=1a24bf3e651b1803 vn="Win32/Somoto.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Download\streamtransport_setup.exe"
sh=535F1C13D2919068DDF7552FCBDFA5A37764276B ft=0 fh=0000000000000000 vn="Variante von Win32/HackTool.Patcher.AD potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Download\Tuneup Utilities 2013 Patch [Lucaberlin98].zip"
sh=25DE9D0F9FD083A5AA3D196B0A4161977D553E6F ft=0 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Download\CCleaner.v4.11.Build.4619.Professional.Edition.x32.x64.ML.incl.Patch.Serial-IND\ind.rar"
sh=C662A89E2318810A6012EF702A9C39F6E0AC3B36 ft=1 fh=e8789dd77b481b56 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Download\CCleaner.v4.11.Build.4619.Professional.Edition.x32.x64.ML.incl.Patch.Serial-IND\ind\ccsetup411.exe"
sh=A635709C0BB6AE7389F081B3AF43E55D9085FA29 ft=1 fh=2f9c275937725ba8 vn="Variante von Win32/Keygen.GY potenziell unsichere Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Download\Wiederherstellung der Festplatte\OO.DiskRecovery.v7.1.183\OO.DiskRecovery.v7.1.183\KG\ZWT-keygen.exe"
sh=931E37B8D3A50D96A7D0DA43E94CCFF6E2D25484 ft=1 fh=d2e059ca2c5fadad vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Handy Samsung\Samsung Android USB Composite Device Treiber - CHIP-Installer.exe"
sh=7F402AC2C83A42408C55CFBC3F2C33E60EE923A0 ft=0 fh=0000000000000000 vn="Android/Exploit.PSN.A Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Handy Sony\Flashtool\FlashTool\custom\root\givmeroot.tar"
sh=39AC22A305C87E158D77E86D0FAFF252E1C16A07 ft=1 fh=840a1a7bcf9a05fc vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Weihachtslieder\GSpot - CHIP-Installer.exe"
sh=00E9708E4EE217BF273D6941FB4F9F854BCEEA67 ft=1 fh=c764e7da6167f8b9 vn="Win32/DownloadGuide.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Weihachtslieder\X-Codec-Pack-2.7.2_CB-DL-Manager.exe"
sh=1F877F9D540AAF2DA9521F4EA26DA1D199C3480D ft=1 fh=6f8099e2b75d3512 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Weihachtslieder\5219-DDLW\CCleaner Professional & Business v5.06.5219 Multilingual\ccsetup506pro.exe"
sh=A547973298426166F6C495C902844CBCA863269F ft=1 fh=de620cd3cd0dd399 vn="Variante von Win32/Packed.VMProtect.AAD Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="F:\Spiele\Assassins Creed III\Assassins Creed III\hmh-aciiicrackfix.exe"
sh=B30559AA97AE446F2BDD6EBFF7A92FF1907A76ED ft=1 fh=3f7f9ad8b6153593 vn="Variante von Win32/Packed.VMProtect.AAD Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\Spiele\Assassins Creed III\Assassins Creed III\ubiorbitapi_r2_loader.dll"
sh=C5D165567A08772B278CDEB17BFA8687C2C1B32F ft=1 fh=400448ef3aa5889a vn="Variante von Win32/SweetIM.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\altes LW d\Downloads\FLVPlayerSetup.exe"
sh=4A3E9B131C1171D0B45548DAAC8FE69762B065F5 ft=1 fh=9dac8bc826bf68ea vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\altes LW d\Downloads\YouTubeDownloaderSetup262.exe"
sh=A547973298426166F6C495C902844CBCA863269F ft=1 fh=de620cd3cd0dd399 vn="Variante von Win32/Packed.VMProtect.AAD Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\Assassins.Creed.III.Multi2.Rip-HMH\Assassins.Creed.III.Multi2.Rip.Crack.Fix-HMH\hmh-aciiicrackfix.exe"
sh=076FA525AF763C80D72EFD715B06CDABFB238FE1 ft=1 fh=e46e534fe7072d82 vn="Win32/OpenCandy potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\Programme\avc-free3.06-universal.exe"
sh=D5C4045371A33B9E772479B97B010C32DE1CC147 ft=1 fh=b3a75859fcdc88a8 vn="Win32/OpenCandy potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\Programme\avc310-free.exe"
sh=25CF9B7BB46B581ED8DE03DDC56E1574087CACAA ft=1 fh=10c5a1651be6049d vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\Programme\ccsetup326.exe"
sh=B8A0670D021B5E54A638FE48A0B739DBCEFF2564 ft=1 fh=5f4d1db69eea899d vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\Programme\TVersitySetup_1_8.exe"
sh=951EAAE26C450A1B979DA56DE157925EA0E63986 ft=0 fh=0000000000000000 vn="Variante von Win32/HackTool.Patcher.X potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\Programme\Alcohol.120%.v1.9.5.2802.Retail.MultiLanguage.Cracked-BetaMaster\bm-a120_1.9.5.2802_retail_patch.rar"
