FRST.txt
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Bernd (administrator) on FELICIA-PC on 25-01-2015 17:23:01
Running from C:\Users\Bernd\Downloads
Loaded Profiles: Bernd (Available profiles: Bernd)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-06] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-09-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG&q={searchTerms}
HKU\S-1-5-21-3946000646-2341062197-2464890976-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3946000646-2341062197-2464890976-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-3946000646-2341062197-2464890976-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3946000646-2341062197-2464890976-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3946000646-2341062197-2464890976-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-23]
Chrome:
=======
CHR HomePage: Default -> hxxp://isearch.omiga-plus.com/?type=hp&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG
CHR StartupUrls: Default -> "https://www.google.de/?gws_rd=ssl"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-16]
CHR Extension: (Google Drive) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-16]
CHR Extension: (Adblock Plus) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-07-23]
CHR Extension: (Google-Suche) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-16]
CHR Extension: (AdBlock) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-23]
CHR Extension: (Google Wallet) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16]
CHR Extension: (Google Mail) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-16]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-23] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Verifies and fixes application compatibility issues; C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [91304 2015-01-12] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-23] ()
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-07-17] (NetFilterSDK.com)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-25 17:23 - 2015-01-25 17:24 - 00013137 _____ () C:\Users\Bernd\Downloads\FRST.txt
2015-01-25 17:22 - 2015-01-25 17:23 - 00000000 ____D () C:\FRST
2015-01-25 17:21 - 2015-01-25 17:22 - 02129920 _____ (Farbar) C:\Users\Bernd\Downloads\FRST64.exe
2015-01-25 16:37 - 2015-01-25 16:37 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-25 16:37 - 2015-01-25 16:37 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-25 16:37 - 2015-01-25 16:37 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-25 16:37 - 2015-01-25 16:37 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-25 15:39 - 2015-01-25 15:39 - 00007605 _____ () C:\Users\Bernd\AppData\Local\Resmon.ResmonCfg
2015-01-17 11:40 - 2015-01-25 17:23 - 00000112 _____ () C:\ProgramData\03Tk3L47I.dat
2015-01-17 11:39 - 2015-01-17 11:39 - 00000000 ____D () C:\Users\Bernd\AppData\Roaming\Macromedia
2015-01-17 11:38 - 2015-01-17 11:38 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-17 11:36 - 2015-01-25 16:35 - 00000000 ____D () C:\Users\Bernd\AppData\Roaming\Compatibility Verifier
2015-01-17 11:34 - 2015-01-17 11:34 - 00277280 _____ () C:\Windows\Minidump\011715-21637-01.dmp
2015-01-14 22:05 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 22:05 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 22:05 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 22:05 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 22:05 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 22:05 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 22:05 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 22:05 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 22:05 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 22:05 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 22:05 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 22:05 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 22:05 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-25 17:20 - 2013-09-16 15:43 - 02049390 _____ () C:\Windows\WindowsUpdate.log
2015-01-25 17:15 - 2013-09-16 16:23 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 17:11 - 2014-08-06 12:29 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive
2015-01-25 16:42 - 2013-09-16 16:23 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-25 16:30 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-25 16:30 - 2009-07-14 05:51 - 00062645 _____ () C:\Windows\setupact.log
2015-01-25 16:05 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-25 16:05 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 15:06 - 2014-07-23 23:49 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-24 22:06 - 2013-09-16 15:51 - 00000000 ____D () C:\Users\Bernd\AppData\Roaming\Skype
2015-01-21 08:50 - 2014-08-11 14:56 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-21 08:50 - 2014-08-11 14:56 - 00000000 ____D () C:\ProgramData\Skype
2015-01-18 20:14 - 2014-07-20 15:48 - 00000000 ____D () C:\Program Files (x86)\SupTab
2015-01-17 20:20 - 2014-07-24 00:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-17 20:16 - 2014-07-24 00:29 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-17 11:34 - 2014-03-15 19:09 - 301486723 _____ () C:\Windows\MEMORY.DMP
2015-01-17 11:34 - 2014-03-15 19:09 - 00000000 ____D () C:\Windows\Minidump
2015-01-17 10:27 - 2013-09-16 16:26 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
