Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe taking to much resources Windows 7 ultimate


  • This topic is locked This topic is locked
32 replies to this topic

#1 Shora

Shora

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 22 September 2016 - 05:16 PM

Hello Specialists

 

I am hoping to find some help here. Im running a Windows 7 Ultimate with a Comodo Firewall and Protection Suite. Still something seems to be wrong. Because my "working" PC crashed i had to fall back to this backup Computer which has not been worked on about 2 years. When i started the Computer everything seemed fine when i opened the browser the used resources (RAM and Processor usage) went through the Roof. After a short check i saw that there is a hijacked svchost.exe running on my Computer using about 1,5-2 GB of my ram and up to 50% of my processor resources. I looked in some Topics on this Forum. Several people had the same problem. I cheched what they did and tried to solve the problem on my own (always was able to handle such Problems on my own in the past with some advice found in forums). But this time im really stuck. I ran MalwareBytes Anti Malware, CombiFIX,  tdsskiller and ADWcleaner in the suggested Settings in other posts. The problem seems to be solved for several minutes but after i use a web browser or another Software which is connecting to the Internet it reapears; even with the Firewall on highest settings. So i add the suggested logs ad 2 pics showing the ram usage and the ram increase after using a web application. Maybe you can help me removing this crap or at last some advice for really safely getting my stored data from the harddiscs (some dat could be useful in the future)

 

Attached File  Addition.txt   25.56KB   3 downloads

Attached File  Process.jpg   171.53KB   0 downloads

Attached File  RAMUsage.jpg   212.8KB   0 downloads


Edited by Shora, 22 September 2016 - 05:20 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:58 AM

Posted 23 September 2016 - 07:48 PM

Greetings Shora and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Right click on the FRST icon and select Rename
  • Rename the icon frstenglish.exe or frst64english.exe depending on your operating system
  • Double click the icon
  • Click Yes to the disclaimer if presented
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Shora

Shora
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 24 September 2016 - 03:34 AM

Hello Gary

Thx for your help. You can call me Gerald.

