Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   PC lädt ständig (https://www.trojaner-board.de/184064-pc-laedt-staendig.html)

abaer23 22.01.2017 13:05
PC lädt ständig
 
Hallo zusammen,
ich habe schon gelesen das auch andere hier ein solches Problem hatten. Ich hoffe ich finde hier eine Lösung.

Kurz und knapp - mein PC lädt ständig und Webseiten laden nicht oder sehr langsam - jedesmal wenn ich die Maus bewegen friert der PC kurz ein etc.. es ist zum Haare raufen.

Ich habe meine Funk Maus gegen eine Kabelmaus getauscht - nix.
Ich habe meinen Drucker ausgeschaltet und vom PC genommen - nichts.
CCCleaner laufen lassen - nichts.
Avast suchen lassen - nichts.
AdBlocker deinstalliert - nichts.

Ich habe keine Ahnung woran es liegt, vielleicht ein Virus oder Trojaner oder so?
Bin für jede Hilfe dankbar.

burningice 22.01.2017 17:18
:hallo:
Mein Name ist Rafael und ich werde dir bei der Bereinigung helfen.

Damit ich dir optimal helfen kann, halte dich bitte an folgende Regeln:
  • Bitte lies meine Posts komplett durch bevor du sie abarbeitest
  • Wenn ein Problem auftauchen sollte oder dir etwas unklar ist, unterbreche deine Arbeit und beschreibe es so genau wie möglich.
  • Bitte kein Crossposting
  • Installiere oder Deinstalliere keine Software ohne Aufforderung
  • Bitte verwende nur die Tools, welche hier im Thread erwähnt werden und führe sie nur gemäß Anweisung aus
  • Bitte antworte innerhalb von 24h um eine sinnvolle Bereinigung zu ermöglichen
  • Poste die Logs immer in CODE-Tags (#-Button), zur Not die Logs einfach aufteilen
  • Wichtig: Nur weil dein Problem mit einem Schritt plötzlich behoben ist, bedeutet das nicht, dass dein PC auch sauber ist. Mache solange weiter, bis ich dir sage, dass dein PC "clean" ist
  • Wir machen unsere Arbeit freiwillig und ehrenamtlich neben unserer normalen Beschäftigung im Leben. Dennoch, wenn ich dir nicht binnen 36h antworte, sende mir bitte eine persönliche Nachricht!
Los geht's :abklatsch:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


abaer23 22.01.2017 17:53
Hi Rafael,

vielen Dank für die Hilfe. Also habe das Tool geladen und den Scan gemacht. Hier das Ergebnis. Erst FRST dann Addition



FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017
Ran by Anna (administrator) on ANNA-NOTEBOOK (22-01-2017 17:43:21)
Running from C:\Users\Anna\Downloads
Loaded Profiles: Anna (Available Profiles: Anna)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\stacsv64.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
() C:\WINDOWS\System32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\System32\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\WINDOWS\System32\WLTRAY.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\AAVUpdateManager\aavus.exe
(Andrea Electronics Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
(GameHouse) C:\Program Files (x86)\GameHouse Games\aminstantservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Farbar) C:\Users\Anna\Downloads\FRST64(1).exe
(Microsoft Corporation) C:\WINDOWS\System32\conime.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [305664 2009-03-31] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [4119552 2008-12-21] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-06-15] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1042912 2016-10-13] (DivX, LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-3470642563-3340574871-2440115925-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3470642563-3340574871-2440115925-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd)
HKU\S-1-5-21-3470642563-3340574871-2440115925-1000\...\MountPoints2: {3d4a30a6-d3ce-11e5-b691-0025644b0f91} - G:\AutoRun.exe
HKU\S-1-5-21-3470642563-3340574871-2440115925-1000\...\MountPoints2: {b08d487d-927a-11de-87b9-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\tray.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-10-24] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3880C413-A406-4CAE-AFD9-F26A021F86AE}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{76093AB5-AC77-4F48-A24C-264EACB0F65B}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{A210AE0C-0ED5-4757-8B8B-F0747F7865A8}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{EE95E7F6-B9C6-4DF8-A69B-29D16A14978C}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3470642563-3340574871-2440115925-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3470642563-3340574871-2440115925-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3470642563-3340574871-2440115925-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3470642563-3340574871-2440115925-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3470642563-3340574871-2440115925-1000 -> {3D71F0B8-8101-4498-8013-C77840AD0619} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&intl=de&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3470642563-3340574871-2440115925-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-i3752
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24] (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-22] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-22] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3470642563-3340574871-2440115925-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

