| Demonhunter1 | 16.01.2015 20:01 |
Wurde ja eine richtige Sammlung gefunden :crazy:
So dann kommen hier die Log`s:
AdwCleaner Logfile: Code:
# AdwCleaner v4.107 - Bericht erstellt am 16/01/2015 um 17:52:47
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-13.2 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Tom - TOM-PC
# Gestartet von : C:\Users\Tom\Desktop\AdwCleaner_4.107.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : StumbleUponUpdater
Dienst Gelöscht : cyycfhtzro64
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Program Files\005
Ordner Gelöscht : C:\Users\Tom\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Tom\AppData\Local\Rocket
Ordner Gelöscht : C:\Users\Tom\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Tom\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\Tom\AppData\LocalLow\StumbleUpon
Ordner Gelöscht : C:\Users\Tom\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\Tom\AppData\Roaming\RocketUpdater
Ordner Gelöscht : C:\Users\Tom\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Tom\AppData\Roaming\SuperEasy Software
Ordner Gelöscht : C:\Users\Tom\AppData\Roaming\Compatibility Verifier
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\0ibyfp88.default\searchplugins\WSE Rocket.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\omiga-plus.xml
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\StumbleUpon.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\StumbleUpon.QTimeCpio
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\StumbleUpon.QTimeCpio.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StumbleUpon
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\StumbleUpon
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v34.0.5 (x86 de)
*************************
AdwCleaner[R0].txt - [2727 octets] - [16/01/2015 17:49:19]
AdwCleaner[S0].txt - [2543 octets] - [16/01/2015 17:52:47]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2603 octets] ##########
--- --- ---
[/CODE]
Als nächstes Malwarebytes, das mit "In Zwischenablage kopieren" konnte ich nicht auswählen, habe "Exportieren" und dann als "txt" gewählt. Hoffe das ist ok: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 16.01.2015
Suchlauf-Zeit: 18:07:31
Logdatei: suchlaufprotokoll.txt
Administrator: Ja
Version: 2.00.4.1028
Malware Datenbank: v2015.01.16.09
Rootkit Datenbank: v2015.01.14.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Tom
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 328604
Verstrichene Zeit: 1 Std, 16 Min, 36 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 9
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 3140, Löschen bei Neustart, [232e48af0089a19585a80070b64dc33d]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 3604, Löschen bei Neustart, [232e48af0089a19585a80070b64dc33d]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 4092, Löschen bei Neustart, [232e48af0089a19585a80070b64dc33d]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 2280, Löschen bei Neustart, [232e48af0089a19585a80070b64dc33d]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 4544, Löschen bei Neustart, [232e48af0089a19585a80070b64dc33d]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 4948, Löschen bei Neustart, [232e48af0089a19585a80070b64dc33d]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 876, Löschen bei Neustart, [232e48af0089a19585a80070b64dc33d]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 3204, Löschen bei Neustart, [232e48af0089a19585a80070b64dc33d]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, 1960, Löschen bei Neustart, [232e48af0089a19585a80070b64dc33d]
Module: 10
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, Löschen bei Neustart, [232e48af0089a19585a80070b64dc33d],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, Löschen bei Neustart, [232e48af0089a19585a80070b64dc33d],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, Löschen bei Neustart, [232e48af0089a19585a80070b64dc33d],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, Löschen bei Neustart, [232e48af0089a19585a80070b64dc33d],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll, Löschen bei Neustart, [232e48af0089a19585a80070b64dc33d],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll, Löschen bei Neustart, [232e48af0089a19585a80070b64dc33d],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, Löschen bei Neustart, [232e48af0089a19585a80070b64dc33d],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, Löschen bei Neustart, [232e48af0089a19585a80070b64dc33d],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, Löschen bei Neustart, [232e48af0089a19585a80070b64dc33d],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, Löschen bei Neustart, [232e48af0089a19585a80070b64dc33d],
Registrierungsschlüssel: 1
PUP.Optional.CompatibilityVerifier.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Verifies and fixes application compatibility issues, In Quarantäne, [232e48af0089a19585a80070b64dc33d],
Registrierungswerte: 0
(Keine schädliche Elemente erkannt)
Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)
Ordner: 2
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier, Löschen bei Neustart, [232e48af0089a19585a80070b64dc33d],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\locales, In Quarantäne, [232e48af0089a19585a80070b64dc33d],
