Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Hab versucht SkyHunter4 mit SkyHunter Killer zu löschen, aber alles hängt sich auf

Hab versucht SkyHunter4 mit SkyHunter Killer zu löschen, aber alles hängt sich auf


Log-Analyse und Auswertung: Hab versucht SkyHunter4 mit SkyHunter Killer zu löschen, aber alles hängt sich auf

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 19.04.2015, 11:22   #1
skaltas
 
Hab versucht SkyHunter4 mit SkyHunter Killer zu löschen, aber alles hängt sich auf - Standard

Hab versucht SkyHunter4 mit SkyHunter Killer zu löschen, aber alles hängt sich auf


Hallo,

Wieder ein neuer ohne viel Ahnung..ähmmm, räusper, hust. Habe Windows 7

Nachdem meine Frau sich den CTB locker eingefangen hat, habe ich mit meinem PC versucht etwas zu finden, dabei hab ich dummerweise den SpyHunter 4 installiert.
Nach den Tips bei "Chip" habe ich nacheinander den GeekUnistaller und den SpyHunter Killer installiert, nichts geht.
Geek startet gar nicht und bei dem Killer hängt sich der PC auf und bei SpyHunter läuft währenddessen weiter. In der Systemsteuerung läst er sich auch nicht deinstallieren. Was hilft wirklich?
Gibts Tips? (Hoffentlich)

Danke skaltas

Alt 19.04.2015, 11:39   #2
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Hab versucht SkyHunter4 mit SkyHunter Killer zu löschen, aber alles hängt sich auf - Standard

Hab versucht SkyHunter4 mit SkyHunter Killer zu löschen, aber alles hängt sich auf




Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.



Los geht's:

Schritt 1


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 19.04.2015, 11:54   #3
skaltas
 
Hab versucht SkyHunter4 mit SkyHunter Killer zu löschen, aber alles hängt sich auf - Standard

Download geht nicht


Hallo Jürgen,

vielen Dank das du mir helfen willst, aber es geht schon mit dem Download los.
FRST Download FRST 32-Bit | FRST 64-Bit. Das 64er kann ich installieren, aber mein PC ist 32bit.
Wenn ich das versuche, kommt sofort mein AV Programm Avast und verhindert den Download, jetzt wird bei erneutem Versuch jedesmal die Verbindung unterbrochen...?

Erledigt, hab den Avast abgeschaltet, jetzt konnte ich FRST32 installieren.
__________________
Alt 19.04.2015, 12:00   #4
skaltas
 
Hab versucht SkyHunter4 mit SkyHunter Killer zu löschen, aber alles hängt sich auf - Standard

Hab versucht SkyHunter4 mit SkyHunter Killer zu löschen, aber alles hängt sich auf



FRST Logfile:
[CODE]Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-04-2015
Ran by Admin (administrator) on XTREME-4GMTJ68T on 19-04-2015 12:56:25
Running from C:\Users\Admin\Desktop
Loaded Profiles: UpdatusUser & Admin (Available profiles: UpdatusUser & Admin)
Platform: Microsoft Windows 7 Максимальная Powered © by XTreme.ws™ Service Pack 1 (X86) OS Language: Russisch (Russische Föderation)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Crawler.com) C:\Program Files\Spyware Terminator\st_rsser.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Crawler.com) C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
(Crawler.com) C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHAE.EXE
(Bandoo Media Inc.) C:\Users\Admin\AppData\Local\iLivid\iLivid.exe
(Koyote-Lab inc) C:\Program Files\Cheapster\msilnk.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5075104 2014-02-24] (ESET)
HKLM\...\Run: [Ulead AutoDetector v2] => C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2004-11-26] (Ulead Systems, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-30] (AVAST Software)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-04-03] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1407664867-4041839907-3860151249-1002\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1407664867-4041839907-3860151249-500\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHAE.EXE [249440 2014-08-11] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1407664867-4041839907-3860151249-500\...\Run: [iLivid] => C:\Users\Admin\AppData\Local\iLivid\iLivid.exe [8146632 2014-12-15] (Bandoo Media Inc.)
HKU\S-1-5-21-1407664867-4041839907-3860151249-500\...\Run: [Cheapster] => C:\Program Files\Cheapster\msilnk.exe [288768 2014-12-30] (Koyote-Lab inc)
HKU\S-1-5-21-1407664867-4041839907-3860151249-500\...\Policies\Explorer: [HideSCAHealth] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKU\S-1-5-21-1407664867-4041839907-3860151249-1002\Software\Microsoft\Internet Explorer\Main,Start Page = Íîâûå áåñïëàòíûå ïðîãðàììû äëÿ Windows 7, 8 è XP íà ðóññêîì ÿçûêå.
SearchScopes: HKU\S-1-5-21-1407664867-4041839907-3860151249-1002 -> DefaultScope {A834C867-5B83-4535-9B04-DF182E0BBD0F} URL = hxxp://www.google.ru/search?hl=ru&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1407664867-4041839907-3860151249-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1407664867-4041839907-3860151249-1002 -> {0D2A7A60-29A4-4856-B4CA-32208604BF05} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&ie8=1
SearchScopes: HKU\S-1-5-21-1407664867-4041839907-3860151249-1002 -> {7FB19D89-12F4-41D4-83A0-393D93AFCE10} URL = hxxp://yandex.ru/yandsearch?text={searchTerms}&from=os
SearchScopes: HKU\S-1-5-21-1407664867-4041839907-3860151249-1002 -> {A834C867-5B83-4535-9B04-DF182E0BBD0F} URL = hxxp://www.google.ru/search?hl=ru&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1407664867-4041839907-3860151249-500 -> DefaultScope {A834C867-5B83-4535-9B04-DF182E0BBD0F} URL = hxxp://www.google.ru/search?hl=ru&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1407664867-4041839907-3860151249-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1407664867-4041839907-3860151249-500 -> {0D2A7A60-29A4-4856-B4CA-32208604BF05} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&ie8=1
SearchScopes: HKU\S-1-5-21-1407664867-4041839907-3860151249-500 -> {7FB19D89-12F4-41D4-83A0-393D93AFCE10} URL = hxxp://yandex.ru/yandsearch?text={searchTerms}&from=os
SearchScopes: HKU\S-1-5-21-1407664867-4041839907-3860151249-500 -> {A834C867-5B83-4535-9B04-DF182E0BBD0F} URL = hxxp://www.google.ru/search?hl=ru&q={searchTerms}
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-27] (AVAST Software)
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: No Name -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKLM - No Name - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pki1pxk.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-13] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2852 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-06-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-06-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-06-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-06-03] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pki1pxk.default\searchplugins\google-images.xml [2015-04-19]
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pki1pxk.default\searchplugins\google-maps.xml [2015-04-19]
FF Extension: Segurança do navegador Avira - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pki1pxk.default\Extensions\abs@avira.com [2014-11-19]
FF Extension: Cliqz Beta - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pki1pxk.default\Extensions\cliqz@cliqz.com [2015-04-19]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-03]
FF HKLM\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-07-01]
FF HKU\S-1-5-21-1407664867-4041839907-3860151249-500\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pki1pxk.default\extensions\cliqz@cliqz.com

