|
Plagegeister aller Art und deren Bekämpfung: Antiviren- und Antimalwareprogramme können nicht installiert oder geöffnet werden, Firewall wurde auch deaktiviert.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
10.05.2014, 11:27 | #1 |
| Antiviren- und Antimalwareprogramme können nicht installiert oder geöffnet werden, Firewall wurde auch deaktiviert. Hallo, ich habe vollgendes Problem gestern festgestellt, Avira und Malwarebytes sich nicht mehr öffnen lassen es kommt die Meldung "... ist keine zuverlässige 32 bit-anwendung". Dannach habe ich auch festgestellt das die Windows Firewall deaktiviert ist und ich kann die firewall nicht wieder aktivieren da ich nicht die nötigen Berechtigungen habe obwohl ich als Admin Angemeldet bin. Ich hoffe Ihr könnt mir Helfen vielen Dank schon mal im vorraus. |
10.05.2014, 12:04 | #2 |
/// TB-Ausbilder /// Anleitungs-Guru | Antiviren- und Antimalwareprogramme können nicht installiert oder geöffnet werden, Firewall wurde auch deaktiviert.Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
Hinweise: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Das dauert dann zwar ein paar Stunden länger, garantiert aber, dass Du kompetente Hilfe und geprüfte Antworten bekommst. Siehe hier... Ich bedanke mich für Deine Geduld! Schritt 1 (Scan mit FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff Posten in CODE-Tags: So gehts... Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
10.05.2014, 13:30 | #3 |
| Antiviren- und Antimalwareprogramme können nicht installiert oder geöffnet werden, Firewall wurde auch deaktiviert. Ihr ist die FRST.txt
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-05-2014 Ran by Gaming pc (administrator) on GAMINGPC-PC on 10-05-2014 14:27:40 Running from C:\Users\Gaming pc\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\System32\CISVC.EXE (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe () C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe (Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe (Oracle Corporation) C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Autodesk, Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-11] (Intel Corporation) HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [506864 2013-03-08] (MSI) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation) HKLM-x32\...\Run: [d2be3e6d11846430c067fc874a79f583] => "C:\Users\Gaming pc\AppData\Local\Temp\java.exe" .. HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1641368 2013-02-01] (Autodesk, Inc.) HKLM-x32\...\Run: [Download Protect] => C:\ProgramData\dlprotect.exe HKLM-x32\...\Run: [MFARestart] => C:\ProgramData\MFAData\pack\avgrunasx.exe [314896 2014-03-27] (AVG Technologies CZ, s.r.o.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" HKU\S-1-5-19\...\Run: [adminkey] => C:\ProgramData\folder\mtqadjqbe.exe [262033 2014-05-04] (Symantec ® Corporation SidePro) HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\Run: [adminkey] => C:\ProgramData\folder\mtqadjqbe.exe [262033 2014-05-04] (Symantec ® Corporation SidePro) HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [37664 2014-03-05] (Overwolf LTD) HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\Run: [MySQL Notifier] => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySqlNotifier.exe [762368 2013-07-05] (Oracle Corporation) HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-12-06] (AMD) HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\Policies\system: [EnableLUA] 0 HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\CurrentVersion\Windows: [Load] C:\Windows\system32\Microsoft.com <===== ATTENTION HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\Policies\Explorer: [] HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\Policies\Explorer: [TaskbarNoNotification] 1 HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\MountPoints2: {4371f346-7f8a-11e3-a467-d43d7ebdbc00} - E:\setup.exe IFEO\AvastSvc.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\AvastUI.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avcenter.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avconfig.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avgcsrvx.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avgidsagent.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avgnt.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avgrsx.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avguard.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avgui.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avgwdsvc.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avp.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avscan.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\bdagent.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\ccuac.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\ComboFix.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\egui.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\hijackthis.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\instup.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\keyscrambler.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\mbam.exe: [Debugger] zwrstu.exe IFEO\mbamgui.exe: [Debugger] skskjb.exe IFEO\mbampt.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\mbamscheduler.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\mbamservice.