Dateien: 13
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef.pak, Löschen bei Neustart, [232e48af0089a19585a80070b64dc33d],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak, Löschen bei Neustart, [232e48af0089a19585a80070b64dc33d],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_200_percent.pak, In Quarantäne, [232e48af0089a19585a80070b64dc33d],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, Löschen bei Neustart, [232e48af0089a19585a80070b64dc33d],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, Löschen bei Neustart, [232e48af0089a19585a80070b64dc33d],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, Löschen bei Neustart, [232e48af0089a19585a80070b64dc33d],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\debug.log, Löschen bei Neustart, [232e48af0089a19585a80070b64dc33d],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, Löschen bei Neustart, [232e48af0089a19585a80070b64dc33d],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\icudtl.dat, Löschen bei Neustart, [232e48af0089a19585a80070b64dc33d],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll, Löschen bei Neustart, [232e48af0089a19585a80070b64dc33d],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, Löschen bei Neustart, [232e48af0089a19585a80070b64dc33d],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, Löschen bei Neustart, [232e48af0089a19585a80070b64dc33d],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\vcredist_x86.exe, In Quarantäne, [232e48af0089a19585a80070b64dc33d],
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end)
Zum Schluss noch die beiden Protokolle aus FRST:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by Tom (administrator) on TOM-PC on 16-01-2015 19:44:07
Running from C:\Users\Tom\Desktop
Loaded Profiles: Tom (Available profiles: Tom)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\SAgent4.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2763776 2009-10-28] (VIA)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-08] (AVAST Software)
HKU\S-1-5-21-3035064237-845620715-721431671-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3035064237-845620715-721431671-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
HKU\S-1-5-21-3035064237-845620715-721431671-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FireFox:
========
FF ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\0ibyfp88.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-31]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-17]
CHR HKLM-x32\...\Chrome\Extension: [pgifblbjgdjhcelbanblbhkhmbnnmhfg] - C:\Users\Tom\AppData\LocalLow\StumbleUpon\CHROME\StumbleUpon.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-17] (AVAST Software)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-02] (Electronic Arts)
R2 StatusAgent4; C:\Windows\SysWOW64\SAgent4.exe [131072 2006-12-20] (SEIKO EPSON CORPORATION) [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-17] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-17] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-16 19:42 - 2015-01-16 19:42 - 00007100 _____ () C:\Users\Tom\Desktop\suchlaufprotokoll.txt
2015-01-16 18:05 - 2015-01-16 19:28 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 18:04 - 2015-01-16 18:04 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-16 18:04 - 2015-01-16 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-16 18:03 - 2015-01-16 18:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-16 18:03 - 2015-01-16 18:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-16 18:03 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-16 18:03 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-16 18:03 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-16 17:59 - 2015-01-16 18:00 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Tom\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-16 17:56 - 2015-01-16 17:56 - 00002683 _____ () C:\Users\Tom\Desktop\AdwCleaner[S0].txt
2015-01-16 17:49 - 2015-01-16 17:53 - 00000000 ____D () C:\AdwCleaner
2015-01-16 17:43 - 2015-01-16 17:43 - 02191360 _____ () C:\Users\Tom\Desktop\AdwCleaner_4.107.exe
2015-01-16 16:14 - 2015-01-16 16:15 - 00024625 _____ () C:\Users\Tom\Desktop\Addition.txt
2015-01-16 16:11 - 2015-01-16 19:44 - 00008594 _____ () C:\Users\Tom\Desktop\FRST.txt
2015-01-16 16:10 - 2015-01-16 19:44 - 00000000 ____D () C:\FRST
2015-01-16 16:09 - 2015-01-16 16:09 - 02125312 _____ (Farbar) C:\Users\Tom\Desktop\FRST64.exe
2015-01-15 23:01 - 2015-01-16 19:43 - 00000728 _____ () C:\Windows\setupact.log
2015-01-15 23:01 - 2015-01-15 23:01 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-15 22:58 - 2015-01-16 19:26 - 00014900 _____ () C:\Windows\PFRO.log
2015-01-15 22:58 - 2015-01-15 22:58 - 418606005 _____ () C:\Windows\MEMORY.DMP
2015-01-15 22:58 - 2015-01-15 22:58 - 00275128 _____ () C:\Windows\Minidump\011515-18517-01.dmp
2015-01-15 22:58 - 2015-01-15 22:58 - 00000000 ____D () C:\Windows\Minidump
2015-01-15 21:02 - 2015-01-16 18:47 - 00000112 _____ () C:\ProgramData\8658GWHp3.dat