==================== Files in the root of some directories =======
2013-10-13 21:05 - 2013-10-13 21:05 - 0000000 _____ () C:\Program Files (x86)\GUT79B8.tmp
2015-01-25 15:39 - 2015-01-25 15:39 - 0007605 _____ () C:\Users\Bernd\AppData\Local\Resmon.ResmonCfg
2015-01-17 11:40 - 2015-01-25 17:23 - 0000112 _____ () C:\ProgramData\03Tk3L47I.dat
Files to move or delete:
====================
C:\ProgramData\03Tk3L47I.dat
Some content of TEMP:
====================
C:\Users\Bernd\AppData\Local\Temp\adks_omiga-plus_20140702.exe
C:\Users\Bernd\AppData\Local\Temp\aff_setup.exe
C:\Users\Bernd\AppData\Local\Temp\AllDaySavings.exe
C:\Users\Bernd\AppData\Local\Temp\CloudBackup2505.exe
C:\Users\Bernd\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Bernd\AppData\Local\Temp\nsd17CD.tmp.exe
C:\Users\Bernd\AppData\Local\Temp\SIntf16.dll
C:\Users\Bernd\AppData\Local\Temp\SIntf32.dll
C:\Users\Bernd\AppData\Local\Temp\SIntfNT.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite16501.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite18062.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite25821.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite26877.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite30305.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite36222.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite41780.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite43377.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite50806.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite55733.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite56959.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite57938.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite60446.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite65698.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite73258.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite77068.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite86928.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite92388.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite93638.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite97032.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-06 09:41
==================== End Of Log ============================
--- --- ---
--- --- ---
Addition.txt Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Bernd at 2015-01-25 17:25:30
Running from C:\Users\Bernd\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {A66AA0E7-B395-4E8F-936F-42238A71F017} - System32\Tasks\{660D6396-5992-41E7-8729-F139103390C9} => pcalua.exe -a C:\Users\Bernd\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=adks <==== ATTENTION
Task: {DC121FFA-146A-4588-A53E-A7C6E49CF4B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-16] (Google Inc.)
Task: {EB861441-A44B-4CE9-AD66-DBC2B7E29A5B} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {F14DAB3D-15D4-46DB-B4FE-C31AF61A8B47} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-23] (AVAST Software)
Task: {F20774B4-AFE8-4D6D-BA25-3764A074CD27} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-16] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2015-01-17 11:36 - 2015-01-12 13:55 - 00091304 _____ () C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
2015-01-17 11:36 - 2015-01-13 23:12 - 51548328 _____ () C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
2014-07-23 23:49 - 2014-07-23 23:49 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-01-25 15:06 - 2015-01-25 15:06 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012500\algo.dll
2014-07-23 23:49 - 2014-07-23 23:49 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-17 11:36 - 2015-01-07 22:22 - 01360552 _____ () C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\libglesv2.dll
2015-01-17 11:36 - 2015-01-07 22:22 - 00214184 _____ () C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\libegl.dll
2015-01-17 11:36 - 2015-01-07 22:22 - 00985768 _____ () C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll
2015-01-17 10:27 - 2015-01-09 01:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-17 10:27 - 2015-01-09 01:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-17 10:27 - 2015-01-09 01:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-17 10:27 - 2015-01-09 01:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
2015-01-17 11:36 - 2015-01-07 22:22 - 16827048 _____ () C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-3946000646-2341062197-2464890976-500 - Administrator - Disabled)
Bernd (S-1-5-21-3946000646-2341062197-2464890976-1000 - Administrator - Enabled) => C:\Users\Bernd
Gast (S-1-5-21-3946000646-2341062197-2464890976-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3946000646-2341062197-2464890976-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/21/2015 11:12:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54b5ebf9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x1a416250
ID des fehlerhaften Prozesses: 0xde0
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3
Error: (01/18/2015 08:02:41 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: NT-AUTORITÄT)
Description: Die Anwendung oder der Dienst "Compatibility Verify" konnte nicht heruntergefahren werden.
Error: (12/06/2014 09:51:00 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: Der geplante Wiederherstellungspunkt konnte nicht erstellt werden. Zusätzliche Informationen: (0x80042308).