So the FRST File is :
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-09-2016
Ran by Gerald (administrator) on HOME-HEIZUNG (24-09-2016 09:49:58)
Running from C:\Users\Gerald\Desktop
Loaded Profiles: Gerald (Available Profiles: Gerald)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Windows\SysWOW64\ANIWConnService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Wireless Service) C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\AirGCFG.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5181\Agent.exe
(Blizzard Entertainment) E:\Games\WOW\Battle.net\Battle.net.7963\Battle.net.exe
() E:\Games\WOW\Battle.net\Battle.net.7963\Battle.net Helper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() E:\Games\WOW\Battle.net\Battle.net.7963\Battle.net Helper.exe
(Blizzard Entertainment) E:\Games\WOW\World of Warcraft\Wow-64.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe
(Blizzard Entertainment) E:\Games\WOW\World of Warcraft\Utils\WowBrowserProxy.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Farbar) C:\Users\Gerald\Desktop\frst64english.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)
HKLM\...\Run: [CmPCIaudio] => C:\Windows\Syswow64\CMICNFG3.dll [8151040 2009-10-30] (C-Media Corporation)
HKLM-x32\...\Run: [ANIWZCS2Service] => C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe [98304 2009-08-21] (Wireless Service)
HKLM-x32\...\Run: [D-Link D-Link Wireless G DWL-G122_DWA-110] => C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\AirGCFG.exe [1708032 2009-09-18] (D-Link Corp.)
HKLM-x32\...\Run: [WZCSLDR2] => C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\WZCSLDR2.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{CF98C296-AAE4-4323-A139-17C927A600EA}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKU\S-1-5-21-3158051464-1702011754-1111135770-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> DefaultScope {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d
SearchScopes: HKLM-x32 -> {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d
SearchScopes: HKU\S-1-5-21-3158051464-1702011754-1111135770-1000 -> {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-09-22] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-09-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-09-22] (Microsoft Corporation)
BHO: PrivDog Extension -> {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} -> C:\Program Files\AdTrustMedia\PrivDog\2.2.0.14\trustedads.dll => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-02-21] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-09-22] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-02-21] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-09-22] (Microsoft Corporation)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-22] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-22] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-02-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-02-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-20] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-22] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ANIWConnService; C:\Windows\SysWOW64\ANIWConnService.exe [151552 2009-07-07] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3192560 2016-07-26] (Microsoft Corporation)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2095752 2013-06-20] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96256 2012-11-06] (Advanced Micro Devices) [File not signed]
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-16] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-04-16] (COMODO)
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2009-12-01] (C-Media Inc)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-02-19] (GFI Software)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-04-16] (COMODO)
R3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [987648 2009-08-05] (Ralink Technology Corp.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
S3 cpuz135; \??\C:\Users\Gerald\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
U3 DfSdkS; no ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-24 09:48 - 2016-09-24 09:47 - 02402816 _____ (Farbar) C:\Users\Gerald\Desktop\frst64english.exe
2016-09-24 09:47 - 2016-09-24 09:47 - 02402816 _____ (Farbar) C:\Users\Gerald\Downloads\frst64english.exe
2016-09-24 04:40 - 2016-09-24 04:40 - 00002770 _____ C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2016-09-22 23:54 - 2016-09-24 09:53 - 00011646 _____ C:\Users\Gerald\Desktop\FRST.txt
2016-09-22 23:51 - 2016-09-24 09:49 - 00000000 ____D C:\FRST
2016-09-22 23:39 - 2016-09-22 23:39 - 00000000 ___SD C:\ComboFix
2016-09-22 23:35 - 2016-09-22 23:39 - 00000000 ____D C:\Qoobox
2016-09-22 22:49 - 2016-09-22 22:52 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-22 22:49 - 2016-09-22 22:49 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-22 22:49 - 2016-09-22 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-22 22:49 - 2016-09-22 22:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-22 22:49 - 2016-09-22 22:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-22 22:49 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-09-22 22:49 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-22 22:49 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-09-22 22:25 - 2016-09-22 22:25 - 00003001 _____ C:\Users\Gerald\Desktop\JRT.txt
2016-09-22 21:54 - 2016-09-22 23:32 - 00000000 ____D C:\AdwCleaner
2016-09-22 21:54 - 2016-09-22 21:54 - 03861056 _____ C:\Users\Gerald\Downloads\adwcleaner_6.020.exe
2016-09-22 21:53 - 2016-09-22 21:53 - 01610560 _____ (Malwarebytes) C:\Users\Gerald\Downloads\JRT.exe
2016-09-22 21:29 - 2016-09-22 21:29 - 00448512 _____ (OldTimer Tools) C:\Users\Gerald\Downloads\TFC.exe
2016-09-22 21:26 - 2016-09-22 21:26 - 00852798 _____ C:\Users\Gerald\Downloads\SecurityCheck.exe
2016-09-22 20:54 - 2016-09-22 20:54 - 00000000 __SHD C:\Users\Gerald\AppData\LocalLow\EmieUserList
2016-09-22 20:53 - 2016-09-22 20:53 - 00000000 __SHD C:\Users\Gerald\AppData\Local\EmieUserList
2016-09-22 20:53 - 2016-09-22 20:53 - 00000000 __SHD C:\Users\Gerald\AppData\Local\EmieSiteList
2016-09-22 20:52 - 2016-09-22 20:54 - 00000000 __SHD C:\Users\Gerald\AppData\LocalLow\EmieSiteList
2016-09-22 20:45 - 2016-09-22 20:45 - 00000000 ____D C:\Windows\erdnt
2016-09-22 20:44 - 2016-09-22 23:39 - 00000000 ___SD C:\32788R22FWJFW
2016-09-22 20:37 - 2016-09-22 20:37 - 05659691 ____R (Swearware) C:\Users\Gerald\Desktop\ComboFix.exe
2016-09-22 20:35 - 2016-09-22 20:35 - 00602112 _____ (OldTimer Tools) C:\Users\Gerald\Downloads\OTL.exe
2016-09-22 20:31 - 2016-09-22 20:38 - 00201968 _____ C:\TDSSKiller.3.1.0.11_22.09.2016_20.31.51_log.txt