2015-01-15 21:01 - 2015-01-15 21:01 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-15 21:01 - 2015-01-15 21:01 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-15 21:01 - 2015-01-15 21:01 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-15 21:01 - 2015-01-15 21:01 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-14 20:30 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 20:30 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 20:30 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 20:30 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 20:30 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 20:30 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 20:30 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 20:30 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 20:30 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 20:30 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 20:30 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 20:30 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 20:30 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-02 16:06 - 2015-01-06 20:21 - 00000000 ____D () C:\Users\Tom\Documents\FIFA 13
2015-01-02 16:01 - 2015-01-02 16:01 - 00001246 _____ () C:\Users\Public\Desktop\FIFA 13.lnk
2015-01-02 16:01 - 2015-01-02 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 13
2015-01-02 15:38 - 2015-01-02 15:54 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-01-02 15:35 - 2015-01-03 14:51 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Origin
2015-01-02 15:35 - 2015-01-02 15:55 - 00000000 ____D () C:\Users\Tom\AppData\Local\Origin
2015-01-02 15:33 - 2015-01-06 20:21 - 00000000 ____D () C:\ProgramData\Origin
2015-01-02 15:33 - 2015-01-06 16:20 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-01-02 15:33 - 2015-01-02 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-01-02 15:33 - 2015-01-02 15:33 - 00000979 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-12-27 13:24 - 2014-12-27 13:24 - 05317104 _____ (Piriform Ltd) C:\Users\Tom\Downloads\ccsetup501.exe
2014-12-26 11:44 - 2014-12-26 11:44 - 00007602 _____ () C:\Users\Tom\AppData\Local\Resmon.ResmonCfg
2014-12-23 22:14 - 2014-12-23 22:14 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-20 14:57 - 2014-12-20 14:57 - 00000000 ____D () C:\Users\Public\Documents\sun
2014-12-18 07:36 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 07:36 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-16 19:34 - 2009-07-14 05:45 - 00032128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 19:34 - 2009-07-14 05:45 - 00032128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 19:32 - 2013-05-31 14:22 - 01886939 _____ () C:\Windows\WindowsUpdate.log
2015-01-16 19:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-16 19:26 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-16 19:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Globalization
2015-01-16 19:08 - 2013-06-03 17:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-15 22:43 - 2013-11-15 15:57 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-15 22:41 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-15 22:40 - 2014-11-02 11:16 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\DVDVideoSoft
2015-01-15 22:14 - 2013-05-31 14:27 - 00000000 ____D () C:\Users\Tom
2015-01-14 22:56 - 2013-07-11 17:50 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 22:53 - 2013-05-31 17:28 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 21:08 - 2013-06-03 17:29 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 21:08 - 2013-06-03 17:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 21:08 - 2013-06-03 17:29 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 20:39 - 2014-10-26 18:32 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\vlc
2015-01-14 20:38 - 2014-08-31 15:22 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-11 21:49 - 2013-06-01 00:17 - 00699190 _____ () C:\Windows\system32\perfh007.dat
2015-01-11 21:49 - 2013-06-01 00:17 - 00149330 _____ () C:\Windows\system32\perfc007.dat
2015-01-11 21:49 - 2009-07-14 06:13 - 01619700 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-11 21:45 - 2013-05-31 16:53 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-05 16:59 - 2013-11-08 15:56 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\FileZilla
2015-01-02 16:06 - 2014-07-11 16:25 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-12-27 13:25 - 2014-04-27 11:25 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-27 13:25 - 2014-04-27 11:25 - 00000000 ____D () C:\Program Files\CCleaner
Files to move or delete:
====================
C:\ProgramData\8658GWHp3.dat
Some content of TEMP:
====================
C:\Users\Tom\AppData\Local\Temp\Quarantine.exe
C:\Users\Tom\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-04 20:17
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by Tom at 2015-01-16 19:44:58
Running from C:\Users\Tom\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.47.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\Adobe Shockwave Player) (Version: 10.2.0.22 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Contagion (HKLM-x32\...\Steam App 238430) (Version: - Monochrome LLC)
Druckerdeinstallation für EPSON BX320FW Series (HKLM\...\EPSON BX320FW Series) (Version: - SEIKO EPSON Corporation)
EasyCash&Tax 2.9 (HKLM-x32\...\EasyCash&Tax_is1) (Version: - tm)