FireFox:
========
FF DefaultProfile: mkzisvik.default
FF ProfilePath: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\mkzisvik.default [2017-01-22]
FF Homepage: Mozilla\Firefox\Profiles\mkzisvik.default -> hxxps://www.facebook.com/
FF Extension: (Strict Pop-up Blocker) - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\mkzisvik.default\Extensions\jid1-P34HaABBBpOerQ@jetpack.xpi [2016-07-14]
FF Extension: (uBlock Origin) - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\mkzisvik.default\Extensions\uBlock0@raymondhill.net.xpi [2016-12-20]
FF Extension: (Adblock Plus) - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\mkzisvik.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-24]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-24]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-04-03] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-02-05] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-09-27] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2013-02-05] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-02-05] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2012-11-29] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3470642563-3340574871-2440115925-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2013-02-05] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2013-02-05] (RealPlayer)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxps://www.cosmosdirekt.de/"
CHR Profile: C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default [2017-01-22]
CHR Extension: (Google Drive) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (Google Docs Offline) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-10]
CHR Extension: (RealDownloader) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-04-03]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-22]
CHR HKLM-x32\...\Chrome\Extension: [ekdjfcdinekpfcedakhpngcnaamhiihn] - C:\ProgramData\Codecv\ekdjfcdinekpfcedakhpngcnaamhiihn.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AMInstantService; C:\Program Files (x86)\GameHouse Games\aminstantservice.exe [2041776 2016-10-26] (GameHouse)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-24] (AVAST Software)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-02-28] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-02-28] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [3051520 2008-12-21] (Dell Inc.) [File not signed]
S3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.11.266\McCHSvc.exe" [X]
R2 yksvc; RUNDLL32.EXE ykx64coinst,serviceStartProc [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-10-24] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-10-24] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-10-24] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [74032 2016-10-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-10-24] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-10-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-10-24] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [224616 2016-10-24] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [74544 2016-10-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-24] () [File not signed]
R3 AX88179; C:\Windows\System32\DRIVERS\ax88179_178a.sys [58368 2013-05-24] (ASIX Electronics Corp.)
R3 OA009Ufd; C:\Windows\System32\DRIVERS\OA009Ufd.sys [159840 2009-03-06] (Creative Technology Ltd.)
R3 OA009Vid; C:\Windows\System32\DRIVERS\OA009Vid.sys [311296 2009-03-19] (Creative Technology Ltd.)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-22 17:42 - 2017-01-22 17:42 - 02420736 _____ (Farbar) C:\Users\Anna\Downloads\FRST64(1).exe
2017-01-21 20:56 - 2017-01-21 20:56 - 00314584 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-03 20:57 - 2017-01-03 20:57 - 00002111 _____ C:\Users\Public\Desktop\Spiel Delicious - Emilys Christmas Carol Sammleredition.lnk
2017-01-03 20:57 - 2017-01-03 20:57 - 00001288 _____ C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
2017-01-03 20:56 - 2017-01-03 20:57 - 00000000 ____D C:\Program Files (x86)\Delicious - Emilys Christmas Carol Sammleredition
2017-01-03 20:56 - 2017-01-03 20:56 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Delicious - Emilys Christmas Carol Sammleredition
2017-01-03 20:56 - 2017-01-03 20:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Delicious - Emilys Christmas Carol Sammleredition
2017-01-03 20:50 - 2017-01-03 20:50 - 00002089 _____ C:\Users\Public\Desktop\Spiel Fabulous - Angelas Fashion Fever Sammleredition.lnk
2017-01-03 20:49 - 2017-01-03 20:50 - 00000000 ____D C:\Program Files (x86)\Fabulous - Angelas Fashion Fever Sammleredition
2017-01-03 20:49 - 2017-01-03 20:49 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fabulous - Angelas Fashion Fever Sammleredition
2017-01-03 20:49 - 2017-01-03 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fabulous - Angelas Fashion Fever Sammleredition
2017-01-02 13:10 - 2017-01-02 13:11 - 09675152 _____ (Star Stable Entertainment AB) C:\Users\Anna\Downloads\StarStableOnlineSetup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-22 17:43 - 2013-09-18 18:03 - 00018273 _____ C:\Users\Anna\Downloads\FRST.txt
2017-01-22 17:43 - 2013-09-16 19:24 - 00000000 ____D C:\FRST
2017-01-22 17:33 - 2012-07-09 17:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-22 16:13 - 2006-11-02 16:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-22 16:13 - 2006-11-02 16:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-22 14:19 - 2015-01-10 21:59 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-01-22 14:19 - 2015-01-10 21:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-22 14:18 - 2009-08-27 02:26 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-22 14:16 - 2016-11-18 18:18 - 00000000 ____D C:\Users\Anna\AppData\LocalLow\Mozilla
2017-01-22 14:13 - 2006-11-02 16:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-22 05:46 - 2006-11-02 16:07 - 00000000 ____D C:\Program Files\Microsoft Games
2017-01-21 21:01 - 2006-11-02 14:33 - 00000000 ____D C:\Windows\inf
2017-01-21 20:18 - 2012-04-02 22:12 - 00000000 ____D C:\Users\Anna
2017-01-19 20:07 - 2006-11-02 16:42 - 00032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-01-10 20:33 - 2012-07-09 17:54 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-10 20:33 - 2012-04-14 07:58 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-10 20:33 - 2012-04-03 08:25 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 20:33 - 2012-04-03 08:24 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-10 20:33 - 2009-08-27 02:25 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-03 22:27 - 2012-05-01 13:23 - 00000000 ____D C:\ProgramData\TEMP
2017-01-03 21:01 - 2016-11-19 10:43 - 00000000 ____D C:\Users\Anna\AppData\Roaming\GameHouse
2017-01-03 20:56 - 2006-11-02 16:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