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google :inputType}{google:cursorPosition}{google:currentPageUrl}{googleageClassification}{google:searchVersion}{google:sessionToken}{googlerefetchQuery}s ugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-01]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-01]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-01]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-01]
CHR Extension: (Bookmark Manager) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-01]
CHR Extension: (Bitdefender QuickScan) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-11-18]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-01]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-27]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-27] (AVAST Software)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1343408 2014-02-24] (ESET)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [771456 2015-04-17] (Enigma Software Group USA, LLC.)
R2 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [587912 2013-04-03] (Crawler.com)
R2 SysMain; C:\Windows\system32\sysmain.dll [1167872 2012-07-13] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2009-07-14] (Microsoft Corporation) [File not signed]
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [35840 2012-07-13] (Microsoft Corporation) [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-27] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-27] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-27] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-27] ()
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [188808 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [174400 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [37416 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [49240 2013-09-17] (ESET)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [16432 2015-04-17] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-04-17] ()
R0 oem-drv86; C:\Windows\System32\DRIVERS\oem-drv86.sys [28160 2015-04-19] (secr9tos) [File not signed]
R1 sp_rsdrv2; C:\Windows\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] () [File not signed]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-19 12:56 - 2015-04-19 12:56 - 00017631 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-04-19 12:56 - 2015-04-19 12:56 - 00000000 ____D () C:\FRST
2015-04-19 12:53 - 2015-04-19 12:53 - 01137664 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2015-04-19 12:46 - 2015-04-19 12:46 - 02098176 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2015-04-19 11:48 - 2015-04-19 11:48 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Cliqz
2015-04-19 11:48 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2015-04-19 11:48 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll
2015-04-19 11:47 - 2015-04-19 11:51 - 02585251 _____ () C:\Users\Admin\Downloads\geek_1.3.3.45.zip
2015-04-19 11:46 - 2015-04-19 11:46 - 01203488 _____ () C:\Users\Admin\Downloads\GeekUninstaller - CHIP-Installer.exe
2015-04-17 20:30 - 2015-04-17 20:33 - 00007040 _____ () C:\Users\Admin\Desktop\Rkill.txt
2015-04-17 19:41 - 2015-04-17 19:41 - 00001240 _____ () C:\Users\Admin\Desktop\SpyHunter.lnk
2015-04-17 19:41 - 2015-04-17 19:41 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Enigma Software Group
2015-04-17 19:41 - 2015-04-17 19:41 - 00000000 ____D () C:\sh4ldr
2015-04-17 19:37 - 2015-04-17 19:37 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-04-17 19:36 - 2015-04-17 19:36 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-04-16 08:24 - 2015-04-16 08:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 08:24 - 2015-04-16 08:24 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 00:13 - 2015-04-16 00:13 - 00000000 ___RD () C:\Program Files\Skype
2015-04-16 00:13 - 2015-04-16 00:13 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-04-15 10:44 - 2015-03-23 05:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 10:44 - 2015-03-23 05:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 10:44 - 2015-03-23 05:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 10:44 - 2015-03-23 05:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 10:44 - 2015-03-23 05:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 10:44 - 2015-03-23 05:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 10:44 - 2015-03-23 05:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 10:44 - 2015-03-23 04:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 10:44 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-15 10:44 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 10:44 - 2015-03-17 07:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 10:44 - 2015-03-17 07:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 10:44 - 2015-03-17 06:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 10:44 - 2015-03-17 06:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 10:44 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 10:44 - 2015-03-17 06:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 10:44 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 10:44 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 10:44 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 10:44 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 10:44 - 2015-03-17 06:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 10:44 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 10:44 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 10:44 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 10:44 - 2015-03-17 06:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 10:44 - 2015-03-17 06:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 10:44 - 2015-03-17 06:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 10:44 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 10:44 - 2015-03-17 06:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 10:44 - 2015-03-17 06:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 10:44 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 10:44 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 10:44 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 10:44 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 10:44 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 10:44 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 10:44 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 10:44 - 2015-01-28 01:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-04-15 10:43 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 10:42 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 10:42 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 10:42 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 10:42 - 2015-03-13 05:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 10:42 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 10:42 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 10:42 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 10:42 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 10:42 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 10:42 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 10:42 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 10:42 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 10:42 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 10:42 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 10:42 - 2015-03-13 05:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 10:42 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 10:42 - 2015-03-13 05:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 10:42 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 10:42 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 10:42 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 10:42 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 10:42 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 10:42 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 10:42 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 10:42 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 10:42 - 2015-03-13 04:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 10:42 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 10:42 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 10:42 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 10:42 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 10:42 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 10:41 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 10:41 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 10:41 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 10:41 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 10:41 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 10:40 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 10:40 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 10:40 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 10:40 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 10:40 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 10:40 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 10:40 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 10:40 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 10:40 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-04 16:14 - 2015-04-04 16:14 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-03 23:19 - 2015-04-03 23:19 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-03 12:09 - 2015-04-03 12:10 - 00000000 ____D () C:\GEZ
2015-04-03 11:29 - 2015-04-04 09:55 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-03-30 12:24 - 2015-04-19 12:02 - 00000000 ____D () C:\VPS Scanner
2015-03-24 01:17 - 2015-03-28 18:16 - 00000000 ____D () C:\Ford Mondeo
2015-03-21 22:23 - 2015-04-03 23:31 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-19 12:52 - 2009-07-14 06:34 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-19 12:52 - 2009-07-14 06:34 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-19 12:26 - 2014-07-01 14:04 - 00000958 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-19 12:21 - 2012-07-13 23:23 - 00000896 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-19 12:12 - 2014-06-29 16:40 - 00000000 ____D () C:\Program Files\Opera
2015-04-19 12:10 - 2014-06-28 13:35 - 01206259 _____ () C:\Windows\WindowsUpdate.log
2015-04-19 12:07 - 2014-07-01 14:04 - 00000954 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-19 12:07 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-19 12:06 - 2014-11-18 14:41 - 00011032 _____ () C:\Windows\setupact.log
2015-04-19 12:06 - 2014-08-18 23:34 - 00000000 ____D () C:\Users\Все пользователи\NVIDIA
2015-04-19 12:06 - 2014-06-28 14:31 - 00028160 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv86.sys
2015-04-19 11:42 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-18 22:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2015-04-18 14:38 - 2014-08-20 16:27 - 00000000 ____D () C:\Ira
2015-04-17 19:41 - 2014-06-28 13:39 - 00000000 ____D () C:\Users\Admin
2015-04-17 18:41 - 2014-11-18 15:16 - 00000000 ____D () C:\Users\Все пользователи\Spyware Terminator
2015-04-17 12:55 - 2014-06-30 20:20 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2015-04-16 12:16 - 2014-07-22 11:37 - 00000000 ____D () C:\Projekt AP&S Group
2015-04-16 11:54 - 2014-06-28 13:38 - 00000000 ____D () C:\Windows\rescache
2015-04-16 09:30 - 2014-07-01 14:05 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-16 08:39 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-16 08:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\ru-RU
2015-04-16 08:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-04-16 00:17 - 2014-06-29 14:45 - 00000000 ____D () C:\Users\Все пользователи\Microsoft Help
2015-04-16 00:16 - 2011-04-12 00:46 - 00719098 _____ () C:\Windows\system32\perfh019.dat
2015-04-16 00:16 - 2011-04-12 00:46 - 00151344 _____ () C:\Windows\system32\perfc019.dat
2015-04-16 00:16 - 2010-11-20 23:01 - 02451100 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-16 00:13 - 2014-06-30 00:12 - 00002687 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-16 00:13 - 2014-06-30 00:12 - 00000000 ____D () C:\Users\Все пользователи\Skype
2015-04-15 11:22 - 2012-07-13 23:23 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 11:22 - 2012-07-13 23:23 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-10 15:54 - 2014-09-03 11:51 - 00000000 ____D () C:\Ebay
2015-04-10 15:03 - 2014-06-30 00:13 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2015-04-09 14:33 - 2014-07-25 16:21 - 00000030 _____ () C:\Windows\Iedit_.INI
2015-04-05 18:56 - 2015-01-24 14:51 - 00012473 _____ () C:\Users\Admin\Documents\Rückstand Miete Fettah 2014.odt
2015-04-04 18:12 - 2014-06-29 16:39 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-04 09:20 - 2014-11-27 16:11 - 00003900 _____ () C:\Windows\PFRO.log
2015-03-24 01:07 - 2014-08-13 18:26 - 00000000 ____D () C:\Bilder