sh=6A4DBF7C675551B5350F102498B06BB5C5151EEA ft=1 fh=4d6290471a65b747 vn="Variante von Win32/HackTool.Patcher.X potenziell unsichere Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\Programme\Alcohol.120%.v1.9.5.2802.Retail.MultiLanguage.Cracked-BetaMaster\bm-a120_1.9.5.2802_retail_patch\bm-Al_2802_patch.exe"
sh=D813DEA9E6243693B838BEFD83E3E3924AE390AF ft=1 fh=b39a815465a38b94 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\Programme\Ashampoo Photo Commander 9.0.0 Final Multi Deutsch\Setup\ashampoo_photo_commander_9_e9.0.0_sm.exe"
sh=EC24867176BD8148ED2C062C870D7E2A3E161FD6 ft=1 fh=ddaefaf5f1f8dbee vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\Programme\CCleaner.Professional.Business.v5.02.5101.Multilanguage\CCleaner.Professional.Business.v5.02.5101.Multilanguage\ccsetup502pro.exe"
sh=A635709C0BB6AE7389F081B3AF43E55D9085FA29 ft=1 fh=2f9c275937725ba8 vn="Variante von Win32/Keygen.GY potenziell unsichere Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\Programme\Datenrettung\OO.DiskRecovery.v7.1.183\OO.DiskRecovery.v7.1.183\KG\ZWT-keygen.exe"
sh=F0FDC5F071DE919C297DC01655A1B7CED8C08136 ft=1 fh=80b9c1979d07b44f vn="Variante von Win32/HackTool.Patcher.N potenziell unsichere Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\Programme\DVR - Studio\dvr_studio_pro2.15_german_loader.exe"
sh=3A89DAEE2C931D0AAA7B102D3DA9D2174DC5875E ft=1 fh=d16f3ccb0b0b7a97 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\Programme\ImgBurn Brennprogramm\SetupImgBurn_2.5.5.0.exe"
sh=A35C8FACEBDDB550DB8BBC8D5B566040595FE842 ft=0 fh=0000000000000000 vn="Variante von Win32/Keygen.HT potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\Programme\MP3-DJ\MP3-DJ.v11.5.0.GERMAN-CRD.zip"
sh=29831E22849AFA8B89A768F6811AA51598730AE8 ft=1 fh=5c6da0ea2c616233 vn="Variante von Win32/Keygen.HT potenziell unsichere Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\Programme\MP3-DJ\MP3-DJ.v11.5.0.GERMAN-CRD\MP3-DJ.v11.5.0.GERMAN-CRD\keygen\mp.exe"
sh=7D7F2D6CB8E887B92CF673DE5760E6D55E0DB577 ft=1 fh=9503678820fb21c1 vn="Variante von Win32/HackTool.Patcher.AF potenziell unsichere Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\Programme\Sicherheit\Registry Healer 4.4.1.279\Registry Healer v4.4.1 Build 279 Patch.exe"
sh=21C23C470BDABB763D2FC372D86E9D3FB9F923AE ft=1 fh=1a43b0206fc57ad6 vn="Win32/HackTool.Crack.O potenziell unsichere Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\Wolfenstein\dirt2\DiRT 3 - COMPLETE LiMiTED EDiTiON 2011 ENG MULTi 6 - CLONE DVD\dirt3crackonly\SKIDROW\paul.dll"
sh=5B31FB5741304E8486ACFD81E30B314B87A28E9F ft=1 fh=b4b60b69ec22cbd1 vn="Win32/HackTool.Crack.O potenziell unsichere Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\Wolfenstein\dirt2\DiRT 3 - COMPLETE LiMiTED EDiTiON 2011 ENG MULTi 6 - CLONE DVD\dirt3crackonly\SKIDROW\SKIDROW.dll"
|
|
22.06.2015, 19:02
| #2 |
| /// the machine /// TB-Ausbilder    | Google :We're sorry... ... but your computer or network may be sending automated... hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
08.07.2015, 18:34
| #3 |
| | Google :We're sorry... ... but your computer or network may be sending automated... Frst.txt
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015
Ran by Frank (administrator) on FRANK-PC on 08-07-2015 19:29:20
Running from D:\Weihachtslieder
Loaded Profiles: Frank (Available Profiles: Frank & Karola & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) D:\Programme\Bitdefender\Bitdefender\Bitdefender 2015\vsserv.exe
(O&O Software GmbH) D:\Programme\OO Software\Defrag\oodag.exe
(DEVGURU Co., LTD.) D:\Programme\USB Drivers\25_escape\conn\ss_conn_service.exe
(Bitdefender) D:\Programme\Bitdefender\Bitdefender\Bitdefender 2015\updatesrv.exe
(O&O Software GmbH) D:\Programme\OO Software\Defrag\oodtray.exe
(Bitdefender) D:\Programme\Bitdefender\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) D:\Programme\Bitdefender\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mozilla Corporation) D:\Programme\Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [OODefragTray] => D:\Programme\OO Software\Defrag\oodtray.exe [4039496 2010-08-31] (O&O Software GmbH)