==================== Files in the root of some directories =======

2016-10-23 20:58 - 2016-10-23 20:58 - 7065600 _____ () C:\Program Files (x86)\GUT1719.tmp
2016-05-12 14:03 - 2016-05-12 14:03 - 6748160 _____ () C:\Program Files (x86)\GUT17B5.tmp
2012-08-12 13:27 - 2016-01-01 12:10 - 0000680 _____ () C:\Users\Anna\AppData\Local\d3d9caps.dat
2012-04-29 16:58 - 2015-08-01 07:18 - 0000732 _____ () C:\Users\Anna\AppData\Local\d3d9caps64.dat
2012-04-06 14:28 - 2016-10-29 19:25 - 0146944 _____ () C:\Users\Anna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-24 18:32 - 2014-12-14 21:04 - 0464104 _____ () C:\Users\Anna\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2014-05-24 18:31 - 2014-05-24 18:31 - 0000002 _____ () C:\Users\Anna\AppData\Local\dd_dotnetfx35error.txt
2014-05-24 18:36 - 2014-05-24 18:36 - 0000002 _____ () C:\Users\Anna\AppData\Local\dd_dotnetfx35error_lp.txt
2014-05-24 18:31 - 2014-12-14 21:04 - 0570876 _____ () C:\Users\Anna\AppData\Local\dd_dotnetfx35install.txt
2014-05-24 18:36 - 2014-12-14 21:04 - 0077712 _____ () C:\Users\Anna\AppData\Local\dd_dotnetfx35install_lp.txt
2014-05-24 18:34 - 2014-05-24 18:35 - 2816516 _____ () C:\Users\Anna\AppData\Local\dd_NET_Framework35_x64_MSI4776.txt
2014-12-14 21:02 - 2014-12-14 21:04 - 2813400 _____ () C:\Users\Anna\AppData\Local\dd_NET_Framework35_x64_MSI7BC3.txt
2013-09-29 10:43 - 2013-09-29 10:43 - 0003926 _____ () C:\Users\Anna\AppData\Local\dd_vcredistMSI0905.txt
2012-04-03 08:18 - 2012-04-03 08:19 - 0464324 _____ () C:\Users\Anna\AppData\Local\dd_vcredistMSI1235.txt
2014-12-06 18:43 - 2014-12-06 18:43 - 0358068 _____ () C:\Users\Anna\AppData\Local\dd_vcredistMSI2039.txt
2014-12-13 18:32 - 2014-12-13 18:33 - 0372232 _____ () C:\Users\Anna\AppData\Local\dd_vcredistMSI3B35.txt
2012-04-03 09:16 - 2012-04-03 09:17 - 0439368 _____ () C:\Users\Anna\AppData\Local\dd_vcredistMSI3EE1.txt
2013-07-05 19:40 - 2013-07-05 19:40 - 0385838 _____ () C:\Users\Anna\AppData\Local\dd_vcredistMSI64DB.txt
2013-07-05 19:40 - 2013-07-05 19:40 - 0376648 _____ () C:\Users\Anna\AppData\Local\dd_vcredistMSI64FB.txt
2013-03-28 21:23 - 2013-03-28 21:23 - 0420806 _____ () C:\Users\Anna\AppData\Local\dd_vcredistMSI7CA9.txt
2013-09-29 10:42 - 2013-09-29 10:43 - 0017172 _____ () C:\Users\Anna\AppData\Local\dd_vcredistUI0905.txt
2012-04-03 08:18 - 2012-04-03 08:19 - 0011962 _____ () C:\Users\Anna\AppData\Local\dd_vcredistUI1235.txt
2014-12-06 18:43 - 2014-12-06 18:43 - 0011362 _____ () C:\Users\Anna\AppData\Local\dd_vcredistUI2039.txt
2014-12-13 18:32 - 2014-12-13 18:33 - 0012230 _____ () C:\Users\Anna\AppData\Local\dd_vcredistUI3B35.txt
2012-04-03 09:16 - 2012-04-03 09:17 - 0014550 _____ () C:\Users\Anna\AppData\Local\dd_vcredistUI3EE1.txt
2013-07-05 19:40 - 2013-07-05 19:40 - 0011370 _____ () C:\Users\Anna\AppData\Local\dd_vcredistUI64DB.txt
2013-07-05 19:40 - 2013-07-05 19:40 - 0011434 _____ () C:\Users\Anna\AppData\Local\dd_vcredistUI64FB.txt
2013-03-28 21:23 - 2013-03-28 21:23 - 0012254 _____ () C:\Users\Anna\AppData\Local\dd_vcredistUI7CA9.txt
2013-03-16 19:33 - 2013-03-16 19:33 - 0002102 _____ () C:\Users\Anna\AppData\Local\recently-used.xbel
2014-05-24 18:31 - 2014-12-14 21:04 - 0012088 _____ () C:\Users\Anna\AppData\Local\uxeventlog.txt
2014-03-29 17:04 - 2016-04-08 10:42 - 0011810 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-22 14:20