EPSON BX320FW Series Handbuch (HKLM-x32\...\EPSON BX320FW Series Manual) (Version: - )
EPSON BX320FW Series Netzwerk-Handbuch (HKLM-x32\...\EPSON BX320FW Series Network Guide) (Version: - )
Epson Easy Photo Print 2 (HKLM-x32\...\{310C1558-F6B5-4889-98B0-7471966BA7F2}) (Version: 2.2.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.2 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.2a - SEIKO EPSON CORPORATION)
Eumex RNDIS64 Driver V1.03 (HKLM\...\{293C4FDD-FB80-48F8-8B40-F085392FDAA1}) (Version: 1.03.0000 - Deutsche Telekom)
FIFA 08 (HKLM-x32\...\{0A2A5039-B37F-489D-B1DC-A5258DF9E697}) (Version: 1.0.1.1 - Electronic Arts)
FIFA 13 (HKLM-x32\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.0.0.0 - Electronic Arts)
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Killing Floor - Toy Master (HKLM-x32\...\Steam App 326960) (Version: - David Hensley)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version: - Tripwire Interactive)
KompoZer 0.8b3 (HKLM-x32\...\{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1) (Version: - KompoZer)
Mafia II (HKLM-x32\...\Steam App 50130) (Version: - 2K Czech)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7316 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.10.69 - Electronic Arts, Inc.)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Serif PhotoPlus 6.0 (HKLM-x32\...\Serif PhotoPlus 6.0) (Version: - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Supreme Commander 2 (HKLM-x32\...\Steam App 40100) (Version: - Gas Powered Games)
Teldat Eumex 402 WIN-Tools V1.00 (HKLM-x32\...\InstallShield_{1F2B2C7A-6A8D-499E-88B2-0C1E2AB06963}) (Version: 1.00.0000 - hxxp://www.teldat.de)
Teldat Eumex 402 WIN-Tools V1.00 (x32 Version: 1.00.0000 - hxxp://www.teldat.de) Hidden
Trapped Dead (HKLM-x32\...\Trapped Dead) (Version: - )
UFO:AI 2.4 (HKLM-x32\...\UFO:Alien Invasion) (Version: 2.4 - UFO:AI Team)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows-Treiberpaket - T-Home Net (04/13/2012 6.0.6000.16384) (HKLM\...\C7DD251F4B6025D69B6ACC9FD647E009517A6069) (Version: 04/13/2012 6.0.6000.16384 - T-Home)
Wise Folder Hider 1.53 (HKLM-x32\...\Wise Folder Hider_is1) (Version: 1.53 - WiseCleaner.com, Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
30-12-2014 13:07:13 Geplanter Prüfpunkt
02-01-2015 15:52:47 DirectX wurde installiert
02-01-2015 15:57:50 DirectX wurde installiert
02-01-2015 15:59:34 DirectX wurde installiert
09-01-2015 17:27:29 Geplanter Prüfpunkt
14-01-2015 20:38:05 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
14-01-2015 22:53:22 Windows Update
15-01-2015 20:59:35 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {19662558-0C94-467C-A69B-0788E6E35C5E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {3DEFCD0F-DB2D-4080-8294-B05CBAE2960B} - System32\Tasks\{72FE1E68-2665-43E7-9754-489E07B40E7D} => pcalua.exe -a F:\SETUP.EXE -d F:\
Task: {85143640-B09A-4460-BC35-F702B5B1373E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {AA43FF38-0B42-4567-BEC4-DC1C7D2DD8C3} - System32\Tasks\{5CC4F3A2-548C-4F56-9902-477959FBA095} => pcalua.exe -a "C:\Users\Tom\Desktop\OpenOffice 4.1.1 (de) Installation Files\setup.exe" -d "C:\Users\Tom\Desktop\OpenOffice 4.1.1 (de) Installation Files"
Task: {B7074056-3868-421B-90F2-9017FE2CC13A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-17] (AVAST Software)
Task: {CCC418C5-C0FB-4AC6-9F8D-446780711C37} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2009-08-10 15:01 - 2009-08-10 15:01 - 00626208 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2009-08-10 15:00 - 2009-08-10 15:00 - 00070176 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2009-08-10 15:01 - 2009-08-10 15:01 - 00578592 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2009-08-10 15:01 - 2009-08-10 15:01 - 00206880 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-05-31 19:36 - 2009-05-07 09:51 - 00071680 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-05-31 19:36 - 2009-05-07 09:53 - 00379392 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2013-05-31 19:36 - 2008-01-18 07:50 - 00098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2013-05-31 19:36 - 2009-10-28 03:26 - 47601664 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-01-16 16:02 - 2015-01-16 16:02 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15011600\algo.dll
2014-11-17 08:26 - 2014-11-17 08:26 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-08-01 16:22 - 2014-12-14 15:32 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Control Center.lnk => C:\Windows\pss\Control Center.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Tom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: EPSON BX320FW Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGIE.EXE /FU "C:\Windows\TEMP\E_SA69A.tmp" /EF "HKCU"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-3035064237-845620715-721431671-500 - Administrator - Disabled)
Gast (S-1-5-21-3035064237-845620715-721431671-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3035064237-845620715-721431671-1002 - Limited - Enabled)
Tom (S-1-5-21-3035064237-845620715-721431671-1001 - Administrator - Enabled) => C:\Users\Tom