==================== Files in the root of some directories =======

2014-08-14 11:34 - 2014-08-14 11:36 - 17292760 _____ (Malwarebytes Corporation ) C:\Program Files\mbam-setup-2.0.2.1012.exe
2014-08-14 22:52 - 2014-11-10 13:02 - 0003584 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
C:\Users\Администратор\javafx-windows-i586__Vlatest.exe


Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe
[2010-11-20 23:29] - [2010-11-20 23:29] - 0026624 ____A (Microsoft Corporation) 9FCF19DFE8E2D11B0D0855A389D4DBE6

C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-04-2015
Ran by Admin at 2015-04-19 12:57:16
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 7.0 (Enabled - Out of date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: ESET Smart Security 7.0 (Enabled - Out of date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Disabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 3.1.3 - )
7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
ABBYY FineReader 11 (HKLM\...\{F11000FE-0010-0000-0000-074957833700}) (Version: 11.11.194 - ABBYY Production LLC)
ABBYY FineReader 9.0 Sprint (HKLM\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.6 (HKLM\...\{213D5223-CD40-4B7B-B292-6D5242AE5039}) (Version: 5.6.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AeroFly Professional Deluxe (HKLM\...\{8B3E5A90-1F6E-4FAF-B84F-C306C8A80809}) (Version: 1.8.0.17 - )
AllDup 3.4.24 (HKLM\...\AllDup_is1) (Version: 3.4.24 - Michael Thummerer Software Design)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.0 - )
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Benutzerhandbuch - Grundlagen EPSON SX430 Series (HKLM\...\EPSON SX430 Series Bog) (Version:  - )
Benutzerhandbuch EPSON SX430 Series (HKLM\...\EPSON SX430 Series Useg) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
Cheapster for Firefox (HKLM\...\Cheapster_FF) (Version: 1.0.0.915 - Koyote-Lab inc) <==== ATTENTION
CLIQZ (HKLM\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 1.0.0 - CLIQZ.com)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.10 - Piriform)
DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 5.2.1 - DivXNetworks, Inc.)
Druckerdeinstallation für EPSON SX430 Series (HKLM\...\EPSON SX430 Series) (Version:  - SEIKO EPSON Corporation)
Epson Easy Photo Print 2 (HKLM\...\{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
ESET Smart Security (HKLM\...\{4939F84E-DC08-4CB5-AA6E-2D6E15CEA386}) (Version: 7.0.317.4 - ESET, spol s r. o.)
Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free Video Converter V 3.2 (HKLM\...\Free Video Converter_is1) (Version: 3.2.0.0 - Koyote Soft)
Freemake Video Converter Version 4.1.4 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
GOM Player (HKLM\...\GOM Player) (Version: 2.2.62.5207 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HashTab 4.0.0.2 (HKLM\...\HashTab) (Version: 4.0.0.2 - Implbits Software)
iLivid (HKU\S-1-5-21-1407664867-4041839907-3860151249-500\...\iLivid) (Version: 5.0.2.4762 - Bandoo Media Inc) <==== ATTENTION
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
K-Lite Mega Codec Pack 3.9.5 (HKLM\...\KLiteCodecPack_is1) (Version: 3.9.5 - )
LibreOffice 4.2.5.2 (HKLM\...\{8D8F47B2-0E03-4C50-9803-A01120878F96}) (Version: 4.2.5.2 - The Document Foundation)
Light Alloy 4.3 (HKLM\...\Light Alloy) (Version: 4.3 - Vortex Team Edition)
LightScribe System Software (HKLM\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Русский) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049) (Version: 4.5.50938 - Корпорация Майкрософт)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help Îáíîâëåíèå (KB963678) (HKLM\...\{90120000-0016-0419-0000-0000000FF1CE}_PRO_{420938DB-BF97-4664-BE29-0C68B4802C00}) (Version:  - Microsoft)
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook 2007 Help Îáíîâëåíèå (KB963677) (HKLM\...\{90120000-001A-0419-0000-0000000FF1CE}_PRO_{E9D6C0F9-9879-4FC4-8E13-BF0D3953E0E6}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help Îáíîâëåíèå (KB963669) (HKLM\...\{90120000-0018-0419-0000-0000000FF1CE}_PRO_{BD1C2AC7-63F3-4C75-8B44-DE3D700B3BC8}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help Îáíîâëåíèå (KB963665) (HKLM\...\{90120000-001B-0419-0000-0000000FF1CE}_PRO_{D3A002FB-0F62-4840-80AD-2D2C63F83449}) (Version:  - Microsoft)
Microsoft Office Профессиональный 2007 (HKLM\...\PRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False (HKLM\...\{DCB46B42-723F-350E-B18A-449BC6C21636}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False (HKLM\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 False (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.30319 False (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.1 (x86 de) (HKLM\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
Nero 8 Micro (HKLM\...\Nero8Lite_is1) (Version: 8.3.20.0 - UpdatePack.nl)
NetObjects Fusion 12.0 (HKLM\...\{0591F8BC-A889-4155-B8EC-BA6F77FD1E34}) (Version: 12 German - NetObjects)
NetObjects Fusion 12.0 (Version: 12.00.5000.5222 - NetObjects) Hidden
Netzwerkhandbuch EPSON SX430 Series (HKLM\...\EPSON SX430 Series Netg) (Version:  - )
NVIDIA Графический драйвер 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Драйвер 3D Vision 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 26.0.1656.24 (HKLM\...\Opera 26.0.1656.24) (Version: 26.0.1656.24 - Opera Software ASA)
Opera Stable 28.0.1750.51 (HKLM\...\Opera 28.0.1750.51) (Version: 28.0.1750.51 - Opera Software ASA)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
PDF Editor 2 (HKLM\...\PDF Editor 2) (Version:  - )
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SpyHunter 4 (HKLM\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)
Spyware Terminator 2012 (HKLM\...\{56736259-613E-4A3B-B428-6235F2E76F44}_is1) (Version: 3.0.0.82 - Crawler.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Total Commander (HKLM\...\Total Commander) (Version:  - )
Ulead PhotoImpact 12 (HKLM\...\{11AFE21E-B193-430D-B57A-DFF7815BB962}) (Version: 12.0 - Ulead System)
Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.601  - Nullsoft, Inc)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinHTTrack Website Copier 3.48-18 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.18 - HTTrack)
WinRAR 5.11 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
XnView 1.93.6 (HKLM\...\XnView_is1) (Version:  - X-Powered-By™ XTreme)
XviD MPEG-4 Codec (HKLM\...\XviD) (Version:  - )
Обновления NVIDIA 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Пакет значков W7Elegant Neon v1.3 (HKLM\...\W7Patcher_W7Elegant_Neon_Icons) (Version: v1.3 - perelom999)
Пакет оформления W7Elegant Black Pearl v5.5 Final (HKLM\...\W7Patcher_W7Elegant_BP) (Version: v5.5 Final - Jekson07)
Панель управления NVIDIA 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1407664867-4041839907-3860151249-500_Classes\CLSID\{ACB15908-A696-9AC7-D423-90FD8E7324EF}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)

==================== Restore Points  =========================

01-04-2015 16:47:15 Запланированная контрольная точка
04-04-2015 16:13:55 Центр обновления Windows
12-04-2015 19:41:39 Запланированная контрольная точка
16-04-2015 00:10:21 Центр обновления Windows