HKLM\...\Run: [Bdagent] => D:\Programme\Bitdefender\Bitdefender\Bitdefender 2015\bdagent.exe [1691112 2015-04-06] (Bitdefender)
HKU\S-1-5-21-1882155644-948210159-577086912-1001\...\Run: [Bitdefender-Geldbörse-Agent] => D:\Programme\Bitdefender\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-02-25] (Bitdefender)
HKU\S-1-5-21-1882155644-948210159-577086912-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-1882155644-948210159-577086912-1001\...\MountPoints2: E - E:\Start.exe "-cautorun.inf"
HKU\S-1-5-21-1882155644-948210159-577086912-1001\...\MountPoints2: {86bdca55-0313-11e3-8d98-001fd02169be} - G:\LGAutoRun.exe
Startup: C:\Users\Karola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2014-03-22]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> D:\Programme\Open Office\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [Outpost] -> {33C9E362-3EDA-4930-8AFE-5DA39A8BB77A} => No File
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => D:\Programme\Bitdefender\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => D:\Programme\Bitdefender\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => D:\Programme\Bitdefender\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => D:\Programme\Bitdefender\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
BootExecute: autocheck autochk * autocheck turegoptOODBS
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1882155644-948210159-577086912-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKU\S-1-5-21-1882155644-948210159-577086912-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1882155644-948210159-577086912-1001 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_16_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0F0DtDtBtCyCzy0C0E0A0FzyzytN0D0Tzu0SzztAzytN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDzy0EyE0F0E0DtDtGzzyC0CzztG0B0FyE0CtGyEyCtCtAtGtDtC0D0BtCzzzz0EyB0C0DtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0A0A0A0F0F0FzytGyCtByEyBtGzyzz0BtDtG0FyCtA0AtGtBzyyD0EtA0D0AyBtByB0CtA2Q&cr=1754254014&ir=
SearchScopes: HKU\S-1-5-21-1882155644-948210159-577086912-1001 -> {A5DC46DB-43C0-48A1-BA07-EDEE8B679B46} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites02_14_19_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0F0DtDtBtCyCzy0C0E0A0FzyzytN0D0Tzu0SzzyCtCtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtAyDyD0D0DtDtCtGtDyDyC0DtG0E0B0DyCtGzztDyCzztGyB0CtBtAyEyByCyBtAzyzz0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0A0A0A0F0F0FzytGyCtByEyBtGzyzz0BtDtG0FyCtA0AtGtBzyyD0EtA0D0AyBtByB0CtA2Q&cr=2103000973&ir=
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - D:\Programme\Bitdefender\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-25] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - D:\Programme\Bitdefender\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-25] (Bitdefender)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - D:\Programme\Terratec\ThcDeskBand.dll [2008-11-04] (TerraTec Electronic GmbH)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{3235826C-A0DD-46D3-A52D-D8BA95E04AAC}: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe omiga-plus
FireFox:
========
FF ProfilePath: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ps88bncs.default-1434982572870
FF Homepage: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-07-05] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-07-05] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Extension: WEB.DE MailCheck - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ps88bncs.default-1434982572870\Extensions\toolbar@web.de [2015-06-22]
FF Extension: Adblock Plus - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ps88bncs.default-1434982572870\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-22]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - D:\Programme\Bitdefender\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - D:\Programme\Bitdefender\Bitdefender\Bitdefender 2015\bdtbext [2014-10-28]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - D:\Programme\Bitdefender\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - D:\Programme\Bitdefender\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-10-28]