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/16/2015 07:43:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AUDIODG.EXE, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7abf9
Name des fehlerhaften Moduls: VIASysFx.dll, Version: 1.0.0.0, Zeitstempel: 0x4add2a2e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005d97e
ID des fehlerhaften Prozesses: 0xe50
Startzeit der fehlerhaften Anwendung: 0xAUDIODG.EXE0
Pfad der fehlerhaften Anwendung: AUDIODG.EXE1
Pfad des fehlerhaften Moduls: AUDIODG.EXE2
Berichtskennung: AUDIODG.EXE3
Error: (01/16/2015 07:27:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/16/2015 07:19:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9db
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000593cd
ID des fehlerhaften Prozesses: 0x9e0
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3
Error: (01/16/2015 06:54:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9db
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000593cd
ID des fehlerhaften Prozesses: 0xfd0
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3
Error: (01/16/2015 06:27:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9db
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000593cd
ID des fehlerhaften Prozesses: 0x78c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3
Error: (01/16/2015 05:55:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/16/2015 05:25:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9db
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000593cd
ID des fehlerhaften Prozesses: 0x1168
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3
Error: (01/16/2015 05:16:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9db
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000593cd
ID des fehlerhaften Prozesses: 0x1f54
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3
Error: (01/16/2015 05:13:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9db
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000593cd
ID des fehlerhaften Prozesses: 0x7b4
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3
Error: (01/16/2015 04:02:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (01/16/2015 07:26:43 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (01/16/2015 07:26:43 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (01/16/2015 07:24:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (01/16/2015 06:54:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/16/2015 06:27:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/16/2015 05:55:05 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (01/16/2015 05:55:05 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (01/16/2015 05:53:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/16/2015 05:53:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/16/2015 05:53:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (01/16/2015 07:43:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9VIASysFx.dll1.0.0.04add2a2ec0000005000000000005d97ee5001d031bc5e2f8690C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\VIASysFx.dll9d58aef0-9daf-11e4-b7dc-00094f000001
Error: (01/16/2015 07:27:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/16/2015 07:19:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc000000500000000000593cd9e001d031b5a045c910C:\Windows\system32\svchost.exec:\windows\system32\sysmain.dll338b2be0-9dac-11e4-9fcc-00094f000001
Error: (01/16/2015 06:54:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc000000500000000000593cdfd001d031b1cc75d880C:\Windows\system32\svchost.exec:\windows\system32\sysmain.dllb8208110-9da8-11e4-9fcc-00094f000001
Error: (01/16/2015 06:27:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc000000500000000000593cd78c01d031ad323df1c0C:\Windows\system32\svchost.exec:\windows\system32\sysmain.dlle0f455c0-9da4-11e4-9fcc-00094f000001
Error: (01/16/2015 05:55:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/16/2015 05:25:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc000000500000000000593cd116801d031a7ea9fe030C:\Windows\system32\svchost.exec:\windows\system32\sysmain.dll3ad17cc0-9d9c-11e4-a91d-00094f000001
Error: (01/16/2015 05:16:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc000000500000000000593cd1f5401d031a78d030830C:\Windows\system32\svchost.exec:\windows\system32\sysmain.dllf7a9b440-9d9a-11e4-a91d-00094f000001
Error: (01/16/2015 05:13:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc000000500000000000593cd7b401d0319d5fe50f10C:\Windows\system32\svchost.exec:\windows\system32\sysmain.dlla515c7f0-9d9a-11e4-a91d-00094f000001
Error: (01/16/2015 04:02:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: AMD Phenom(tm) 8750 Triple-Core Processor
Percentage of memory in use: 37%
Total physical RAM: 4095.18 MB
Available physical RAM: 2562.37 MB
Total Pagefile: 28093.36 MB
Available Pagefile: 26285.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:127.4 GB) (Free:42.9 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:105.48 GB) (Free:72.9 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 37033702)
Partition 1: (Active) - (Size=127.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=105.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Bin schon gespannt auf die nächsten Schritte. |
Hinweis:
FRST 32-Bit | FRST 64-Bit
AdwCleaner auf deinen Desktop.