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2014-07-01 14:35 - 00001919 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 Nero 2015 Platinum: Established quality - now even better > Download > Buy > Upgrade
127.0.0.1 Nero 2015 Platinum: Established quality - now even better > Download > Buy > Upgrade
127.0.0.1 Official Nero Software Support | Customer Service and Technical Support
127.0.0.1 Nero 2015 Platinum: Established quality - now even better > Download > Buy > Upgrade
127.0.0.1 Nero Upgrade Center - Nero Multimedia Software
127.0.0.1 Nero Volume Licensing
127.0.0.1 Official Nero Software Support | Customer Service and Technical Support
127.0.0.1 Nero Upgrade Center - Nero Multimedia Software
127.0.0.1 Nero 2015 Platinum: Established quality - now even better > Download > Buy > Upgrade
127.0.0.1 Nero 2015 Platinum: Established quality - now even better > Download > Buy > Upgrade
127.0.0.1 Nero 2015 Platinum: Established quality - now even better > Download > Buy > Upgrade
127.0.0.1 Nero 2015 Platinum: Established quality - now even better > Download > Buy > Upgrade
127.0.0.1 my.nero.com
127.0.0.1 secure.nero.com/us/secure.asp
127.0.0.1 activation@nero.com
127.0.0.1 registernero.com
127.0.0.1 www.registernero.com
127.0.0.1 nero.com
127.0.0.1 Privacy Statement.
127.0.0.1 legal@nero.com
127.0.0.1 support.nero.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {16934E9B-A2BE-43AF-9C6E-BDDBC358BC91} - System32\Tasks\{F7C93163-A676-4017-9185-8745F9ECE61B} => Firefox.exe Skype für den Desktop herunterladen
Task: {1CDD89A1-D7CD-4FD8-B0E7-D48C6DF19F62} - System32\Tasks\{3E0EA050-6C53-410A-9030-2EF616C6DEED} => Firefox.exe Skype für den Desktop herunterladen
Task: {2341828C-E4A1-471A-A99C-9EF60F39029F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)
Task: {24339F46-1566-42B6-A723-08231AE9B622} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {2F140487-CBAE-44DD-9335-94403B410C6C} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {2F1415D3-98B1-43EB-9ED9-D54EE9A1665F} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {58EFA241-0FF1-4146-A9A4-F99ED7C45ADF} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1407664867-4041839907-3860151249-500
Task: {5F677C85-912C-4B8D-A295-28369D82F3BE} - System32\Tasks\Opera scheduled Autoupdate 1404052809 => C:\Program Files\Opera\launcher.exe [2015-04-07] (Opera Software)
Task: {66A74BF8-A749-4DCD-A464-5268E2E5E73A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-01] (Google Inc.)
Task: {69558859-58CF-480E-9D97-D14CF30C31C4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-27] (AVAST Software)
Task: {7720DE73-38B7-49DA-82DA-0F8C1013AD10} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {A513E10D-2B96-43EE-8509-B9E7F66ABDE1} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {C18C0F40-64A4-41EB-842A-3E5532AB30DA} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-04-17] (Enigma Software Group USA, LLC.)
Task: {D046A4E5-A3CA-443E-B556-7223CDA931AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-01] (Google Inc.)
Task: {E79090C7-7AC3-4DE9-85D8-EF9350290FA6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-08-18 23:34 - 2013-01-18 16:20 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-04-19 11:51 - 2015-04-19 11:51 - 02926080 _____ () C:\Program Files\AVAST Software\Avast\defs\15041900\algo.dll
2014-07-21 19:51 - 2004-07-26 17:11 - 00028672 ____N () C:\Program Files\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
2015-03-14 00:29 - 2015-03-14 00:29 - 38714440 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-13 17:29 - 2014-09-11 17:06 - 00878592 _____ () C:\Users\Admin\AppData\Local\iLivid\platforms\qwindows.dll
2015-01-13 17:29 - 2014-09-11 17:05 - 00021504 _____ () C:\Users\Admin\AppData\Local\iLivid\imageformats\qico.dll
2015-01-13 17:29 - 2014-09-11 17:05 - 00021504 _____ () C:\Users\Admin\AppData\Local\iLivid\imageformats\qgif.dll
2015-01-13 17:29 - 2014-09-11 17:05 - 00204800 _____ () C:\Users\Admin\AppData\Local\iLivid\imageformats\qjpeg.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Admin\Documents\IKK Mail 18.03.10.eml:OECustomProperty
AlternateDataStreams: C:\Users\Admin\Documents\Schaden Nr. 94 10 88 01690 3.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1407664867-4041839907-3860151249-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1407664867-4041839907-3860151249-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Bonus.SSR.FR11 => "C:\Program Files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: EEventManager => "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== Accounts: =============================

Admin (S-1-5-21-1407664867-4041839907-3860151249-500 - Administrator - Enabled) => C:\Users\Admin
UpdatusUser (S-1-5-21-1407664867-4041839907-3860151249-1002 - Limited - Enabled) => C:\Users\UpdatusUser
Гость (S-1-5-21-1407664867-4041839907-3860151249-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/19/2015 00:08:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2015 09:38:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2015 06:11:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2015 09:54:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2015 09:51:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/17/2015 09:07:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/16/2015 08:43:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/16/2015 08:26:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/15/2015 10:21:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2015 02:49:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/19/2015 00:06:49 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎19.‎04.‎2015 um 11:49:02 unerwartet heruntergefahren.

Error: (04/18/2015 10:48:08 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (04/17/2015 06:14:25 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (04/16/2015 02:14:37 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (04/15/2015 02:18:32 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (04/14/2015 09:38:29 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (04/13/2015 08:41:26 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht.

Error: (04/13/2015 08:35:12 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (04/12/2015 09:16:15 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (04/12/2015 01:41:45 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+
Percentage of memory in use: 56%
Total physical RAM: 2046.55 MB
Available physical RAM: 896.99 MB
Total Pagefile: 4093.11 MB
Available Pagefile: 2307.6 MB
Total Virtual: 2047.88 MB
Available Virtual: 1890.37 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:134.61 GB) NTFS
Drive d: () (Fixed) (Total:270.45 GB) (Free:79.89 GB) NTFS
Drive f: (OneTouch4) (Fixed) (Total:465.76 GB) (Free:195.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 874CEE42)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: FEA14800)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

--- --- ---
Alt 19.04.2015, 12:00   #5
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Hab versucht SkyHunter4 mit SkyHunter Killer zu löschen, aber alles hängt sich auf - Standard

Hab versucht SkyHunter4 mit SkyHunter Killer zu löschen, aber alles hängt sich auf


OK...

__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 19.04.2015, 12:06   #6
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Hab versucht SkyHunter4 mit SkyHunter Killer zu löschen, aber alles hängt sich auf - Standard

Hab versucht SkyHunter4 mit SkyHunter Killer zu löschen, aber alles hängt sich auf


Code:
ATTFilter
Platform: Microsoft Windows 7 Максимальная Powered © by XTreme.ws™ Service Pack 1 (X86) OS Language: Russisch (Russische Föderation)
???
__________________
--> Hab versucht SkyHunter4 mit SkyHunter Killer zu löschen, aber alles hängt sich auf

Alt 19.04.2015, 12:16   #7
skaltas
 
Hab versucht SkyHunter4 mit SkyHunter Killer zu löschen, aber alles hängt sich auf - Standard

Hab versucht SkyHunter4 mit SkyHunter Killer zu löschen, aber alles hängt sich auf


FRST Logfile:

FRST Logfile:
[CODE]Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-04-2015
Ran by Admin (administrator) on XTREME-4GMTJ68T on 19-04-2015 12:56:25
Running from C:\Users\Admin\Desktop
Loaded Profiles: UpdatusUser & Admin (Available profiles: UpdatusUser & Admin)
Platform: Microsoft Windows 7 Максимальная Powered © by XTreme.ws™ Service Pack 1 (X86) OS Language: Russisch (Russische Föderation)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Crawler.com) C:\Program Files\Spyware Terminator\st_rsser.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Crawler.com) C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
(Crawler.com) C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHAE.EXE
(Bandoo Media Inc.) C:\Users\Admin\AppData\Local\iLivid\iLivid.exe
(Koyote-Lab inc) C:\Program Files\Cheapster\msilnk.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5075104 2014-02-24] (ESET)
HKLM\...\Run: [Ulead AutoDetector v2] => C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2004-11-26] (Ulead Systems, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-30] (AVAST Software)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-04-03] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1407664867-4041839907-3860151249-1002\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1407664867-4041839907-3860151249-500\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHAE.EXE [249440 2014-08-11] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1407664867-4041839907-3860151249-500\...\Run: [iLivid] => C:\Users\Admin\AppData\Local\iLivid\iLivid.exe [8146632 2014-12-15] (Bandoo Media Inc.)
HKU\S-1-5-21-1407664867-4041839907-3860151249-500\...\Run: [Cheapster] => C:\Program Files\Cheapster\msilnk.exe [288768 2014-12-30] (Koyote-Lab inc)
HKU\S-1-5-21-1407664867-4041839907-3860151249-500\...\Policies\Explorer: [HideSCAHealth] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKU\S-1-5-21-1407664867-4041839907-3860151249-1002\Software\Microsoft\Internet Explorer\Main,Start Page = Íîâûå áåñïëàòíûå ïðîãðàììû äëÿ Windows 7, 8 è XP íà ðóññêîì ÿçûêå.
SearchScopes: HKU\S-1-5-21-1407664867-4041839907-3860151249-1002 -> DefaultScope {A834C867-5B83-4535-9B04-DF182E0BBD0F} URL = hxxp://www.google.ru/search?hl=ru&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1407664867-4041839907-3860151249-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1407664867-4041839907-3860151249-1002 -> {0D2A7A60-29A4-4856-B4CA-32208604BF05} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&ie8=1
SearchScopes: HKU\S-1-5-21-1407664867-4041839907-3860151249-1002 -> {7FB19D89-12F4-41D4-83A0-393D93AFCE10} URL = hxxp://yandex.ru/yandsearch?text={searchTerms}&from=os
SearchScopes: HKU\S-1-5-21-1407664867-4041839907-3860151249-1002 -> {A834C867-5B83-4535-9B04-DF182E0BBD0F} URL = hxxp://www.google.ru/search?hl=ru&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1407664867-4041839907-3860151249-500 -> DefaultScope {A834C867-5B83-4535-9B04-DF182E0BBD0F} URL = hxxp://www.google.ru/search?hl=ru&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1407664867-4041839907-3860151249-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1407664867-4041839907-3860151249-500 -> {0D2A7A60-29A4-4856-B4CA-32208604BF05} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&ie8=1
SearchScopes: HKU\S-1-5-21-1407664867-4041839907-3860151249-500 -> {7FB19D89-12F4-41D4-83A0-393D93AFCE10} URL = hxxp://yandex.ru/yandsearch?text={searchTerms}&from=os
SearchScopes: HKU\S-1-5-21-1407664867-4041839907-3860151249-500 -> {A834C867-5B83-4535-9B04-DF182E0BBD0F} URL = hxxp://www.google.ru/search?hl=ru&q={searchTerms}
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-27] (AVAST Software)
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: No Name -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKLM - No Name - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pki1pxk.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-13] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2852 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-06-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-06-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-06-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-06-03] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pki1pxk.default\searchplugins\google-images.xml [2015-04-19]
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pki1pxk.default\searchplugins\google-maps.xml [2015-04-19]
FF Extension: Segurança do navegador Avira - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pki1pxk.default\Extensions\abs@avira.com [2014-11-19]
FF Extension: Cliqz Beta - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pki1pxk.default\Extensions\cliqz@cliqz.com [2015-04-19]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-03]
FF HKLM\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-07-01]
FF HKU\S-1-5-21-1407664867-4041839907-3860151249-500\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pki1pxk.default\extensions\cliqz@cliqz.com