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\tyoivdgn.default\extensions\fftoolbar2014@etech.com
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - D:\Programme\Bitdefender\Bitdefender\Bitdefender 2015\bdtbext
StartMenuInternet: FIREFOX.EXE - D:\Programme\Firefox\firefox.exe
Chrome:
=======
CHR Profile: C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-01]
CHR Extension: (Google Drive) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-01]
CHR Extension: (YouTube) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-01]
CHR Extension: (Adblock Plus) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-01]
CHR Extension: (Google Search) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-01]
CHR Extension: (Save to Google Drive) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-05-01]
CHR Extension: (Tabs to the front!) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjaooagfdhdhmbfchnkhggjmacjlacla [2014-05-01]
CHR Extension: (WEB.DE MailCheck) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2014-05-02]
CHR Extension: (Downloads) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngbcgifdaopbfflfhbcfeomijfbbcadi [2014-05-04]
CHR Extension: (Google Wallet) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-01]
CHR Extension: (Gmail) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-01]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BdDesktopParental; D:\Programme\Bitdefender\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2015-01-25] (Bitdefender)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-14] (NVIDIA Corporation)
R2 OODefragAgent; D:\Programme\OO Software\Defrag\oodag.exe [3060040 2010-08-31] (O&O Software GmbH)
S4 SafeBox; D:\Programme\Bitdefender\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 ss_conn_service; D:\Programme\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 UPDATESRV; D:\Programme\Bitdefender\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-11-24] (Bitdefender)
R2 VSSERV; D:\Programme\Bitdefender\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-04-06] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [370528 2013-02-14] (AfaTech )
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2014-10-10] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2014-10-10] (LG Electronics Inc.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-02-25] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [262544 2015-02-25] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-02-25] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2015-02-25] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2015-02-25] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2015-03-31] (Sony Mobile Communications)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160544 2015-04-06] (BitDefender LLC)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-11-14] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-05-20] () [File not signed]
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-11-24] (BitDefender S.R.L.)
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
U1 bdselfpr; \??\D:\Programme\Bitdefender\Bitdefender\Bitdefender 2015\bdselfpr.sys
S3 CrystalSysInfo; \??\D:\Programme\MediaCoder\SysInfoX64.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-08 19:29 - 2015-07-08 19:29 - 00000000 ____D C:\FRST
2015-07-08 18:55 - 2015-07-08 18:55 - 00000056 _____ C:\Windows\setupact.log
2015-07-08 18:55 - 2015-07-08 18:55 - 00000000 _____ C:\Windows\setuperr.log
2015-07-01 21:20 - 2015-07-07 18:17 - 00000153 _____ C:\Users\Frank\Desktop\Motorradsachen.txt
2015-06-27 19:16 - 2015-06-27 19:18 - 00000000 ____D C:\ProgramData\EasyMP3Downloader
2015-06-27 19:16 - 2015-06-27 19:16 - 00000000 ____D C:\Users\Frank\AppData\Roaming\EasyMP3Downloader
2015-06-27 16:01 - 2015-06-27 16:01 - 00000000 ____D C:\Users\Frank\Downloads\Anleitung_mit_Bildern
2015-06-27 15:51 - 2015-06-27 15:51 - 01018166 _____ C:\Users\Frank\Downloads\meta.txt
2015-06-22 18:30 - 2015-06-22 18:30 - 02870984 _____ (ESET) C:\Users\Frank\Downloads\esetsmartinstaller_deu.exe
2015-06-22 18:30 - 2015-06-22 18:30 - 00000000 ____D C:\Program Files (x86)\ESET