Error: (12/06/2014 09:51:00 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80042308).
Error: (11/10/2014 11:46:56 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: Der geplante Wiederherstellungspunkt konnte nicht erstellt werden. Zusätzliche Informationen: (0x80042308).
Error: (11/10/2014 11:46:56 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80042308).
Error: (11/06/2014 11:48:46 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: Der geplante Wiederherstellungspunkt konnte nicht erstellt werden. Zusätzliche Informationen: (0x80042308).
Error: (11/06/2014 11:48:46 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80042308).
Error: (11/05/2014 05:29:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Simpsons.exe, Version: 1.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: Simpsons.exe, Version: 1.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000dca27
ID des fehlerhaften Prozesses: 0x130c
Startzeit der fehlerhaften Anwendung: 0xSimpsons.exe0
Pfad der fehlerhaften Anwendung: Simpsons.exe1
Pfad des fehlerhaften Moduls: Simpsons.exe2
Berichtskennung: Simpsons.exe3
Error: (10/16/2014 09:33:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Simpsons.exe, Version: 1.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: Simpsons.exe, Version: 1.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00049530
ID des fehlerhaften Prozesses: 0x8b4
Startzeit der fehlerhaften Anwendung: 0xSimpsons.exe0
Pfad der fehlerhaften Anwendung: Simpsons.exe1
Pfad des fehlerhaften Moduls: Simpsons.exe2
Berichtskennung: Simpsons.exe3
System errors:
=============
Error: (01/25/2015 05:13:21 PM) (Source: volsnap) (EventID: 14) (User: )
Description: Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers auf Volume "C:" abgebrochen.
Error: (01/25/2015 05:12:58 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (01/25/2015 05:12:58 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (01/25/2015 05:12:58 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (01/25/2015 05:12:58 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (01/25/2015 05:12:58 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (01/25/2015 05:12:58 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (01/25/2015 05:12:58 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (01/25/2015 05:12:58 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (01/25/2015 05:12:58 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Microsoft Office Sessions:
=========================
Error: (01/21/2015 11:12:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054b5ebf9unknown0.0.0.000000000c00000051a416250de001d035621ce2f143C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeunknownf05368ec-a155-11e4-8c34-705ab63a23c1
Error: (01/18/2015 08:02:41 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: NT-AUTORITÄT)
Description: 1C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exeCompatibility Verify0302621611780143003A005C00550073006500720073005C004200650072006E0064005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C0043006F006D007000610074006900620069006C006900740079002000560065007200690066006900650072005C0063006F006D007000610074006900620069006C0069007400790063006800650063006B007300760063002E006500780065000000
Error: (12/06/2014 09:51:00 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: 0x80042308
Error: (12/06/2014 09:51:00 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x80042308
Error: (11/10/2014 11:46:56 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: 0x80042308
Error: (11/10/2014 11:46:56 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x80042308
Error: (11/06/2014 11:48:46 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: 0x80042308
Error: (11/06/2014 11:48:46 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x80042308
Error: (11/05/2014 05:29:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Simpsons.exe1.0.0.000000000Simpsons.exe1.0.0.000000000c0000005000dca27130c01cff9159754034eC:\Program Files (x86)\Vivendi Universal Games\The Simpsons Hit & Run\Simpsons.exeC:\Program Files (x86)\Vivendi Universal Games\The Simpsons Hit & Run\Simpsons.exef6a23175-6508-11e4-b338-705ab63a23c1
Error: (10/16/2014 09:33:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Simpsons.exe1.0.0.000000000Simpsons.exe1.0.0.000000000c0000005000495308b401cfe885e44965cdC:\Program Files (x86)\Vivendi Universal Games\The Simpsons Hit & Run\Simpsons.exeC:\Program Files (x86)\Vivendi Universal Games\The Simpsons Hit & Run\Simpsons.exe100951f0-550f-11e4-aced-705ab63a23c1
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 61%
Total physical RAM: 4025.98 MB
Available physical RAM: 1534.93 MB
Total Pagefile: 8050.14 MB
Available Pagefile: 5338.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:453.66 GB) (Free:382.76 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8B7198DE)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
FRST 32-Bit | FRST 64-Bit
TDSSKiller.exe und speichere diese Datei auf dem Desktop