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google :inputType}{google:cursorPosition}{google:currentPageUrl}{googleageClassification}{google:searchVersion}{google:sessionToken}{googlerefetchQuery}s ugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-01]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-01]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-01]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-01]
CHR Extension: (Bookmark Manager) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-01]
CHR Extension: (Bitdefender QuickScan) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-11-18]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-01]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-27]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-27] (AVAST Software)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1343408 2014-02-24] (ESET)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [771456 2015-04-17] (Enigma Software Group USA, LLC.)
R2 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [587912 2013-04-03] (Crawler.com)
R2 SysMain; C:\Windows\system32\sysmain.dll [1167872 2012-07-13] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2009-07-14] (Microsoft Corporation) [File not signed]
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [35840 2012-07-13] (Microsoft Corporation) [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-27] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-27] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-27] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-27] ()
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [188808 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [174400 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [37416 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [49240 2013-09-17] (ESET)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [16432 2015-04-17] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-04-17] ()
R0 oem-drv86; C:\Windows\System32\DRIVERS\oem-drv86.sys [28160 2015-04-19] (secr9tos) [File not signed]
R1 sp_rsdrv2; C:\Windows\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] () [File not signed]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-19 12:56 - 2015-04-19 12:56 - 00017631 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-04-19 12:56 - 2015-04-19 12:56 - 00000000 ____D () C:\FRST
2015-04-19 12:53 - 2015-04-19 12:53 - 01137664 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2015-04-19 12:46 - 2015-04-19 12:46 - 02098176 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2015-04-19 11:48 - 2015-04-19 11:48 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Cliqz
2015-04-19 11:48 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2015-04-19 11:48 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll
2015-04-19 11:47 - 2015-04-19 11:51 - 02585251 _____ () C:\Users\Admin\Downloads\geek_1.3.3.45.zip
2015-04-19 11:46 - 2015-04-19 11:46 - 01203488 _____ () C:\Users\Admin\Downloads\GeekUninstaller - CHIP-Installer.exe
2015-04-17 20:30 - 2015-04-17 20:33 - 00007040 _____ () C:\Users\Admin\Desktop\Rkill.txt
2015-04-17 19:41 - 2015-04-17 19:41 - 00001240 _____ () C:\Users\Admin\Desktop\SpyHunter.lnk
2015-04-17 19:41 - 2015-04-17 19:41 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Enigma Software Group
2015-04-17 19:41 - 2015-04-17 19:41 - 00000000 ____D () C:\sh4ldr
2015-04-17 19:37 - 2015-04-17 19:37 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-04-17 19:36 - 2015-04-17 19:36 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-04-16 08:24 - 2015-04-16 08:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 08:24 - 2015-04-16 08:24 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 00:13 - 2015-04-16 00:13 - 00000000 ___RD () C:\Program Files\Skype
2015-04-16 00:13 - 2015-04-16 00:13 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-04-15 10:44 - 2015-03-23 05:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 10:44 - 2015-03-23 05:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 10:44 - 2015-03-23 05:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 10:44 - 2015-03-23 05:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 10:44 - 2015-03-23 05:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 10:44 - 2015-03-23 05:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 10:44 - 2015-03-23 05:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 10:44 - 2015-03-23 04:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 10:44 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-15 10:44 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 10:44 - 2015-03-17 07:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 10:44 - 2015-03-17 07:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 10:44 - 2015-03-17 06:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 10:44 - 2015-03-17 06:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 10:44 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 10:44 - 2015-03-17 06:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 10:44 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 10:44 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 10:44 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 10:44 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 10:44 - 2015-03-17 06:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 10:44 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 10:44 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 10:44 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 10:44 - 2015-03-17 06:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 10:44 - 2015-03-17 06:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 10:44 - 2015-03-17 06:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 10:44 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 10:44 - 2015-03-17 06:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 10:44 - 2015-03-17 06:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 10:44 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 10:44 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 10:44 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 10:44 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 10:44 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 10:44 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 10:44 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 10:44 - 2015-01-28 01:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-04-15 10:43 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 10:42 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 10:42 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 10:42 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 10:42 - 2015-03-13 05:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 10:42 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 10:42 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 10:42 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 10:42 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 10:42 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 10:42 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 10:42 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 10:42 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 10:42 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 10:42 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 10:42 - 2015-03-13 05:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 10:42 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 10:42 - 2015-03-13 05:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 10:42 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 10:42 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 10:42 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 10:42 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 10:42 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 10:42 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 10:42 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 10:42 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 10:42 - 2015-03-13 04:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 10:42 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 10:42 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 10:42 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 10:42 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 10:42 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 10:41 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 10:41 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 10:41 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 10:41 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 10:41 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 10:40 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 10:40 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 10:40 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 10:40 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 10:40 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 10:40 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 10:40 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 10:40 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 10:40 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-04 16:14 - 2015-04-04 16:14 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-03 23:19 - 2015-04-03 23:19 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-03 12:09 - 2015-04-03 12:10 - 00000000 ____D () C:\GEZ
2015-04-03 11:29 - 2015-04-04 09:55 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-03-30 12:24 - 2015-04-19 12:02 - 00000000 ____D () C:\VPS Scanner
2015-03-24 01:17 - 2015-03-28 18:16 - 00000000 ____D () C:\Ford Mondeo
2015-03-21 22:23 - 2015-04-03 23:31 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-19 12:52 - 2009-07-14 06:34 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-19 12:52 - 2009-07-14 06:34 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-19 12:26 - 2014-07-01 14:04 - 00000958 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-19 12:21 - 2012-07-13 23:23 - 00000896 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-19 12:12 - 2014-06-29 16:40 - 00000000 ____D () C:\Program Files\Opera
2015-04-19 12:10 - 2014-06-28 13:35 - 01206259 _____ () C:\Windows\WindowsUpdate.log
2015-04-19 12:07 - 2014-07-01 14:04 - 00000954 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-19 12:07 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-19 12:06 - 2014-11-18 14:41 - 00011032 _____ () C:\Windows\setupact.log
2015-04-19 12:06 - 2014-08-18 23:34 - 00000000 ____D () C:\Users\Все пользователи\NVIDIA
2015-04-19 12:06 - 2014-06-28 14:31 - 00028160 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv86.sys
2015-04-19 11:42 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-18 22:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2015-04-18 14:38 - 2014-08-20 16:27 - 00000000 ____D () C:\Ira
2015-04-17 19:41 - 2014-06-28 13:39 - 00000000 ____D () C:\Users\Admin
2015-04-17 18:41 - 2014-11-18 15:16 - 00000000 ____D () C:\Users\Все пользователи\Spyware Terminator
2015-04-17 12:55 - 2014-06-30 20:20 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2015-04-16 12:16 - 2014-07-22 11:37 - 00000000 ____D () C:\Projekt AP&S Group
2015-04-16 11:54 - 2014-06-28 13:38 - 00000000 ____D () C:\Windows\rescache
2015-04-16 09:30 - 2014-07-01 14:05 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-16 08:39 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-16 08:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\ru-RU
2015-04-16 08:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-04-16 00:17 - 2014-06-29 14:45 - 00000000 ____D () C:\Users\Все пользователи\Microsoft Help
2015-04-16 00:16 - 2011-04-12 00:46 - 00719098 _____ () C:\Windows\system32\perfh019.dat
2015-04-16 00:16 - 2011-04-12 00:46 - 00151344 _____ () C:\Windows\system32\perfc019.dat
2015-04-16 00:16 - 2010-11-20 23:01 - 02451100 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-16 00:13 - 2014-06-30 00:12 - 00002687 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-16 00:13 - 2014-06-30 00:12 - 00000000 ____D () C:\Users\Все пользователи\Skype
2015-04-15 11:22 - 2012-07-13 23:23 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 11:22 - 2012-07-13 23:23 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-10 15:54 - 2014-09-03 11:51 - 00000000 ____D () C:\Ebay
2015-04-10 15:03 - 2014-06-30 00:13 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2015-04-09 14:33 - 2014-07-25 16:21 - 00000030 _____ () C:\Windows\Iedit_.INI
2015-04-05 18:56 - 2015-01-24 14:51 - 00012473 _____ () C:\Users\Admin\Documents\Rückstand Miete Fettah 2014.odt
2015-04-04 18:12 - 2014-06-29 16:39 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-04 09:20 - 2014-11-27 16:11 - 00003900 _____ () C:\Windows\PFRO.log
2015-03-24 01:07 - 2014-08-13 18:26 - 00000000 ____D () C:\Bilder

==================== Files in the root of some directories =======

2014-08-14 11:34 - 2014-08-14 11:36 - 17292760 _____ (Malwarebytes Corporation ) C:\Program Files\mbam-setup-2.0.2.1012.exe
2014-08-14 22:52 - 2014-11-10 13:02 - 0003584 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
C:\Users\Администратор\javafx-windows-i586__Vlatest.exe


Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe
[2010-11-20 23:29] - [2010-11-20 23:29] - 0026624 ____A (Microsoft Corporation) 9FCF19DFE8E2D11B0D0855A389D4DBE6