==================== End of FRST.txt ============================
--- --- ---



[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017
Ran by Anna (22-01-2017 17:44:31)
Running from C:\Users\Anna\Downloads
Windows Vista (TM) Home Premium Service Pack 2 (X64) (2009-08-26 20:05:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3470642563-3340574871-2440115925-500 - Administrator - Disabled)
Anna (S-1-5-21-3470642563-3340574871-2440115925-1000 - Administrator - Enabled) => C:\Users\Anna
Guest (S-1-5-21-3470642563-3340574871-2440115925-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AIO_CDA_ProductContext (x32 Version: 82.0.233.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (x32 Version: 82.0.233.000 - Hewlett-Packard) Hidden
AIO_CDA_ToolboxIni64 (Version: 82.0.233.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.4 - Sereby Corporation)
AMD Catalyst Install Manager (HKLM\...\{C8C35091-7C89-FDB6-495A-9463029C3CAE}) (Version: 3.0.868.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.4 - Auslogics Software Pty Ltd)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 12.3.2280 - AVAST Software)
AX88179_AX88178A Windows XP_Vista Drivers (HKLM-x32\...\InstallShield_{CAD891A3-A1D1-43A9-A5FA-54AF8CFEF3AC}) (Version: 1.0.4.0 - ASIX Electronics Corporation)
AX88179_AX88178A Windows XP_Vista Drivers (x32 Version: 1.0.4.0 - ASIX Electronics Corporation) Hidden
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
BlackBerry Desktop Software 5.0 (x32 Version: 5.0.0.11 - Research in Motion Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
C3100 (x32 Version: 82.0.233.000 - Hewlett-Packard) Hidden
c3100_Help (x32 Version: 82.0.233.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (x32 Version: 82.0.188.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Delicious: Emily's Christmas Carol Sammleredition (HKLM-x32\...\BFG-Delicious - Emilys Christmas Carol Sammleredition) (Version:  - )
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.25 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.3.10 x64 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.1.0029 - Dell, Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.104.115.101 - Alps Electric)
Dell Video Chat (HKLM-x32\...\Dell Video Chat) (Version: 6.0 (6567) - SightSpeed Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.20.10 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11 Application) (Version: 5.10.38.30 - Dell Inc.)
Destinations (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
DirectX 9.0c Extra Files (x86, x64) (HKLM\...\{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1) (Version: 1.10.06.0 - Sereby Corporation)
DirectX for Managed Code (HKLM\...\{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1) (Version: 1.0.0.0 - Sereby Corporation)
DivX-Setup (HKLM\...\DivX Setup) (Version: 3.0.0.99 - DivX, LLC)
eSupportQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Fabulous: Angela's Fashion Fever Sammleredition (HKLM-x32\...\BFG-Fabulous - Angelas Fashion Fever Sammleredition) (Version:  - )
Fax (x32 Version: 82.0.188.000 - Hewlett-Packard) Hidden
FinePix Studio (HKLM-x32\...\{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}) (Version:  - )
FinePixViewer Resource (HKLM-x32\...\{B44529FF-501E-47CD-A06D-223C161BE058}) (Version: 1.2 - FUJIFILM Corporation)
FinePixViewer Ver.5.3 (HKLM-x32\...\{24ED4D80-8294-11D5-96CD-0040266301AD}) (Version: 5.3 - FUJIFILM Corporation)
GameHouse Games (HKLM-x32\...\GameHouse Games) (Version: 8.60.20 - GameHouse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPProductAssistant (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
Integrated Webcam Driver (1.02.01.0320)  (HKLM\...\Creative OA009) (Version: 1.02.01.0320 - Creative Technology Ltd.)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1029 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 7 Update 72 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217072FF}) (Version: 7.0.720 - Oracle)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
MarketResearch (x32 Version: 82.0.174.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Default Manager (HKLM-x32\...\{095B1DCF-5E8B-47EC-9B18-481918A731DB}) (Version: 2.0.69.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version:  - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 de)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.2.5024 - Dell Corp.)
Quickset (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.2.18 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
SafeZone Stable 1.48.2066.114 (x32 Version: 1.48.2066.114 - Avast Software) Hidden
Scan (x32 Version: 8.1.0.0 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 82.0.188.000 - Hewlett-Packard) Hidden
Status (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 82.0.188.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
WebReg (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0529743D-3EE2-421D-AAA4-B2442BB64D55} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-24] (AVAST Software)
Task: {26AB55DA-3EE1-4BBE-9824-DE0A59942707} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3470642563-3340574871-2440115925-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {37ECB5C4-066C-410F-8747-43A74973BDF3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {44F08F86-56BD-4E2B-B023-62181530D84C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {4D6146FE-C872-4ADA-8AD9-73F1C7C5C816} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {5F175B4C-1B8E-4A5D-93B2-46D4FE47C36B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {64117F1A-F90B-49B9-9AC8-576CAF647CB1} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3470642563-3340574871-2440115925-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {7B7572E7-6F67-4970-B5C7-1BB83C4F7BB7} - System32\Tasks\CCleanerClean => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {7BE3754D-CA3A-48DB-9339-B417A5C5FE90} - System32\Tasks\SafeZone scheduled Autoupdate 1468501099 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software)
Task: {901F2CC9-D36A-435F-9BEC-8D191B8DD513} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [2016-09-22] (DivX, LLC)
Task: {BC40E21B-E3DB-4D46-9D6A-3552C770C827} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Anna => C:\Program Files (x86)\Windows Calendar\wincal.exe [2009-04-10] (Microsoft Corporation)
Task: {C70A595A-5BDB-4A9E-A674-8F45BB1E1853} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {D7547D6E-5F3A-4E2B-80CE-8FD4F56EDD88} - System32\Tasks\{69AF8698-2875-4CE0-BB9D-9FD14E0D31EF} => pcalua.exe -a C:\Users\Anna\Documents\mp3gain-win-full-1_3_4.exe -d C:\Users\Anna\Documents
Task: {FAE4BE2A-0FCE-4B24-8B31-F7EE4A90E34D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CCleanerClean.job => C:\Program Files\CCleaner\CCleaner.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Flatrate Player\Flatrate Player.lnk -> C:\Program Files (x86)\Common Files\Metaboli\Core\yummy.launcher.exe (Yummy Interactive Inc) -> -PARTNER glde-prod -HOST www.gamesflatrate.de
ShortcutWithArgument: C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Flatrate Player\Uninstall.lnk -> C:\Program Files (x86)\Common Files\Metaboli\Core\yummy.installer.exe (Yummy Interactive Inc) -> -PARTNER glde-prod -HOST www.gamesflatrate.de -uninstall