2016-09-22 20:26 - 2016-09-22 20:27 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Gerald\Downloads\tdsskiller.exe
2016-09-22 19:11 - 2016-09-22 20:06 - 00000424 _____ C:\Windows\Tasks\One-Click Optimizer WO12.job
2016-09-22 19:11 - 2016-09-22 19:11 - 00003258 _____ C:\Windows\System32\Tasks\One-Click Optimizer WO12
2016-09-22 19:10 - 2016-09-22 19:10 - 00001492 _____ C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO2016).lnk
2016-09-22 19:10 - 2016-09-22 19:10 - 00001256 _____ C:\Users\Public\Desktop\Ashampoo WinOptimizer 2016.lnk
2016-09-22 19:10 - 2016-09-22 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2016-09-22 19:10 - 2016-09-22 19:10 - 00000000 ____D C:\ProgramData\Ashampoo
2016-09-22 19:10 - 2016-09-22 19:10 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2016-09-22 19:10 - 2009-08-24 21:13 - 00034304 _____ (mst software GmbH, Germany) C:\Windows\system32\DfSdkBt.exe
2016-09-22 19:03 - 2016-09-22 19:04 - 30056992 _____ (Ashampoo GmbH & Co. KG ) C:\Users\Gerald\Downloads\ashampoo_winoptimizer_2016_22554.exe
2016-09-22 18:49 - 2016-09-22 18:49 - 00000000 ____D C:\Windows\system32\appmgmt
2016-09-22 18:26 - 2016-09-23 23:12 - 00007602 _____ C:\Users\Gerald\AppData\Local\Resmon.ResmonCfg
2016-09-22 18:24 - 2016-09-23 23:58 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\TS3Client
2016-09-22 18:24 - 2016-09-22 18:24 - 00000967 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2016-09-22 18:24 - 2016-09-22 18:24 - 00000929 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2016-09-22 18:24 - 2016-09-22 18:24 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-09-22 18:22 - 2016-09-22 18:22 - 32019840 _____ (TeamSpeak Systems GmbH) C:\Users\Gerald\Downloads\TeamSpeak3-Client-win64-3.0.19.4.exe
2016-09-22 18:20 - 2016-09-22 18:07 - 03055600 _____ (Blizzard Entertainment) C:\Users\Gerald\Downloads\World-of-Warcraft-Setup.exe
2016-09-22 18:19 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-09-22 18:19 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-09-22 18:19 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-09-22 18:19 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-09-22 18:19 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-09-22 18:19 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-09-22 18:19 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-09-22 18:19 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-09-22 18:19 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-09-22 18:19 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-09-22 18:18 - 2016-09-22 18:18 - 00000895 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
2016-09-22 18:18 - 2016-09-22 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2016-09-22 18:18 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-09-22 18:18 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-09-22 18:18 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-09-22 18:18 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-09-22 18:12 - 2016-09-24 09:53 - 00000000 ____D C:\Users\Gerald\AppData\Local\Battle.net
2016-09-22 18:12 - 2016-09-22 18:12 - 00000831 _____ C:\Users\Public\Desktop\Battle.net.lnk
2016-09-22 18:12 - 2016-09-22 18:12 - 00000000 ____D C:\Users\Gerald\AppData\Local\Blizzard Entertainment
2016-09-22 18:12 - 2016-09-22 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-09-22 18:08 - 2016-09-22 18:13 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Battle.net
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-24 09:51 - 2009-07-14 19:58 - 00696620 _____ C:\Windows\system32\perfh007.dat
2016-09-24 09:51 - 2009-07-14 19:58 - 00147916 _____ C:\Windows\system32\perfc007.dat
2016-09-24 09:51 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-24 09:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-09-24 09:44 - 2013-07-06 17:09 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-24 09:44 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-24 09:43 - 2009-07-14 07:08 - 00024066 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-09-24 09:37 - 2013-02-19 21:12 - 00003284 _____ C:\Windows\SysWOW64\ANIWZCS{CF98C296-AAE4-4323-A139-17C927A600EA}
2016-09-24 09:37 - 2013-02-19 21:12 - 00003284 _____ C:\Users\Gerald\AppData\Roaming\ANIWZCS{CF98C296-AAE4-4323-A139-17C927A600EA}
2016-09-24 09:35 - 2009-07-14 06:45 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-24 09:35 - 2009-07-14 06:45 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-24 09:23 - 2013-02-19 23:06 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-24 09:17 - 2013-07-06 17:09 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-22 22:30 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-09-22 21:07 - 2014-07-09 09:20 - 00056998 _____ C:\Windows\system32\Drivers\fvstore.dat
2016-09-22 19:24 - 2013-02-19 23:06 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-09-22 19:24 - 2013-02-19 21:35 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-22 19:24 - 2013-02-19 21:35 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-22 19:23 - 2013-02-19 21:35 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-22 19:23 - 2013-02-19 21:35 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-22 19:14 - 2013-06-21 06:56 - 00000000 ____D C:\Windows\Minidump
2016-09-22 19:14 - 2013-02-19 20:37 - 00000000 ____D C:\Windows\Panther
2016-09-22 19:06 - 2013-06-28 08:08 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-09-22 19:00 - 2013-06-28 07:58 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-09-22 18:49 - 2013-02-19 22:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2016-09-22 18:49 - 2013-02-19 22:39 - 00000000 ____D C:\Program Files (x86)\Comodo
2016-09-22 18:22 - 2013-07-06 17:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-09-22 18:12 - 2013-07-06 17:09 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-09-22 18:12 - 2013-07-06 17:09 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-09-22 18:08 - 2013-02-19 22:01 - 00000000 ____D C:\ProgramData\Battle.net
==================== Files in the root of some directories =======
2013-07-08 01:05 - 2013-07-08 01:25 - 0000253 _____ () C:\Users\Gerald\AppData\Roaming\ANICONFIG_{CF98C296-AAE4-4323-A139-17C927A600EA}.ini
2013-02-19 21:12 - 2016-09-24 09:37 - 0003284 _____ () C:\Users\Gerald\AppData\Roaming\ANIWZCS{CF98C296-AAE4-4323-A139-17C927A600EA}
2013-02-19 23:05 - 2013-02-20 18:16 - 1178624 _____ (CPUID) C:\Users\Gerald\AppData\Roaming\siw_sdk.dll
2016-09-22 18:26 - 2016-09-23 23:12 - 0007602 _____ () C:\Users\Gerald\AppData\Local\Resmon.ResmonCfg
2013-07-07 09:09 - 2014-07-23 20:25 - 0020664 _____ () C:\ProgramData\hpzinstall.log
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2013-07-06 13:09
==================== End of FRST.txt ============================