2015-06-22 16:30 - 2015-06-22 16:30 - 00390776 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\TrufosAlt.sys
2015-06-22 16:29 - 2015-06-22 16:30 - 18638048 _____ (Bitdefender LLC) C:\Users\Frank\Downloads\BitdefenderRemovalPoweliks_v3.exe
2015-06-22 16:16 - 2015-06-22 16:16 - 00000000 ____D C:\Users\Frank\Desktop\Alte Firefox-Daten
2015-06-17 21:19 - 2015-06-17 21:19 - 00013407 _____ C:\Users\Frank\Desktop\Motorradkleidung.odt
2015-06-13 14:52 - 2015-06-13 14:52 - 00012538 _____ C:\Users\Frank\Desktop\Anschreiben Vermieter.odt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-08 19:21 - 2015-04-07 15:41 - 00373355 _____ C:\Windows\WindowsUpdate.log
2015-07-08 19:13 - 2014-02-24 20:11 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-08 19:02 - 2009-07-14 06:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-08 19:02 - 2009-07-14 06:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-08 19:00 - 2014-02-24 20:11 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-08 18:59 - 2009-07-14 19:58 - 00696620 _____ C:\Windows\system32\perfh007.dat
2015-07-08 18:59 - 2009-07-14 19:58 - 00147916 _____ C:\Windows\system32\perfc007.dat
2015-07-08 18:59 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-08 18:55 - 2013-11-20 16:12 - 00836109 _____ C:\Windows\system32\oodbs.lor
2015-07-08 18:55 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-07 17:53 - 2014-03-19 10:18 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-05 20:45 - 2014-10-16 18:47 - 00000000 ____D C:\Users\Frank\AppData\Local\Adobe
2015-07-05 20:45 - 2014-03-19 10:18 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-05 20:45 - 2013-03-08 14:17 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-05 20:45 - 2013-03-08 14:17 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-01 21:09 - 2015-05-31 12:57 - 00001009 _____ C:\Users\Frank\Desktop\Media Player Classic - HC.lnk
2015-07-01 21:09 - 2013-03-09 14:36 - 00000866 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-01 18:08 - 2013-03-08 17:06 - 00001313 _____ C:\Users\Frank\AppData\Roaming\burnaware.ini
2015-07-01 18:03 - 2013-03-08 17:03 - 00000695 _____ C:\Users\Public\Desktop\BurnAware Free.lnk
2015-07-01 18:03 - 2013-03-08 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free
2015-06-23 18:10 - 2013-12-28 22:22 - 00037151 _____ C:\Windows\Q-Dir.ini
2015-06-22 19:38 - 2013-06-01 13:12 - 00000000 ____D C:\ProgramData\SearchNewTab
2015-06-19 18:12 - 2013-03-09 14:36 - 00000000 ____D C:\Program Files\CCleaner
2015-06-18 17:15 - 2013-08-09 12:26 - 00000000 ____D C:\Users\Karola\Downloads\Bitdefender Safepay
2015-06-10 18:04 - 2015-03-31 16:59 - 00000000 ____D C:\Users\Frank\AppData\Local\CrashDumps
==================== Files in the root of some directories =======
2015-01-25 18:12 - 2015-02-10 19:39 - 0000365 _____ () C:\Users\Frank\AppData\Roaming\ACQUPTNI
2013-03-08 17:06 - 2015-07-01 18:08 - 0001313 _____ () C:\Users\Frank\AppData\Roaming\burnaware.ini
2015-01-25 18:12 - 2015-02-10 19:44 - 0001171 _____ () C:\Users\Frank\AppData\Roaming\VXXIJS
2015-02-10 18:53 - 2015-02-10 18:53 - 0354952 _____ (AnySend.com) C:\Users\Frank\AppData\Local\nsc3BA7.tmp
2014-10-28 17:41 - 2014-10-28 17:41 - 0977390 _____ () C:\ProgramData\1414509160.bdinstall.bin
2014-11-27 11:00 - 2014-11-27 11:00 - 0447520 _____ () C:\ProgramData\1417078353.bdinstall.bin
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-26 18:12
==================== End of log ============================
Addition.txtFRST Additions Logfile: [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by Frank at 2015-07-08 19:29:57
Running from D:\Weihachtslieder
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1882155644-948210159-577086912-500 - Administrator - Enabled) => C:\Users\Administrator
Frank (S-1-5-21-1882155644-948210159-577086912-1001 - Administrator - Enabled) => C:\Users\Frank
Gast (S-1-5-21-1882155644-948210159-577086912-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1882155644-948210159-577086912-1002 - Limited - Enabled)
Karola (S-1-5-21-1882155644-948210159-577086912-1003 - Limited - Enabled) => C:\Users\Karola