==================== Loaded Modules (Whitelisted) ==============

2009-08-27 02:28 - 2008-12-21 19:35 - 00032768 _____ () C:\Windows\System32\WLTRYSVC.EXE
2009-08-27 02:29 - 2008-12-21 19:35 - 00057856 _____ () C:\Windows\System32\bcmwlrmt.dll
2012-03-09 04:56 - 2012-03-09 04:56 - 00045056 _____ () C:\Windows\system32\atitmp64.dll
2009-08-27 02:29 - 2008-12-21 19:35 - 00057856 _____ () C:\WINDOWS\System32\bcmwlrmt.dll
2015-08-19 17:20 - 2015-08-19 17:20 - 00055576 _____ () C:\Program Files\CCleaner\branding.dll
2015-08-19 18:10 - 2015-08-19 18:10 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2008-10-24 15:35 - 2008-10-24 15:35 - 00128296 _____ () C:\Program Files (x86)\AAVUpdateManager\aavus.exe
2012-11-29 20:31 - 2012-11-29 20:31 - 00038608 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2016-10-24 17:36 - 2016-10-24 17:36 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-10-24 17:36 - 2016-10-24 17:36 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-01-22 14:14 - 2017-01-22 14:14 - 04376576 _____ () C:\Program Files\AVAST Software\Avast\defs\17012200\algo.dll
2016-07-14 14:09 - 2016-07-14 14:10 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-08-27 02:42 - 2009-04-17 16:16 - 00115952 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2009-08-27 02:42 - 2009-04-17 16:17 - 00128240 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:07A7B66A [136]
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B [123]
AlternateDataStreams: C:\ProgramData\TEMP:080657D7 [478]
AlternateDataStreams: C:\ProgramData\TEMP:0824CCE8 [252]
AlternateDataStreams: C:\ProgramData\TEMP:08801FDB [121]
AlternateDataStreams: C:\ProgramData\TEMP:0AFF594D [130]
AlternateDataStreams: C:\ProgramData\TEMP:0C65EA0E [260]
AlternateDataStreams: C:\ProgramData\TEMP:13893338 [128]
AlternateDataStreams: C:\ProgramData\TEMP:150A6846 [135]
AlternateDataStreams: C:\ProgramData\TEMP:17BBEBBB [205]
AlternateDataStreams: C:\ProgramData\TEMP:1A4BF204 [296]
AlternateDataStreams: C:\ProgramData\TEMP:1B8B59DB [133]
AlternateDataStreams: C:\ProgramData\TEMP:1C159B9A [129]
AlternateDataStreams: C:\ProgramData\TEMP:1F96ED45 [130]
AlternateDataStreams: C:\ProgramData\TEMP:2216A431 [119]
AlternateDataStreams: C:\ProgramData\TEMP:2679D5C1 [218]
AlternateDataStreams: C:\ProgramData\TEMP:2A9AE786 [502]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:2FDFA8E2 [118]
AlternateDataStreams: C:\ProgramData\TEMP:33C6377A [127]
AlternateDataStreams: C:\ProgramData\TEMP:37994DBE [108]
AlternateDataStreams: C:\ProgramData\TEMP:3C0887BF [125]
AlternateDataStreams: C:\ProgramData\TEMP:3CAE2A70 [124]
AlternateDataStreams: C:\ProgramData\TEMP:4009F120 [211]
AlternateDataStreams: C:\ProgramData\TEMP:417B6FAC [124]
AlternateDataStreams: C:\ProgramData\TEMP:4290D685 [128]
AlternateDataStreams: C:\ProgramData\TEMP:46A32667 [472]
AlternateDataStreams: C:\ProgramData\TEMP:4977A107 [118]
AlternateDataStreams: C:\ProgramData\TEMP:4A463A25 [135]
AlternateDataStreams: C:\ProgramData\TEMP:4B4E93EE [127]
AlternateDataStreams: C:\ProgramData\TEMP:4D729D61 [141]
AlternateDataStreams: C:\ProgramData\TEMP:4E4ABF17 [208]
AlternateDataStreams: C:\ProgramData\TEMP:4F96D8E6 [230]
AlternateDataStreams: C:\ProgramData\TEMP:52329B88 [306]
AlternateDataStreams: C:\ProgramData\TEMP:52E1DB1D [111]
AlternateDataStreams: C:\ProgramData\TEMP:5506D17E [146]
AlternateDataStreams: C:\ProgramData\TEMP:56F368C9 [122]
AlternateDataStreams: C:\ProgramData\TEMP:58A0092F [280]
AlternateDataStreams: C:\ProgramData\TEMP:5C0CABC7 [234]
AlternateDataStreams: C:\ProgramData\TEMP:5CD804FF [458]