C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-04-2015
Ran by Admin at 2015-04-19 12:57:16
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 7.0 (Enabled - Out of date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: ESET Smart Security 7.0 (Enabled - Out of date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Disabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 3.1.3 - )
7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
ABBYY FineReader 11 (HKLM\...\{F11000FE-0010-0000-0000-074957833700}) (Version: 11.11.194 - ABBYY Production LLC)
ABBYY FineReader 9.0 Sprint (HKLM\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.6 (HKLM\...\{213D5223-CD40-4B7B-B292-6D5242AE5039}) (Version: 5.6.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AeroFly Professional Deluxe (HKLM\...\{8B3E5A90-1F6E-4FAF-B84F-C306C8A80809}) (Version: 1.8.0.17 - )
AllDup 3.4.24 (HKLM\...\AllDup_is1) (Version: 3.4.24 - Michael Thummerer Software Design)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.0 - )
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Benutzerhandbuch - Grundlagen EPSON SX430 Series (HKLM\...\EPSON SX430 Series Bog) (Version:  - )
Benutzerhandbuch EPSON SX430 Series (HKLM\...\EPSON SX430 Series Useg) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
Cheapster for Firefox (HKLM\...\Cheapster_FF) (Version: 1.0.0.915 - Koyote-Lab inc) <==== ATTENTION
CLIQZ (HKLM\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 1.0.0 - CLIQZ.com)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.10 - Piriform)
DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 5.2.1 - DivXNetworks, Inc.)
Druckerdeinstallation für EPSON SX430 Series (HKLM\...\EPSON SX430 Series) (Version:  - SEIKO EPSON Corporation)
Epson Easy Photo Print 2 (HKLM\...\{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
ESET Smart Security (HKLM\...\{4939F84E-DC08-4CB5-AA6E-2D6E15CEA386}) (Version: 7.0.317.4 - ESET, spol s r. o.)
Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free Video Converter V 3.2 (HKLM\...\Free Video Converter_is1) (Version: 3.2.0.0 - Koyote Soft)
Freemake Video Converter Version 4.1.4 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
GOM Player (HKLM\...\GOM Player) (Version: 2.2.62.5207 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HashTab 4.0.0.2 (HKLM\...\HashTab) (Version: 4.0.0.2 - Implbits Software)
iLivid (HKU\S-1-5-21-1407664867-4041839907-3860151249-500\...\iLivid) (Version: 5.0.2.4762 - Bandoo Media Inc) <==== ATTENTION
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
K-Lite Mega Codec Pack 3.9.5 (HKLM\...\KLiteCodecPack_is1) (Version: 3.9.5 - )
LibreOffice 4.2.5.2 (HKLM\...\{8D8F47B2-0E03-4C50-9803-A01120878F96}) (Version: 4.2.5.2 - The Document Foundation)
Light Alloy 4.3 (HKLM\...\Light Alloy) (Version: 4.3 - Vortex Team Edition)
LightScribe System Software (HKLM\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Русский) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049) (Version: 4.5.50938 - Корпорация Майкрософт)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help Îáíîâëåíèå (KB963678) (HKLM\...\{90120000-0016-0419-0000-0000000FF1CE}_PRO_{420938DB-BF97-4664-BE29-0C68B4802C00}) (Version:  - Microsoft)
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook 2007 Help Îáíîâëåíèå (KB963677) (HKLM\...\{90120000-001A-0419-0000-0000000FF1CE}_PRO_{E9D6C0F9-9879-4FC4-8E13-BF0D3953E0E6}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help Îáíîâëåíèå (KB963669) (HKLM\...\{90120000-0018-0419-0000-0000000FF1CE}_PRO_{BD1C2AC7-63F3-4C75-8B44-DE3D700B3BC8}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help Îáíîâëåíèå (KB963665) (HKLM\...\{90120000-001B-0419-0000-0000000FF1CE}_PRO_{D3A002FB-0F62-4840-80AD-2D2C63F83449}) (Version:  - Microsoft)
Microsoft Office Профессиональный 2007 (HKLM\...\PRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False (HKLM\...\{DCB46B42-723F-350E-B18A-449BC6C21636}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False (HKLM\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 False (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.30319 False (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.1 (x86 de) (HKLM\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
Nero 8 Micro (HKLM\...\Nero8Lite_is1) (Version: 8.3.20.0 - UpdatePack.nl)
NetObjects Fusion 12.0 (HKLM\...\{0591F8BC-A889-4155-B8EC-BA6F77FD1E34}) (Version: 12 German - NetObjects)
NetObjects Fusion 12.0 (Version: 12.00.5000.5222 - NetObjects) Hidden
Netzwerkhandbuch EPSON SX430 Series (HKLM\...\EPSON SX430 Series Netg) (Version:  - )
NVIDIA Графический драйвер 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Драйвер 3D Vision 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 26.0.1656.24 (HKLM\...\Opera 26.0.1656.24) (Version: 26.0.1656.24 - Opera Software ASA)
Opera Stable 28.0.1750.51 (HKLM\...\Opera 28.0.1750.51) (Version: 28.0.1750.51 - Opera Software ASA)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
PDF Editor 2 (HKLM\...\PDF Editor 2) (Version:  - )
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SpyHunter 4 (HKLM\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)
Spyware Terminator 2012 (HKLM\...\{56736259-613E-4A3B-B428-6235F2E76F44}_is1) (Version: 3.0.0.82 - Crawler.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Total Commander (HKLM\...\Total Commander) (Version:  - )
Ulead PhotoImpact 12 (HKLM\...\{11AFE21E-B193-430D-B57A-DFF7815BB962}) (Version: 12.0 - Ulead System)
Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.601  - Nullsoft, Inc)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinHTTrack Website Copier 3.48-18 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.18 - HTTrack)
WinRAR 5.11 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
XnView 1.93.6 (HKLM\...\XnView_is1) (Version:  - X-Powered-By™ XTreme)
XviD MPEG-4 Codec (HKLM\...\XviD) (Version:  - )
Обновления NVIDIA 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Пакет значков W7Elegant Neon v1.3 (HKLM\...\W7Patcher_W7Elegant_Neon_Icons) (Version: v1.3 - perelom999)
Пакет оформления W7Elegant Black Pearl v5.5 Final (HKLM\...\W7Patcher_W7Elegant_BP) (Version: v5.5 Final - Jekson07)
Панель управления NVIDIA 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1407664867-4041839907-3860151249-500_Classes\CLSID\{ACB15908-A696-9AC7-D423-90FD8E7324EF}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)

==================== Restore Points  =========================

01-04-2015 16:47:15 Запланированная контрольная точка
04-04-2015 16:13:55 Центр обновления Windows
12-04-2015 19:41:39 Запланированная контрольная точка
16-04-2015 00:10:21 Центр обновления Windows

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2014-07-01 14:35 - 00001919 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 Nero 2015 Platinum: Established quality - now even better > Download > Buy > Upgrade
127.0.0.1 Nero 2015 Platinum: Established quality - now even better > Download > Buy > Upgrade
127.0.0.1 Official Nero Software Support | Customer Service and Technical Support
127.0.0.1 Nero 2015 Platinum: Established quality - now even better > Download > Buy > Upgrade
127.0.0.1 Nero Upgrade Center - Nero Multimedia Software
127.0.0.1 Nero Volume Licensing
127.0.0.1 Official Nero Software Support | Customer Service and Technical Support
127.0.0.1 Nero Upgrade Center - Nero Multimedia Software
127.0.0.1 Nero 2015 Platinum: Established quality - now even better > Download > Buy > Upgrade
127.0.0.1 Nero 2015 Platinum: Established quality - now even better > Download > Buy > Upgrade
127.0.0.1 Nero 2015 Platinum: Established quality - now even better > Download > Buy > Upgrade
127.0.0.1 Nero 2015 Platinum: Established quality - now even better > Download > Buy > Upgrade
127.0.0.1 my.nero.com
127.0.0.1 secure.nero.com/us/secure.asp
127.0.0.1 activation@nero.com
127.0.0.1 registernero.com
127.0.0.1 www.registernero.com
127.0.0.1 nero.com
127.0.0.1 Privacy Statement.
127.0.0.1 legal@nero.com
127.0.0.1 support.nero.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {16934E9B-A2BE-43AF-9C6E-BDDBC358BC91} - System32\Tasks\{F7C93163-A676-4017-9185-8745F9ECE61B} => Firefox.exe Skype für den Desktop herunterladen
Task: {1CDD89A1-D7CD-4FD8-B0E7-D48C6DF19F62} - System32\Tasks\{3E0EA050-6C53-410A-9030-2EF616C6DEED} => Firefox.exe Skype für den Desktop herunterladen
Task: {2341828C-E4A1-471A-A99C-9EF60F39029F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)
Task: {24339F46-1566-42B6-A723-08231AE9B622} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {2F140487-CBAE-44DD-9335-94403B410C6C} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {2F1415D3-98B1-43EB-9ED9-D54EE9A1665F} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {58EFA241-0FF1-4146-A9A4-F99ED7C45ADF} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1407664867-4041839907-3860151249-500
Task: {5F677C85-912C-4B8D-A295-28369D82F3BE} - System32\Tasks\Opera scheduled Autoupdate 1404052809 => C:\Program Files\Opera\launcher.exe [2015-04-07] (Opera Software)
Task: {66A74BF8-A749-4DCD-A464-5268E2E5E73A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-01] (Google Inc.)
Task: {69558859-58CF-480E-9D97-D14CF30C31C4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-27] (AVAST Software)
Task: {7720DE73-38B7-49DA-82DA-0F8C1013AD10} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {A513E10D-2B96-43EE-8509-B9E7F66ABDE1} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {C18C0F40-64A4-41EB-842A-3E5532AB30DA} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-04-17] (Enigma Software Group USA, LLC.)
Task: {D046A4E5-A3CA-443E-B556-7223CDA931AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-01] (Google Inc.)
Task: {E79090C7-7AC3-4DE9-85D8-EF9350290FA6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-08-18 23:34 - 2013-01-18 16:20 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-04-19 11:51 - 2015-04-19 11:51 - 02926080 _____ () C:\Program Files\AVAST Software\Avast\defs\15041900\algo.dll
2014-07-21 19:51 - 2004-07-26 17:11 - 00028672 ____N () C:\Program Files\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
2015-03-14 00:29 - 2015-03-14 00:29 - 38714440 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-13 17:29 - 2014-09-11 17:06 - 00878592 _____ () C:\Users\Admin\AppData\Local\iLivid\platforms\qwindows.dll
2015-01-13 17:29 - 2014-09-11 17:05 - 00021504 _____ () C:\Users\Admin\AppData\Local\iLivid\imageformats\qico.dll
2015-01-13 17:29 - 2014-09-11 17:05 - 00021504 _____ () C:\Users\Admin\AppData\Local\iLivid\imageformats\qgif.dll
2015-01-13 17:29 - 2014-09-11 17:05 - 00204800 _____ () C:\Users\Admin\AppData\Local\iLivid\imageformats\qjpeg.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Admin\Documents\IKK Mail 18.03.10.eml:OECustomProperty
AlternateDataStreams: C:\Users\Admin\Documents\Schaden Nr. 94 10 88 01690 3.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1407664867-4041839907-3860151249-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1407664867-4041839907-3860151249-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Bonus.SSR.FR11 => "C:\Program Files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: EEventManager => "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== Accounts: =============================