and the Addition file is :

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2016
Ran by Gerald (24-09-2016 09:56:14)
Running from C:\Users\Gerald\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2013-02-19 18:43:21)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3158051464-1702011754-1111135770-500 - Administrator - Disabled)
Gast (S-1-5-21-3158051464-1702011754-1111135770-501 - Limited - Disabled)
Gerald (S-1-5-21-3158051464-1702011754-1111135770-1000 - Administrator - Enabled) => C:\Users\Gerald
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
ANIWZCS2 Service (HKLM-x32\...\{4C590030-7469-453E-8589-D15DA9D03F52}) (Version: - )
Ashampoo WinOptimizer 2016 (HKLM-x32\...\{4209F371-38F5-0B47-1C5B-A4A8456950A3}_is1) (Version: 12.00.39 - Ashampoo GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
C-Media PCI Audio Device (HKLM\...\C-Media PCI Audio Driver) (Version: - )
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 27.2.0.0 - COMODO)
COMODO Internet Security (HKLM\...\{BCC0552D-76C0-4130-BFBD-49BE49ACC594}) (Version: 6.0.2566.2708 - COMODO Security Solutions Inc.)
D-Link Wireless G DWL-G122_DWA-110 (HKLM-x32\...\{5F753314-628E-4C13-B8AE-BFA7FD514CBE}) (Version: - D-Link)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HP Photosmart B109a-m All-in-One Driver 14.0 Rel. 6 (HKLM\...\{A253A57F-4319-49B5-B405-64587FFBCFE2}) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
ISI ResearchSoft - Export Helper (HKLM-x32\...\ISI ResearchSoft - Export Helper) (Version: - )
Java 7 Update 15 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4859.1002 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3158051464-1702011754-1111135770-1000\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4859.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4859.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4859.1002 - Microsoft Corporation) Hidden
Patrizier 4 (HKLM-x32\...\{25B473C3-2C62-482B-858F-94ED76880F79}) (Version: 1.0.0 - Kalypso Media)
PrivDog (HKLM-x32\...\PrivDog) (Version: 2.2.0.14 - privdog.com)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PS_AIO_06_B109a-m_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
R for Windows 3.0.1 (HKLM\...\R for Windows 3.0.1_is1) (Version: 3.0.1 - R Core Team)
Reference Manager 10 (HKLM-x32\...\Reference Manager 10) (Version: Reference Manager 10 - ISI ResearchSoft)
RExcel 3.2.9 Noncommercial (HKLM-x32\...\RExcel_is1) (Version: - Erich Neuwirth)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
SIW version 2011.10.29 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TuneUp Utilities 2013 (HKLM-x32\...\TuneUp Utilities 2013) (Version: 13.0.3020.2 - TuneUp Software)
TuneUp Utilities 2013 (x32 Version: 13.0.3020.2 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3020.2 - TuneUp Software) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1249F81C-808C-427A-9A69-44D98A1CD54A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-22] (Adobe Systems Incorporated)
Task: {28A4D550-8836-4462-ADCD-F0EB143F113B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-26] (Microsoft Corporation)
Task: {58278AF8-3150-4632-98E5-E395E29D1B53} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {6C3547D9-BD8A-4DA1-9C19-CA0A5FB6DA98} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-22] (Google Inc.)
Task: {7B184667-DFBE-4792-9A47-4DE73623C044} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2013-01-28] (TuneUp Software)
Task: {7E9E7D45-8FE0-4235-8EA7-5C6C6982C2D5} - System32\Tasks\One-Click Optimizer WO12 => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2016\WO2016.exe [2016-01-15] (Ashampoo Development GmbH & Co. KG)
Task: {84C4A382-11C5-488C-8F59-7848BE7E8F65} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-22] (Google Inc.)
Task: {9EFA811B-8557-419D-909A-0D2A1DE755A1} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {B1902270-5B39-4343-B77A-62385869B159} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-26] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\One-Click Optimizer WO12.job => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2016\WO2016.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2013-02-19 21:11 - 2009-07-07 21:10 - 00151552 _____ () C:\Windows\SysWOW64\ANIWConnService.exe
2014-08-20 23:21 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-06-20 16:00 - 2013-06-20 16:00 - 02095752 _____ () C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
2016-09-22 18:11 - 2016-09-22 18:11 - 01484776 _____ () E:\Games\WOW\Battle.net\Battle.net.7963\Battle.net Helper.exe
2016-09-22 18:11 - 2016-09-22 18:11 - 00250344 _____ () E:\Games\WOW\Battle.net\Battle.net.7963\bzrclient64.dll
2013-02-19 21:10 - 2009-06-01 15:23 - 00315392 _____ () C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIOApi.dll
2013-02-19 21:10 - 2009-06-01 15:23 - 00315392 _____ () C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\ANIOApi.dll
2016-09-22 18:12 - 2016-09-22 18:12 - 00540336 _____ () E:\Games\WOW\Battle.net\Battle.net.7963\ortp.dll
2016-09-22 18:11 - 2016-09-22 18:11 - 37247976 _____ () E:\Games\WOW\Battle.net\Battle.net.7963\libcef.dll
2016-09-22 18:11 - 2016-09-22 18:11 - 00194024 _____ () E:\Games\WOW\Battle.net\Battle.net.7963\BZRECORD.dll
2016-09-22 18:11 - 2016-09-22 18:11 - 06402560 _____ () E:\Games\WOW\Battle.net\Battle.net.7963\battle.net.dll
2016-09-22 18:11 - 2016-09-22 18:11 - 00133632 _____ () E:\Games\WOW\Battle.net\Battle.net.7963\libEGL.dll
2016-09-22 18:11 - 2016-09-22 18:11 - 03384832 _____ () E:\Games\WOW\Battle.net\Battle.net.7963\libGLESv2.dll
2016-09-22 18:11 - 2016-09-22 18:11 - 03384832 _____ () E:\Games\WOW\Battle.net\Battle.net.7963\libglesv2.dll
2016-09-22 18:11 - 2016-09-22 18:11 - 00133632 _____ () E:\Games\WOW\Battle.net\Battle.net.7963\libegl.dll
2016-09-22 18:11 - 2016-09-22 18:11 - 00990696 _____ () E:\Games\WOW\Battle.net\Battle.net.7963\ffmpegsumo.dll
2016-09-22 18:18 - 2016-09-22 18:18 - 23950848 _____ () E:\Games\WOW\World of Warcraft\Utils\libcef.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3158051464-1702011754-1111135770-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{2C3FE829-F3B5-422A-9E01-68C25FF922B4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe
FirewallRules: [{E24959FD-7A4E-4201-9296-4F6408CCF7DC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe
FirewallRules: [{7026CA51-D71D-4291-BFBD-23EBBA84A2D6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{CE5F2BD4-1D54-4FDE-9B07-792E9FFD9684}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [TCP Query User{66BB6B6E-2DEC-4CFD-8610-E03BD660025B}G:\games\diablo iii\diablo iii.exe] => (Allow) G:\games\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{B9D1E56C-AE4F-4FAC-925F-97085081565E}G:\games\diablo iii\diablo iii.exe] => (Allow) G:\games\diablo iii\diablo iii.exe
FirewallRules: [{A038F6B1-001B-4548-A760-38E1C8BEBD1E}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe
FirewallRules: [{4BCE9F4A-FFB4-410C-8BBC-54B996912922}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe
FirewallRules: [{0CFD3E73-BE36-4E9A-AB25-1F33B0EFC1F7}] => (Allow) C:\Users\Gerald\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{408BCB7D-252F-4549-90D3-14ECF2403FD4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{1D0972AD-DB6D-43A2-9075-78A19EFBE028}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{D00135DB-9E2B-4485-A3E3-23D36A765C9B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{60BC1BFD-358B-45AA-97D4-D94FFDD2EBAE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{0AC233D8-692C-43FE-B9F1-2A4041DFBCE1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{EEEFAC7B-E24D-4B8C-ADB0-4AFB8ECCA452}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{BFAE06BA-05DB-4151-A201-006C754CD56E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{2B3E1EF0-3038-48A4-94DA-2BA7E3B5BCA7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{AAFCE465-13A8-43AC-A4FF-8AC09A3B3F5F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{17F009C2-5431-422B-B5F5-7EAF858BD93F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{D8EEC691-5343-4BCE-B008-A56F4227006B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{907520F1-6CA9-4A55-A58D-550210EB258D}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{D9E2BA34-1F95-4E47-B463-16108690FD85}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
==================== Restore Points =========================
22-09-2016 18:18:23 Windows Update
22-09-2016 18:25:59 Windows-Sicherung
22-09-2016 18:44:49 Removed GeekBuddy.
22-09-2016 22:11:04 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
Name: Audiocontroller für Multimedia
Description: Audiocontroller für Multimedia
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PS/2-kompatible Maus
Description: PS/2-kompatible Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/24/2016 09:25:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AirGCFG.exe, Version: 4.1.4.908, Zeitstempel: 0x4ab34ca3
Name des fehlerhaften Moduls: AirGCFG.exe, Version: 4.1.4.908, Zeitstempel: 0x4ab34ca3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00051907
ID des fehlerhaften Prozesses: 0xa38
Startzeit der fehlerhaften Anwendung: 0x01d215a4a25c449e
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\AirGCFG.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\AirGCFG.exe
Berichtskennung: 1cd07e5d-8228-11e6-831d-00e0817034aa
Error: (09/22/2016 11:31:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm ComboFix.exe, Version 16.9.22.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1630
Startzeit: 01d215161cf0a3bd
Endzeit: 15
Anwendungspfad: C:\Users\Gerald\Desktop\ComboFix.exe
Berichts-ID:
Error: (09/22/2016 11:05:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IEXPLORE.EXE, Version 11.0.9600.17207 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 170c
Startzeit: 01d215150baf4992
Endzeit: 738
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Berichts-ID:
Error: (09/22/2016 10:11:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0xe2c
Startzeit der fehlerhaften Anwendung: 0x01d2150d4476ce22
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
Berichtskennung: ce039c76-8100-11e6-a86a-00e0817034aa
Error: (09/22/2016 08:41:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 17d8
Startzeit: 01d215001c2604e2
Endzeit: 18
Anwendungspfad: C:\Users\Gerald\Downloads\OTL.exe
Berichts-ID: 1f50b717-80f4-11e6-baf0-00e0817034aa
Error: (09/22/2016 08:18:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AirGCFG.exe, Version: 4.1.4.908, Zeitstempel: 0x4ab34ca3
Name des fehlerhaften Moduls: AirGCFG.exe, Version: 4.1.4.908, Zeitstempel: 0x4ab34ca3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00051907
ID des fehlerhaften Prozesses: 0xdfc
Startzeit der fehlerhaften Anwendung: 0x01d214fc46ee53a2
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\AirGCFG.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\AirGCFG.exe
Berichtskennung: f46e4718-80f0-11e6-baf0-00e0817034aa
Error: (09/22/2016 07:04:09 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
Kontext: Anwendung, SystemIndex Katalog
Error: (09/22/2016 06:30:10 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Auf diesem Laufwerk ist nicht genügend Speicherplatz zum Speichern der Sicherung verfügbar. Löschen Sie ältere Sicherungen und nicht benötigte Daten, um Speicherplatz freizugeben, oder ändern Sie die Sicherungseinstellungen. (0x81000005)"
Error: (09/22/2016 06:08:14 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Fehler bei der Erfassung des authentischen Tickets (hr=0xC004C4AB) für die Vorlagen-ID 66c92734-d682-4d71-983e-d6ec3f16059f.
Error: (09/22/2016 06:08:14 PM) (Source: Software Protection Platform Service) (EventID: 8209) (User: )
Description: Der Authentizitätsstatus ist auf nicht-authentisch (0x00000000) gesetzt für die Anwendungs-ID 55c92734-d682-4d71-983e-d6ec3f16059f.
System errors:
=============
Error: (09/24/2016 09:45:16 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
Es wird bereits eine Instanz des Dienstes ausgeführt.
Error: (09/24/2016 09:43:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Update" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/24/2016 09:43:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/24/2016 09:43:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "TuneUp Designerweiterung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/24/2016 09:43:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/24/2016 09:43:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Shellhardwareerkennung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/24/2016 09:43:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/24/2016 09:43:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Sekundäre Anmeldung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/24/2016 09:43:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Aufgabenplanung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/24/2016 09:43:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerprofildienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
==================== Memory info ===========================
Processor: Intel® Xeon™ CPU 3.60GHz
Percentage of memory in use: 93%
Total physical RAM: 5119.04 MB
Available physical RAM: 325.95 MB
Total Virtual: 10236.26 MB
Available Virtual: 4178.18 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:68.36 GB) (Free:27.95 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:2.01 GB) (Free:1.78 GB) NTFS
Drive e: () (Fixed) (Total:68.36 GB) (Free:24.93 GB) NTFS
Drive f: () (Fixed) (Total:68.36 GB) (Free:20.1 GB) NTFS
Drive g: () (Fixed) (Total:66.35 GB) (Free:0.02 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 68.4 GB) (Disk ID: 6C615A96)
Partition 1: (Active) - (Size=68.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 68.4 GB) (Disk ID: 2527A2C7)
Partition 1: (Not Active) - (Size=2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=66.4 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 68.4 GB) (Disk ID: ABAC7009)
Partition 1: (Not Active) - (Size=68.4 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 68.4 GB) (Disk ID: 13F351F7)
Partition 1: (Not Active) - (Size=68.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================