AlternateDataStreams: C:\ProgramData\TEMP:60C897F3 [113]
AlternateDataStreams: C:\ProgramData\TEMP:60E0AB2A [278]
AlternateDataStreams: C:\ProgramData\TEMP:61A065F2 [476]
AlternateDataStreams: C:\ProgramData\TEMP:62ECBD75 [452]
AlternateDataStreams: C:\ProgramData\TEMP:63D2848F [274]
AlternateDataStreams: C:\ProgramData\TEMP:664852B0 [227]
AlternateDataStreams: C:\ProgramData\TEMP:6B86037F [136]
AlternateDataStreams: C:\ProgramData\TEMP:6BF0805F [107]
AlternateDataStreams: C:\ProgramData\TEMP:6D632CD7 [284]
AlternateDataStreams: C:\ProgramData\TEMP:7169BE62 [127]
AlternateDataStreams: C:\ProgramData\TEMP:73879882 [139]
AlternateDataStreams: C:\ProgramData\TEMP:751D6870 [242]
AlternateDataStreams: C:\ProgramData\TEMP:7EC01D6D [126]
AlternateDataStreams: C:\ProgramData\TEMP:7FD199E4 [117]
AlternateDataStreams: C:\ProgramData\TEMP:86A2B03C [490]
AlternateDataStreams: C:\ProgramData\TEMP:88981452 [430]
AlternateDataStreams: C:\ProgramData\TEMP:8967C154 [268]
AlternateDataStreams: C:\ProgramData\TEMP:896FF808 [288]
AlternateDataStreams: C:\ProgramData\TEMP:8A26C97F [133]
AlternateDataStreams: C:\ProgramData\TEMP:8BAD6F90 [458]
AlternateDataStreams: C:\ProgramData\TEMP:8F2D2441 [228]
AlternateDataStreams: C:\ProgramData\TEMP:90108DD7 [119]
AlternateDataStreams: C:\ProgramData\TEMP:957053A5 [116]
AlternateDataStreams: C:\ProgramData\TEMP:98DD1050 [120]
AlternateDataStreams: C:\ProgramData\TEMP:9B285B76 [103]
AlternateDataStreams: C:\ProgramData\TEMP:A5264343 [446]
AlternateDataStreams: C:\ProgramData\TEMP:A6881EE7 [97]
AlternateDataStreams: C:\ProgramData\TEMP:AA60673F [120]
AlternateDataStreams: C:\ProgramData\TEMP:ABBECF62 [173]
AlternateDataStreams: C:\ProgramData\TEMP:AD5E6155 [119]
AlternateDataStreams: C:\ProgramData\TEMP:AE52E6A6 [498]
AlternateDataStreams: C:\ProgramData\TEMP:AF2F4B57 [294]
AlternateDataStreams: C:\ProgramData\TEMP:AF2F9D4A [494]
AlternateDataStreams: C:\ProgramData\TEMP:B08E1EB8 [200]
AlternateDataStreams: C:\ProgramData\TEMP:B5810C71 [136]
AlternateDataStreams: C:\ProgramData\TEMP:B62E78C7 [136]
AlternateDataStreams: C:\ProgramData\TEMP:BC076721 [217]
AlternateDataStreams: C:\ProgramData\TEMP:C2AD09C0 [426]
AlternateDataStreams: C:\ProgramData\TEMP:C3702442 [464]
AlternateDataStreams: C:\ProgramData\TEMP:C4D9B0D5 [136]
AlternateDataStreams: C:\ProgramData\TEMP:C602FACB [164]
AlternateDataStreams: C:\ProgramData\TEMP:C6CD88E9 [258]
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [151]
AlternateDataStreams: C:\ProgramData\TEMP:CB959782 [340]
AlternateDataStreams: C:\ProgramData\TEMP:D01ACC06 [122]
AlternateDataStreams: C:\ProgramData\TEMP:D0EC116C [454]
AlternateDataStreams: C:\ProgramData\TEMP:D1D657D4 [246]
AlternateDataStreams: C:\ProgramData\TEMP:D387C245 [104]
AlternateDataStreams: C:\ProgramData\TEMP:D3A8AA31 [270]
AlternateDataStreams: C:\ProgramData\TEMP:D53D29CC [130]
AlternateDataStreams: C:\ProgramData\TEMP:D5E15C93 [159]
AlternateDataStreams: C:\ProgramData\TEMP:D8059174 [116]
AlternateDataStreams: C:\ProgramData\TEMP:DAA4EE93 [125]
AlternateDataStreams: C:\ProgramData\TEMP:E0848D16 [130]
AlternateDataStreams: C:\ProgramData\TEMP:E091E936 [134]
AlternateDataStreams: C:\ProgramData\TEMP:E196EC71 [274]
AlternateDataStreams: C:\ProgramData\TEMP:E21413B8 [118]
AlternateDataStreams: C:\ProgramData\TEMP:E33C786A [208]
AlternateDataStreams: C:\ProgramData\TEMP:E5A12B57 [133]
AlternateDataStreams: C:\ProgramData\TEMP:E8074E20 [502]
AlternateDataStreams: C:\ProgramData\TEMP:E87CF820 [510]
AlternateDataStreams: C:\ProgramData\TEMP:EF71CAB5 [131]
AlternateDataStreams: C:\ProgramData\TEMP:F164CEA1 [234]