Admin (S-1-5-21-1407664867-4041839907-3860151249-500 - Administrator - Enabled) => C:\Users\Admin
UpdatusUser (S-1-5-21-1407664867-4041839907-3860151249-1002 - Limited - Enabled) => C:\Users\UpdatusUser
Гость (S-1-5-21-1407664867-4041839907-3860151249-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/19/2015 00:08:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2015 09:38:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2015 06:11:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2015 09:54:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2015 09:51:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/17/2015 09:07:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/16/2015 08:43:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/16/2015 08:26:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/15/2015 10:21:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2015 02:49:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/19/2015 00:06:49 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎19.‎04.‎2015 um 11:49:02 unerwartet heruntergefahren.

Error: (04/18/2015 10:48:08 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (04/17/2015 06:14:25 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (04/16/2015 02:14:37 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (04/15/2015 02:18:32 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (04/14/2015 09:38:29 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (04/13/2015 08:41:26 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht.

Error: (04/13/2015 08:35:12 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (04/12/2015 09:16:15 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (04/12/2015 01:41:45 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+
Percentage of memory in use: 56%
Total physical RAM: 2046.55 MB
Available physical RAM: 896.99 MB
Total Pagefile: 4093.11 MB
Available Pagefile: 2307.6 MB
Total Virtual: 2047.88 MB
Available Virtual: 1890.37 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:134.61 GB) NTFS
Drive d: () (Fixed) (Total:270.45 GB) (Free:79.89 GB) NTFS
Drive f: (OneTouch4) (Fixed) (Total:465.76 GB) (Free:195.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 874CEE42)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: FEA14800)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


Jürgen ich komme hier mit der Reihenfolge der Beiträge noch nicht so klar
Mein PC war vor einiger Zeit komplett down.
Hatte ihn dann mitgenommen zu meinem Stiefsohn in die Ukraine, der hat mir das Windows 7 neu installiert, war aber wohl eine russische Version, deshalb sind einige Worte in russisch, konnte er nicht vermeiden trotz vieler Mühe das ganze in Deutsch zu installieren. Hoffe es geht trotzdem.

Alt 19.04.2015, 16:33   #8
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Hab versucht SkyHunter4 mit SkyHunter Killer zu löschen, aber alles hängt sich auf - Standard

Hab versucht SkyHunter4 mit SkyHunter Killer zu löschen, aber alles hängt sich auf


Also für mich sieht das so aus, als ob das keine legale Windows-Version ist, irre mich aber gerne.
http://www.trojaner-board.de/95393-c...-software.html

Daher auch nur eine grobe Anleitung zum Entfernen der Adware/Malware damit Du dann in Ruhe Daten sichern und ggf. Windows neu installieren kannst.

Schritt 1

Bitte deinstalliere folgende Programme:

Cheapster for Firefox
SpyHunter 4
Spyware Terminator 2012
iLivid
Avast Free Antivirus

Lade Dir bitte Revo Uninstallerhier herunter. Entpacke die zip-Datei auf den Desktop. Anleitung
  • Starte die Revouninstaller.exe
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den oben angegebenen Programmen und wähle sie einzeln aus.
    Klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

Danach würde ich Scans mit Malwarebytes und Deinem ESET machen.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Antwort

Themen zu Hab versucht SkyHunter4 mit SkyHunter Killer zu löschen, aber alles hängt sich auf
ander, chip, deinstalliere, eingefangen, gefangen, gen, hilft, hoffe, hängt, installier, killer, löschen, neuer, nichts, räusper, spyhunter, starte, startet, systems, systemsteuerung, versuch, versucht, windows, windows 7, wirklich


« Permanentes Ladezeichen an der Maus | Windows 8.1: Nur Verknüpfungen auf USB-Stick »


Ähnliche Themen: Hab versucht SkyHunter4 mit SkyHunter Killer zu löschen, aber alles hängt sich auf


  1. Laptop fährt hoch, CPU-Auslastung dauerhaft 100% und hängt sich dann auf; im abgesicherten Modus alles ok
    Log-Analyse und Auswertung - 20.07.2015 (31)
  2. Search Protect by Conduit - MBAM hängt sich bei Löschen der infizierten Dateien auf
    Log-Analyse und Auswertung - 03.02.2014 (15)
  3. Bildschirm friert ein aber Mauscursor bewegt sich, alles nach Inkassomail-Anhang
    Log-Analyse und Auswertung - 14.08.2013 (17)
  4. Mbam findet PUP.InstallBrain, PC hängt und Incredibar lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 09.01.2013 (10)
  5. javascriptfehler auf gmx via firefox -> hängt sich auf (aber nicht bei deaktiviertem adblockplus)
    Log-Analyse und Auswertung - 31.12.2012 (2)
  6. Suisa Virus eingefangen, avast lässt sich nicht mehr starten, alles versucht ausser euer Vorgehen
    Plagegeister aller Art und deren Bekämpfung - 02.09.2012 (3)
  7. USB-Stick kann nicht formatiert werden, alles hängt sich dann auf!
    Netzwerk und Hardware - 12.06.2012 (7)
  8. MBR-Rootkit? - Benutzung GMER = Rechner hängt sich auf - laut vielen anderen Scannern alles i.O.
    Log-Analyse und Auswertung - 29.02.2012 (2)
  9. Firefox/Internet Explorer, alles hängt sich auf!
    Log-Analyse und Auswertung - 13.03.2010 (1)
  10. [23 Infekte], aber Malwarebytes schließt sich beim Löschen.
    Plagegeister aller Art und deren Bekämpfung - 18.01.2010 (4)
  11. PC hängt sich auf bei Rechtsklick oder Löschen
    Log-Analyse und Auswertung - 12.04.2009 (0)
  12. Pc hängt sich auf beim Löschen von Dateien und bei Rechtsklick
    Log-Analyse und Auswertung - 10.04.2009 (0)
  13. GData hängt sich beim Scannen des Ordners $Recycle.Bin auf. Ordner löschen?
    Antiviren-, Firewall- und andere Schutzprogramme - 08.02.2009 (0)
  14. PC hängt sich auf, aber nur bei Internetverbindungen.
    Log-Analyse und Auswertung - 01.12.2007 (1)
  15. Alles probiert! Haxdoor & Co lassen sich nicht löschen!
    Log-Analyse und Auswertung - 23.12.2006 (1)
  16. ABOUT BLANK! alles versucht aber nicht hilft! Bitte helft mir!
    Log-Analyse und Auswertung - 19.12.2004 (1)
  17. Habe alles versucht ...
    Log-Analyse und Auswertung - 07.09.2004 (11)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Hab versucht SkyHunter4 mit SkyHunter Killer zu löschen, aber alles hängt sich auf - Hallo, Wieder ein neuer ohne viel Ahnung..ähmmm, räusper, hust. Habe Windows 7 Nachdem meine Frau sich den CTB locker eingefangen hat, habe ich mit meinem PC versucht etwas zu finden, - Hab versucht SkyHunter4 mit SkyHunter Killer zu löschen, aber alles hängt sich auf...
Archiv
Du betrachtest: Hab versucht SkyHunter4 mit SkyHunter Killer zu löschen, aber alles hängt sich auf auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54