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Advanced Renamer (HKLM-x32\...\Advanced Renamer_is1) (Version: 3.54 - Hulubulu Software)
AllDup 3.4.24 (HKLM-x32\...\AllDup_is1) (Version: 3.4.24 - Michael Thummerer Software Design)
Ant Renamer (HKLM-x32\...\Ant Renamer 2_is1) (Version: 2.10.0 - Ant Software)
Assassin's Creed III (HKLM-x32\...\Assassin's Creed III_is1) (Version: - )
Audio 180% (HKLM-x32\...\Audio 180%) (Version: - Franzis Verlag Gmbh)
Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 18.17.0.1227 - Bitdefender)
BurnAware Free 8.2 (HKLM-x32\...\BurnAware Free_is1) (Version: - Burnaware)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Cinergy T Stick Driver Installation (64 Bit) (HKLM-x32\...\{1F64A9D9-1014-4703-9AB3-D40186EC1FD9}) (Version: 8.08.18.01 - TERRATEC Electronic GmbH)
ClipGrab 3.4.11 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - Philipp Schmieder Medien)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version: - )
Freemake Video Converter Version 4.1.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.2 - Ellora Assets Corporation)
furnplan GWINNER (HKLM-x32\...\furnplan GWINNER) (Version: 2014.3.0 - D+H Software GmbH)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.23.20150119 - LG Electronics)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.13.2.0 - LG Electronics)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
MP3-DJ 11.7.0 (HKLM-x32\...\MP3-DJ_is1) (Version: - Torsten Hoffmann)
Mp3tag v2.55 (HKLM-x32\...\Mp3tag) (Version: v2.55 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.82 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.82 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.7.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.7.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.9 - NVIDIA Corporation)
O&O Defrag Professional (HKLM\...\{DF54E1D5-B4A3-4F94-B018-75529AB97682}) (Version: 14.0.167 - O&O Software GmbH)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Q-Dir (HKLM-x32\...\Q-Dir) (Version: - )
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.49 - Piriform)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 1.6.53 - NVIDIA Corporation) Hidden
StreamTransport version: 1.1.1.1 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version: - )
TERRATEC CINERGY T USB XE (64 Bit) (HKLM-x32\...\{D1B0534F-A031-4325-809A-CE8D54081561}) (Version: 6.11.23.01 - TERRATEC)
TERRATEC CINERGY T USB XE MKII (64 Bit) (HKLM-x32\...\{15B644D2-BB50-45AE-95E6-7717B15181E7}) (Version: 6.09.28.05 - TERRATEC)
TerraTec Home Cinema (HKLM-x32\...\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}) (Version: 5.118.0 - )
TimeComX Basic (64-Bit) (HKLM-x32\...\TimeComX Basic 64-Bit) (Version: 1.3.2.7 - Bitdreamers)
VLC media player 2.1.0-pre1 (HKLM\...\VLC media player) (Version: 2.1.0-pre1 - VideoLAN)
Windows-Treiberpaket - TERRATEC (AF05BDA) Media (05/07/2009 6.11.23.1) (HKLM\...\B2859FF1982D9A64F88CE2910EBF2F978172ED5A) (Version: 05/07/2009 6.11.23.1 - TERRATEC )
Windows-Treiberpaket - TERRATEC (AF15BDA) Media (09/17/2009 6.9.28.5) (HKLM\...\430A686A491BA2CF5123106A821772D4CFD2F3DE) (Version: 09/17/2009 6.9.28.5 - TERRATEC )
Windows-Treiberpaket - TerraTec (AF9035BDA) Media (05/18/2009 8.08.18.01) (HKLM\...\097FFCDCC4FD60E5718889F1A1C7F15458FD6845) (Version: 05/18/2009 8.08.18.01 - TerraTec )
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{932AC37A-E3EB-4E54-BF89-D6656BFD43E2}) (Version: 21.01.8499 - Buhl Data Service GmbH)
X Codec Pack (HKLM\...\X Codec Pack) (Version: 2.7.2 - X Codec Pack team)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
13-06-2015 16:09:42 Geplanter Prüfpunkt
27-06-2015 10:30:36 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2011-10-14 16:53 - 2015-01-04 16:16 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 secure.tune-up.com
0.0.0.0 stats.hamrick.com static.hamrick.com VueScan Scanner Software for Windows, Mac OS X and Linux
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0E0C0BA4-C091-4633-86F6-231E155D1C3E} - System32\Tasks\zufap3002 => C:\PROGRA~3\TabNav\zufap3002.exe
Task: {16F82F1B-1CF0-43BC-9463-43664BE6D7AF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-24] (Google Inc.)