AlternateDataStreams: C:\ProgramData\TEMP:F942EC78 [145]
AlternateDataStreams: C:\ProgramData\TEMP:FEC6F1CA [131]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\shell32.dll,-153 <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3470642563-3340574871-2440115925-1000\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 13:34 - 2006-09-18 22:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1      localhost
::1            localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3470642563-3340574871-2440115925-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Anna\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ExifLauncher2.lnk => C:\Windows\pss\ExifLauncher2.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Anna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hpqtra08.exe => C:\Windows\pss\hpqtra08.exe.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BlackBerryAutoUpdate => C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DivXMediaServer => "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: uTorrent => "C:\Users\Anna\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => %SystemRoot%\system32\dfsr.exe
FirewallRules: [{66BE72EE-4D3D-4515-9957-9438B61E7A30}] => C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
FirewallRules: [{43506A9D-529E-4D8B-9E4E-24FB2457ABC5}] => C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
FirewallRules: [{F1B88B57-C112-4A4C-AFF2-03B12D940BEF}] => C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{D07BF427-1323-4B71-A10B-890A2B875327}] => C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{B84806DE-57B5-4260-A367-F188E75EA779}] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{3D1849C1-1B2E-4119-A0D9-C0EA34715202}] => LPort=80
FirewallRules: [{1B306E76-EC7A-4DBD-9477-D1D7C6F69343}] => LPort=80
FirewallRules: [{2A8EFC44-258B-46F2-BB46-E4B78D70E7DC}] => LPort=80
FirewallRules: [{8BC09406-636A-4427-985E-DFDC3F57CE85}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{335BB5F7-E0BD-4F86-8018-0EC05675C6A7}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ADC6D15B-494E-4F23-8433-A2C94985957A}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9238F2FF-FC2E-4891-9FE2-737109C9D1F0}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{83E64722-7083-4EDC-86BA-AAFAE62B3EA8}C:\program files (x86)\real\realplayer\realplay.exe] => C:\program files (x86)\real\realplayer\realplay.exe
FirewallRules: [UDP Query User{DE14AABD-E69D-4F71-AFAA-EAA47C5A7705}C:\program files (x86)\real\realplayer\realplay.exe] => C:\program files (x86)\real\realplayer\realplay.exe
FirewallRules: [{CF8281F8-780B-485E-8034-B3458D51A945}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D644ADFE-CB61-4805-8737-C369A952F7F4}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{24DC8753-C118-4DF7-A3DC-301CA4B1CBD8}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A68A877C-1D54-4A6B-9246-38B48C787476}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{50693F47-6363-4AD9-9EEA-12ACDD18E04C}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2DAA63D7-B8EA-4B03-8C3E-287AA6751D59}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{39406052-70B0-4262-B3B2-A2FF786278A0}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{E3D33220-9368-4733-85C4-3DA58C67AC8C}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{AA391AF9-92DE-4DA9-8B35-7841182316E8}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A6839CBE-3B21-4F6F-B05B-A44602CDDF3F}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F0A8D007-9D4B-4520-9387-F239700A9654}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