Sorry some parts are german but it does not allow me to Change the language of my OS anymore. Updates are also blocked....

So i hope it still helps.

The summary zip file:Attached File  summary.zip   1.73KB   1 downloads

Again thx for the help and have a nice weekend

Edited by Oh My!, 24 September 2016 - 02:44 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:58 AM

Posted 24 September 2016 - 05:26 PM

Greetings Gerald.

Not seeing much in the logs.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
BHO: PrivDog Extension -> {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} -> C:\Program Files\AdTrustMedia\PrivDog\2.2.0.14\trustedads.dll => No File
S3 cpuz135; \??\C:\Users\Gerald\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
U3 DfSdkS; no ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
CMD: type "C:\ComboFix.txt"
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Monitoring svchost.exe CPU Usage Using Process Explorer

--------------------
  • Please download Process Explorer.zip and save it to your desktop
  • Unzip the folder
  • Double click on the procexp folder
  • Double click the procexp icon
  • Click on the Process bar so that all the processes are listed in alphabetical order
  • Identify any svchost.exe process(es) using a large amount of resources
  • For each of those entries double click on the svchost.exe entry and a properties box will open
  • Click the Services tab
  • Identify all services listed for each of the svchost.exe entries using a large amount of resources
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Process Explorer information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Shora

Shora
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 25 September 2016 - 06:47 AM

Hello again Gary

 

i add the information of the process explorer as .jpg. 

 

The fix log :

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-09-2016 02
Ran by Gerald (25-09-2016 13:26:14) Run:1
Running from C:\Users\Gerald\Desktop
Loaded Profiles: Gerald (Available Profiles: Gerald)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
BHO: PrivDog Extension -> {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} -> C:\Program Files\AdTrustMedia\PrivDog\2.2.0.14\trustedads.dll => No File
S3 cpuz135; \??\C:\Users\Gerald\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
U3 DfSdkS; no ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
CMD: type "C:\ComboFix.txt"
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}" => key removed successfully
"HKCR\CLSID\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}" => key removed successfully
cpuz135 => service removed successfully
DfSdkS => service removed successfully
Synth3dVsc => service removed successfully
tsusbhub => service removed successfully
VGPU => service removed successfully
 
========= type "C:\ComboFix.txt" =========
 
Das System kann die angegebene Datei nicht finden.
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 13:26:43 ====
 
Attached File  processes2.jpg   264.42KB   0 downloads
Attached File  services.jpg   172.73KB   0 downloads
 
 
Just for your information. The process does not start automatically at the beginning anymore just when i open the browser (changed from firefox to chrome because its more stable and needs less resources) or any other web aplication such as online games. I am able to manually stop the process and it does not restart on is own anymore. So if you know a way to safely retrieve  relevant data from my D: E: F: drive to an external drive i would suggest that i store the data and format the whole computer and reinstall a clean os again. It would save you some time.
 
Thx again for your time and help.

Edited by Shora, 25 September 2016 - 06:49 AM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:58 AM

Posted 25 September 2016 - 08:23 AM

Hi Gerald,

We can certainly save the data and reformat if you'd like. However, there is a program on your computer I am not real comfortable with and debated whether or not to have you remove it. Because its functions don't modify certain parts of your computer (as far as I can tell) of greatest concern I left it alone. However, this same program is listed as running under the svchost.exe process information you posted. It is time to remove the program and see if there is a difference.

Please do this.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

I recommend uninstalling the below listed program(s) from your computer.

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Boot your computer into Safe Mode with Networking
  • Download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
TuneUp Utilities 2013
TuneUp Utilities Language Pack
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Click on Select all then click Delete
  • When prompted select Yes then Next
  • Once done click Finish.
  • Reboot your computer and check the performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the program uninstall?
  • Any improvement?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Shora

Shora
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 25 September 2016 - 11:10 AM

Hi Gary

 

The programm is not uninstalled. I does not appear in any windows related software (explorer, programm uninstaller...) but the REVO uninstaller still finds it. But as far as i can say it changed its icon.....i did everything step by step as you told me. I installed the programm several years ago on suggestion of a study colleague for a project we did together (never made sense to me). And the svchost still appears. I dont know what you prefer saving data and run a new installation or we keep trying.  If you say that my data seems to be clear of any threats i can do the new setup i think it saves a lot of your time and its not that much of an effort to me.

 

Thx again 



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:58 AM

Posted 25 September 2016 - 01:06 PM

I appreciate your concern for my time but we are doing just fine. In fact we haven't even warmed up yet! :)

We will deal with the program manually. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Boot back into Safe Mode with Networking
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
C:\Program Files (x86)\TuneUp Utilities 2013
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
2016-09-24 04:40 - 2016-09-24 04:40 - 00002770 _____ C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
Task: {7B184667-DFBE-4792-9A47-4DE73623C044} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2013-01-28] (TuneUp Software)
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Reboot your computer into Normal Boot
===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook and save it to your Desktop.
  • Right-click SystemLook.exe and select Run as administrator...
  • Copy the content of the following codebox into the main textfield:
:filefind
Tuneup*
:folderfind
Tuneup*
:regfind
Tuneup*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • SystemLook log
  • Check your computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Shora

Shora
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 27 September 2016 - 09:29 AM

Hello Gary 

 

Sorry for responding late but i had no time yesterday to work on my problem....

 

so the results :

Fixlog:

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 25-09-2016
durchgeführt von Gerald (27-09-2016 16:14:11) Run:2
Gestartet von C:\Users\Gerald\Desktop
Geladene Profile: Gerald (Verfügbare Profile: Gerald)
Start-Modus: Safe Mode (with Networking)
==============================================
 
fixlist Inhalt:
*****************
C:\Program Files (x86)\TuneUp Utilities 2013
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
2016-09-24 04:40 - 2016-09-24 04:40 - 00002770 _____ C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
Task: {7B184667-DFBE-4792-9A47-4DE73623C044} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2013-01-28] (TuneUp Software)
emptytemp:
*****************
 
"C:\Program Files (x86)\TuneUp Utilities 2013" => nicht gefunden.
TuneUp.UtilitiesSvc => Dienst erfolgreich entfernt
TuneUpUtilitiesDrv => Dienst nicht gefunden.
C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B184667-DFBE-4792-9A47-4DE73623C044}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B184667-DFBE-4792-9A47-4DE73623C044}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => nicht gefunden.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TuneUpUtilities_Task_BkGndMaintenance2013" => Schlüssel erfolgreich entfernt
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21841985 B
Java, Flash, Steam htmlcache => 955 B
Windows/system/drivers => 8810983 B
Edge => 0 B
Chrome => 53922504 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33186 B
systemprofile32 => 33186 B
LocalService => 66228 B
NetworkService => 34184 B
Gerald => 387058964 B
 
RecycleBin => 78280987 B
EmptyTemp: => 524.6 MB temporäre Dateien entfernt.
 