Task: {3A353E24-2699-4669-829F-EE87832638DA} - System32\Tasks\{D866192E-6495-44B7-9154-81B18460775D} => pcalua.exe -a C:\Users\Frank\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=obw <==== ATTENTION
Task: {49A94A2D-A401-4C20-B8F6-B43BB3374F88} - System32\Tasks\{2B233675-7C35-4AE9-8042-8ABBD955FFB3} => pcalua.exe -a "G:\Programme\Datenrettung O_O_MediaRecovery_v4\O_O_MediaRecovery_v4\Portable O&O MediaRecovery v4\Portable O&O MediaRecovery.exe" -d "G:\Programme\Datenrettung O_O_MediaRecovery_v4\O_O_MediaRecovery_v4\Portable O&O MediaRecovery v4"
Task: {6BE7BD76-C01F-4DC4-AF1A-A3FC61413574} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader Updater\YourFileUpdater.exe <==== ATTENTION
Task: {6CA359E0-48DE-46DA-A682-4265531DECBC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {946B5285-E903-4409-A852-F6FD54CA45C4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-24] (Google Inc.)
Task: {E7C0F727-5B8A-45A2-881A-710BB355CA50} - System32\Tasks\{6FA060D8-1FE6-416F-8D37-7F3372A575C9} => pcalua.exe -a D:\Weihachtslieder\B2CAppSetup.exe -d D:\Weihachtslieder
Task: {F8407572-F64E-4EF0-95C1-3DD6D89269BA} - System32\Tasks\{B7DA32C6-8198-49AF-9E44-07791CFF5D84} => pcalua.exe -a C:\Users\Frank\Downloads\SAMSUNG_Android_USB_Composite_Device_Driver_5.28.2.1\20432031_3a09fd011e0662e5bb9e781445a5c11e5f436ac6\Setup.exe -d C:\Users\Frank\Downloads\SAMSUNG_Android_USB_Composite_Device_Driver_5.28.2.1\20432031_3a09fd011e0662e5bb9e781445a5c11e5f436ac6
Task: {F8CE2732-FB55-47D4-97A4-5DE5C21E5C46} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-05] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2014-10-28 17:39 - 2014-08-27 17:31 - 00265080 _____ () D:\Programme\Bitdefender\Bitdefender\Bitdefender 2015\txmlutil.dll
2014-10-28 17:39 - 2013-09-03 15:29 - 00101328 _____ () D:\Programme\Bitdefender\Bitdefender\Bitdefender 2015\bdmetrics.dll
2014-10-28 17:39 - 2014-10-15 13:08 - 00003072 _____ () D:\Programme\Bitdefender\Bitdefender\Bitdefender 2015\UI\accessl.ui
2014-10-28 17:39 - 2012-10-29 15:22 - 00152816 _____ () D:\Programme\Bitdefender\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-05-06 15:13 - 2015-05-06 15:13 - 00790368 _____ () D:\Programme\Bitdefender\Bitdefender\Bitdefender 2015\otengines_00350_005\ashttpbr.mdl
2015-05-06 15:13 - 2015-05-06 15:13 - 00711064 _____ () D:\Programme\Bitdefender\Bitdefender\Bitdefender 2015\otengines_00350_005\ashttpdsp.mdl
2015-05-06 15:13 - 2015-05-06 15:13 - 02683520 _____ () D:\Programme\Bitdefender\Bitdefender\Bitdefender 2015\otengines_00350_005\ashttpph.mdl
2015-05-06 15:13 - 2015-05-06 15:13 - 01326504 _____ () D:\Programme\Bitdefender\Bitdefender\Bitdefender 2015\otengines_00350_005\ashttprbl.mdl
2014-01-27 20:41 - 2011-04-11 07:26 - 00034304 _____ () C:\Windows\System32\spe__l.dll
2015-05-04 21:25 - 2015-05-04 21:25 - 00055576 _____ () C:\Program Files\CCleaner\branding.dll
2015-05-08 20:50 - 2015-05-08 20:50 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows\nvcuvid.dll:BDU
AlternateDataStreams: C:\Users\Frank\Downloads\ChromeSetup.exe:BDU
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1882155644-948210159-577086912-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: SafeBox => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: V-bates Updater => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO.lnk => C:\Windows\pss\PHOTOfunSTUDIO.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Frank^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: APSDaemon =>
MSCONFIG\startupreg: Bitdefender-Geldbörse-Agent => "D:\Programme\Bitdefender\Bitdefender\Bitdefender 2015\bdwtxag.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Everything => "D:\Programme\Dateisuche\Everything\Everything.exe" -startup
MSCONFIG\startupreg: IminentMessenger =>
MSCONFIG\startupreg: NextLive => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Frank\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/08/2015 07:00:27 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (07/02/2015 04:59:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (06/27/2015 10:33:02 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (06/26/2015 06:13:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (06/26/2015 06:13:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (06/25/2015 05:18:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (06/24/2015 03:41:51 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (06/24/2015 03:41:51 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (06/24/2015 03:41:51 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (06/24/2015 03:41:51 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