21-01-2017 20:58:08 Device Driver Package Install: Microsoft Printers

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/22/2017 02:14:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/22/2017 02:14:24 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\WINDOWS\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/22/2017 01:32:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 50.1.0.6186, time stamp 0x584a057c, faulting module mozglue.dll, version 50.1.0.6186, time stamp 0x5849ff8b, exception code 0x80000003, fault offset 0x0000ec79,
process id 0x12b9c, application start time 0x01d274aa3e71b979.

Error: (01/22/2017 01:31:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application crashreporter.exe, version 50.1.0.6186, time stamp 0x5849ff7a, faulting module ntdll.dll, version 6.0.6002.19623, time stamp 0x56ec36a2, exception code 0xc000012d, fault offset 0x0006f7b3,
process id 0x132c4, application start time 0x01d274ab6d5565b9.

Error: (01/22/2017 12:54:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/22/2017 12:19:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/22/2017 11:08:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/21/2017 09:09:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/21/2017 08:58:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/21/2017 08:32:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CCleaner64.exe version 5.9.0.5343 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 459c
Start Time: 01d2741c1db7c8ad
Termination Time: 60000


System errors:
=============
Error: (01/22/2017 02:14:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The USB RNDIS Adapter service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/22/2017 02:14:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel(R) PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/22/2017 02:14:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel(R) PRO/1000 PCI Express Network Connection Driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/22/2017 02:13:45 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 14:11:58 on 22.01.2017 was unexpected.

Error: (01/22/2017 02:08:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {6295DF2D-35EE-11D1-8707-00C04FD93327} did not register with DCOM within the required timeout.

Error: (01/22/2017 02:08:06 PM) (Source: AX88179) (EventID: 17) (User: )
Description: OID complete failed.

Error: (01/22/2017 02:08:06 PM) (Source: AX88179) (EventID: 17) (User: )
Description: OID complete failed.

Error: (01/22/2017 02:08:06 PM) (Source: AX88179) (EventID: 17) (User: )
Description: OID complete failed.

Error: (01/22/2017 02:08:06 PM) (Source: AX88179) (EventID: 17) (User: )
Description: OID complete failed.

Error: (01/22/2017 02:08:06 PM) (Source: AX88179) (EventID: 17) (User: )
Description: OID complete failed.


CodeIntegrity:
===================================
  Date: 2016-10-24 18:28:24.338
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-23 22:10:16.242
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-23 21:51:36.577
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-20 16:38:27.203
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\aswHdsKe.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-20 16:38:25.998
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\aswHdsKe.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-09 13:17:04.763
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-08 13:24:32.856
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-07 11:10:21.546
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-05 13:12:31.246
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-04 12:04:59.061
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 43%
Total physical RAM: 4091.44 MB
Available physical RAM: 2304.46 MB
Total Virtual: 8368.13 MB
Available Virtual: 6558.34 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:215.53 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:4.62 GB) NTFS
Drive f: (MANAGER10) (CDROM) (Total:7.03 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 9F7139F1)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=283.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
--- --- ---


Hoffe das ist so richtig.

burningice 22.01.2017 18:01
Schritt: 1
Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

abaer23 22.01.2017 19:38
So ich habe das Tool laufen lassen aber einen Neustart hab ich nicht gehabt. Muss ich den selber machen?

Code:
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.01.22.03
  rootkit: v2016.11.20.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Anna :: ANNA-NOTEBOOK [administrator]

22.01.2017 18:10:28
mbar-log-2017-01-22 (18-10-28).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 306350
Time elapsed: 1 hour(s), 14 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\settings.ini (Trojan.Injector.BHO) -> Delete on reboot. [d219f68810987bbbb0cdf01b659f58a8]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

burningice 22.01.2017 20:25
neustarten und MBAR neu ausführen bitte.

abaer23 22.01.2017 23:10
Hier das neue mbar

Code:
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.01.22.03
  rootkit: v2016.11.20.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Anna :: ANNA-NOTEBOOK [administrator]

22.01.2017 22:23:51
mbar-log-2017-01-22 (22-23-51).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 306396
Time elapsed: 44 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

burningice 23.01.2017 04:31
gut gemacht!

Schritt: 0
Deinstalliere folgendes Programm über die Systemsteuerung:
Google Update Helper

Schritt 1
Lade dir folgendes Programm herunter und installiere es: http://filepony.de/icon/tiny/malware...ti_malware.png Malwarebytes Anti-Malware
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke links auf Einstellungen und wechsle zum Tab Schutz.
  • Unter Scan-Optionen aktiviere die Option Nach Rootkits suchen
  • Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM nach dem Neustart, klicke auf Berichte.
  • Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
  • Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 2
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel
    • "Prefetch" Dateien
    • Proxy
    • Winsock
    • Internet Explorer Richtlinien
    • Chrome Richtlinien
  • Bestätige die Auswahl mit Ok.
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3
Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.

Bitte poste in deiner nächsten Antwort also:
  • Logfile von AdwCleaner
  • Logfile von Malwarebytes
  • Frst.txt
  • Addition.txt


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:46 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131