================================
 
 
Das System musste neu gestartet werden.
 
==== Ende von Fixlog 16:15:08 ====
 
SystemLook:
SystemLook 30.07.11 by jpshortstuff
Log created at 16:22 on 27/09/2016 by Gerald
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.
 
========== filefind ==========
 
Searching for "Tuneup*"
C:\AdwCleaner\quarantine\files\cxgbczyuyorjlhxsoppdgundmoypojxw\DACE2879C92240CDA32BFFCE6B3F6E38\TuneUpUtilities2013-2200213_de-DE.exe --a---- 28181408 bytes [20:00 22/09/2016] [23:37 28/01/2013] 7B56D7DA15113C0FB8A102173EBF3EA3
C:\FRST\Quarantine\C\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013.xBAD --a---- 2770 bytes [02:40 24/09/2016] [02:40 24/09/2016] E91DA76A97285D09F33104639347C4FF
C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk --a---- 2213 bytes [23:31 07/07/2013] [23:31 07/07/2013] 15D8EC5B8D8E9FBF121167D7C2436381
C:\Windows\Installer\$PatchCache$\Managed\8CBDBA4C18C19C24FBCFA48615E1E9F4\13.0.3000\TuneUpRPCDll -ra---- 192352 bytes [14:06 29/11/2012] [14:06 29/11/2012] E78CA394BAF575C15F623AD395CA7C2F
C:\Windows\Installer\$PatchCache$\Managed\8CBDBA4C18C19C24FBCFA48615E1E9F4\13.0.3000\TuneUpSystemStatusCheck.exe -ra---- 251744 bytes [14:01 29/11/2012] [14:01 29/11/2012] FF1DFAB87BA8B9DCD83C693D60F12B80
C:\Windows\Installer\$PatchCache$\Managed\8CBDBA4C18C19C24FBCFA48615E1E9F4\13.0.3000\TuneUpUtilitiesServiceExe64bit -ra---- 2401632 bytes [14:06 29/11/2012] [14:06 29/11/2012] E8985332F611F56ADBCFF987E7D67D51
 
========== folderfind ==========
 
Searching for "Tuneup*"
C:\Program Files\Windows Sidebar\Shared Gadgets\TuneUpUtilities.gadget d------ [23:32 07/07/2013]
C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\TuneUpUtilities.gadget d------ [23:31 07/07/2013]
C:\ProgramData\TuneUp Software d------ [23:31 07/07/2013]
C:\ProgramData\TuneUp Software\TuneUp Utilities d------ [23:31 07/07/2013]
C:\Users\All Users\TuneUp Software d------ [23:31 07/07/2013]
C:\Users\All Users\TuneUp Software\TuneUp Utilities d------ [23:31 07/07/2013]
C:\Users\Gerald\AppData\Local\VirtualStore\ProgramData\TuneUp Software d------ [23:31 07/07/2013]
C:\Users\Gerald\AppData\Roaming\TuneUp Software d------ [23:31 07/07/2013]
C:\Windows\System32\config\systemprofile\AppData\Roaming\TuneUp Software d------ [06:25 05/08/2013]
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TuneUp Software d------ [06:25 05/08/2013]
 
========== regfind ==========
 
Searching for "Tuneup*"
No data found.
 
-= EOF =-
 
Crappy svchost still here; so no improved performance.

 

Thx and have a nice day 



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:58 AM

Posted 27 September 2016 - 01:12 PM

No problem at all.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
C:\Windows\Installer\$PatchCache$\Managed\8CBDBA4C18C19C24FBCFA48615E1E9F4\13.0.3000\TuneUpRPCDll
C:\Windows\Installer\$PatchCache$\Managed\8CBDBA4C18C19C24FBCFA48615E1E9F4\13.0.3000\TuneUpSystemStatusCheck.exe
C:\Windows\Installer\$PatchCache$\Managed\8CBDBA4C18C19C24FBCFA48615E1E9F4\13.0.3000\TuneUpUtilitiesServiceExe64bit
C:\Program Files\Windows Sidebar\Shared Gadgets\TuneUpUtilities.gadget
C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\TuneUpUtilities.gadget
C:\ProgramData\TuneUp Software
C:\Users\All Users\TuneUp Software
C:\Users\Gerald\AppData\Local\VirtualStore\ProgramData\TuneUp Software
C:\Users\Gerald\AppData\Roaming\TuneUp Software
C:\Windows\System32\config\systemprofile\AppData\Roaming\TuneUp Software
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TuneUp Software
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Check svchost.exe
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • svchost activity?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Shora

Shora
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 27 September 2016 - 02:55 PM

Hello again

 

Fixlog:

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 25-09-2016
durchgeführt von Gerald (27-09-2016 21:51:47) Run:4
Gestartet von C:\Users\Gerald\Desktop
Geladene Profile: Gerald (Verfügbare Profile: Gerald)
Start-Modus: Normal
==============================================
 
fixlist Inhalt:
*****************
C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
C:\Windows\Installer\$PatchCache$\Managed\8CBDBA4C18C19C24FBCFA48615E1E9F4\13.0.3000\TuneUpRPCDll
C:\Windows\Installer\$PatchCache$\Managed\8CBDBA4C18C19C24FBCFA48615E1E9F4\13.0.3000\TuneUpSystemStatusCheck.exe
C:\Windows\Installer\$PatchCache$\Managed\8CBDBA4C18C19C24FBCFA48615E1E9F4\13.0.3000\TuneUpUtilitiesServiceExe64bit
C:\Program Files\Windows Sidebar\Shared Gadgets\TuneUpUtilities.gadget
C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\TuneUpUtilities.gadget
C:\ProgramData\TuneUp Software
C:\Users\All Users\TuneUp Software
C:\Users\Gerald\AppData\Local\VirtualStore\ProgramData\TuneUp Software
C:\Users\Gerald\AppData\Roaming\TuneUp Software
C:\Windows\System32\config\systemprofile\AppData\Roaming\TuneUp Software
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TuneUp Software
*****************
 
"C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk" => nicht gefunden.
"C:\Windows\Installer\$PatchCache$\Managed\8CBDBA4C18C19C24FBCFA48615E1E9F4\13.0.3000\TuneUpRPCDll" => gefunden.
"C:\Windows\Installer\$PatchCache$\Managed\8CBDBA4C18C19C24FBCFA48615E1E9F4\13.0.3000\TuneUpSystemStatusCheck.exe" => gefunden.
"C:\Windows\Installer\$PatchCache$\Managed\8CBDBA4C18C19C24FBCFA48615E1E9F4\13.0.3000\TuneUpUtilitiesServiceExe64bit" => gefunden.
"C:\Program Files\Windows Sidebar\Shared Gadgets\TuneUpUtilities.gadget" => gefunden.
"C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\TuneUpUtilities.gadget" => gefunden.
"C:\ProgramData\TuneUp Software" => nicht gefunden.
"C:\Users\All Users\TuneUp Software" => gefunden.
"C:\Users\Gerald\AppData\Local\VirtualStore\ProgramData\TuneUp Software" => nicht gefunden.
"C:\Users\Gerald\AppData\Roaming\TuneUp Software" => gefunden.
"C:\Windows\System32\config\systemprofile\AppData\Roaming\TuneUp Software" => gefunden.
"C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TuneUp Software" => gefunden.
 
==== Ende von Fixlog 21:51:47 ====
 
svchost still apearing....
 
Regards
Gerald


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:58 AM

Posted 27 September 2016 - 03:57 PM

I am not sure what happened but as far as I can tell the bottom portion doesn't say deleted, just found or not found.

Could you make sure your FRST64 icon is renamed FRST64english then rerun the fix steps.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Shora

Shora
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 27 September 2016 - 05:14 PM

Hiho 

 

as far it seems it has deleted everything because it does not find it anymore. But svchost still here.. sry

 

 

fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-09-2016
Ran by Gerald (28-09-2016 00:12:45) Run:5
Running from C:\Users\Gerald\Desktop
Loaded Profiles: Gerald (Available Profiles: Gerald)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
C:\Windows\Installer\$PatchCache$\Managed\8CBDBA4C18C19C24FBCFA48615E1E9F4\13.0.3000\TuneUpRPCDll
C:\Windows\Installer\$PatchCache$\Managed\8CBDBA4C18C19C24FBCFA48615E1E9F4\13.0.3000\TuneUpSystemStatusCheck.exe
C:\Windows\Installer\$PatchCache$\Managed\8CBDBA4C18C19C24FBCFA48615E1E9F4\13.0.3000\TuneUpUtilitiesServiceExe64bit
C:\Program Files\Windows Sidebar\Shared Gadgets\TuneUpUtilities.gadget
C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\TuneUpUtilities.gadget
C:\ProgramData\TuneUp Software
C:\Users\All Users\TuneUp Software
C:\Users\Gerald\AppData\Local\VirtualStore\ProgramData\TuneUp Software
C:\Users\Gerald\AppData\Roaming\TuneUp Software
C:\Windows\System32\config\systemprofile\AppData\Roaming\TuneUp Software
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TuneUp Software
*****************
 
"C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk" => not found.
"C:\Windows\Installer\$PatchCache$\Managed\8CBDBA4C18C19C24FBCFA48615E1E9F4\13.0.3000\TuneUpRPCDll" => not found.
"C:\Windows\Installer\$PatchCache$\Managed\8CBDBA4C18C19C24FBCFA48615E1E9F4\13.0.3000\TuneUpSystemStatusCheck.exe" => not found.
"C:\Windows\Installer\$PatchCache$\Managed\8CBDBA4C18C19C24FBCFA48615E1E9F4\13.0.3000\TuneUpUtilitiesServiceExe64bit" => not found.
"C:\Program Files\Windows Sidebar\Shared Gadgets\TuneUpUtilities.gadget" => not found.
"C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\TuneUpUtilities.gadget" => not found.
"C:\ProgramData\TuneUp Software" => not found.
"C:\Users\All Users\TuneUp Software" => not found.
"C:\Users\Gerald\AppData\Local\VirtualStore\ProgramData\TuneUp Software" => not found.
"C:\Users\Gerald\AppData\Roaming\TuneUp Software" => not found.
"C:\Windows\System32\config\systemprofile\AppData\Roaming\TuneUp Software" => not found.
"C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TuneUp Software" => not found.
 
==== End of Fixlog 00:12:46 ====


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:58 AM

Posted 27 September 2016 - 05:25 PM

No need to be sorry.

Please repeat the Monitoring svchost.exe CPU Usage Using Process Explorer step.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Shora

Shora
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 28 September 2016 - 01:57 AM

Good morning 

 

the explorer pic

 

Attached File  processes3.jpg   176.22KB   0 downloads






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users