System errors:
=============
Error: (07/08/2015 07:00:18 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.
Error: (07/07/2015 04:12:47 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (07/07/2015 04:12:46 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (07/07/2015 04:12:45 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (07/07/2015 04:12:45 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (07/07/2015 04:12:43 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.
Error: (07/06/2015 04:15:17 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.
Error: (07/06/2015 03:57:29 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.
Error: (07/05/2015 08:43:22 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.
Error: (07/02/2015 09:56:42 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.
Microsoft Office:
=========================
Error: (07/08/2015 07:00:27 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestD:\Programme\LG PC Suite\LGPCSuite.exe
Error: (07/02/2015 04:59:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestD:\Programme\LG PC Suite\LGPCSuite.exe
Error: (06/27/2015 10:33:02 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Frank\Downloads\esetsmartinstaller_deu.exe
Error: (06/26/2015 06:13:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestd:\programme\lg pc suite\LGPCSuite.exe
Error: (06/26/2015 06:13:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (06/25/2015 05:18:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Frank\Downloads\esetsmartinstaller_deu.exe
Error: (06/24/2015 03:41:51 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (06/24/2015 03:41:51 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (06/24/2015 03:41:51 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (06/24/2015 03:41:51 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
CodeIntegrity Errors:
===================================
Date: 2013-03-09 13:24:33.234
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Programme\Bitdefender\Bitdefender 2013\active virus control\avc3_000_001\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-09 13:01:55.501
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Programme\Bitdefender\Bitdefender 2013\active virus control\avc3_000_001\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz
Percentage of memory in use: 44%
Total physical RAM: 4094.49 MB
Available physical RAM: 2263.51 MB
Total Virtual: 8187.16 MB
Available Virtual: 5967.11 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:127.99 GB) (Free:95.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:239.89 GB) (Free:174.2 GB) NTFS
Drive f: () (Fixed) (Total:97.88 GB) (Free:19.9 GB) NTFS
Drive g: (TOSHIBA EXT) (Fixed) (Total:931.41 GB) (Free:673.48 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=128 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=239.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 1A44C7A2)
Partition 1: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
==================== End of log ============================
--- --- --- |
|
09.07.2015, 08:33
| #4 |
| /// the machine /// TB-Ausbilder | Google :We're sorry... ... but your computer or network may be sending automated... Gibts auf dem Rechner auch legal erworbene Software? Alle Cracks und Keygens löschen, alles an gecrackter Software entfernen, vorher gibt es keinen Support.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Google :We're sorry... ... but your computer or network may be sending automated... |
| antivirus, appdata, bitdefender, ccsetup, computer, datenrettung, defender, deutsch, downloader, dvd, escan, festplatte, google, google :we're sorry..., handy, log, programme, registry, roaming, sicherheit, spiele, system, system32, treiber, trojaner, usb, win32/downloadguide.i, windows |
Linear-Darstellung