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\MpCmdRun.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\MSASCui.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\MsMpEng.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\msseces.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\rstrui.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\spybotsd.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\SSScheduler.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\wireshark.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\zlclient.exe: [Debugger] C:\Windows\system32\Microsoft.com Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM - 931B4090B162439199140CDA6E2CECDF URL = SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=a11465-172&apn_uid=3361143290744442&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKCU - URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPCAF66BCF-5A15-45D9-AAD8-951C2A465CDD&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" No File BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" No File Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Gaming pc\AppData\Roaming\Mozilla\Firefox\Profiles\3ngzs4ee.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Gaming pc\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Gaming pc\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR Extension: (Google Wallet) - C:\Users\Gaming pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-15] CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2013-10-15] CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-04-25] () S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation) S3 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [48832 2013-03-13] (Intel Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-13] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation) R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation) R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161264 2013-02-20] (MSI) R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-04-18] (MICRO-STAR INTERNATIONAL CO., LTD.) R2 MySQL56; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14256 2014-05-04] () S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [32568 2014-04-14] (The OpenVPN Project) S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [99616 2014-03-05] (Overwolf LTD) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation) S2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe" [X] S2 APNMCP; "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe" [X] S2 Util Surftastic; "C:\Program Files (x86)\Surftastic\bin\utilSurftastic.exe" [X] ==================== Drivers (Whitelisted) ==================== R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-17] (Disc Soft Ltd) R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-02-13] () S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-22] (Malwarebytes Corporation) R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI) R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] () S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-01-15] (Anchorfree Inc.) R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-05-10] () S3 ALSysIO; \??\C:\Users\GAMING~1\AppData\Local\Temp\ALSysIO64.sys [X] S3 MSICDSetup; \??\D:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-10 14:27 - 2014-05-10 14:27 - 00018289 _____ () C:\Users\Gaming pc\Desktop\FRST.txt 2014-05-10 14:26 - 2014-05-10 14:27 - 00048593 _____ () C:\Users\Gaming pc\Downloads\FRST.txt 2014-05-10 14:26 - 2014-05-10 14:26 - 02065408 _____ (Farbar) C:\Users\Gaming pc\Desktop\FRST64.exe 2014-05-10 12:01 - 2014-05-10 12:01 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Macromedia 2014-05-10 12:01 - 2014-05-10 12:01 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Adobe 2014-05-10 12:00 - 2014-05-10 12:00 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp 2014-05-10 12:00 - 2014-05-10 12:00 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\ATI 2014-05-10 12:00 - 2014-05-10 12:00 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Apple Computer 2014-05-10 12:00 - 2014-05-10 12:00 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\MFAData 2014-05-10 12:00 - 2014-05-10 12:00 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\Avg2014 2014-05-10 11:54 - 2014-05-10 11:54 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Mozilla 2014-05-10 11:51 - 2014-05-10 11:51 - 00003374 _____ () C:\Windows\System32\Tasks\Install_SSD 2014-05-10 11:38 - 2014-05-10 14:27 - 00000000 ____D () C:\FRST 2014-05-10 11:32 - 2014-05-10 11:32 - 00000000 _____ () C:\Users\Gaming pc\defogger_reenable 2014-05-10 11:15 - 2014-05-10 11:15 - 06103040 _____ () C:\Program Files (x86)\GUTDF67.tmp 2014-05-10 11:15 - 2014-05-10 11:15 - 00000000 ____D () C:\Program Files (x86)\GUMDF08.tmp 2014-05-09 21:04 - 2014-05-09 21:04 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\TuneUp Software 2014-05-09 20:59 - 2014-05-10 11:17 - 00000000 ____D () C:\ProgramData\MFAData 2014-05-09 20:43 - 2014-05-09 20:43 - 00858295 _____ () C:\Users\Gaming pc\Documents\pinfect.zip 2014-05-09 20:41 - 2014-05-09 20:42 - 19759335 _____ () C:\Windows\REGBK00.ZIP 2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\VDLL.DLL 2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\SysWOW64\runouce.exe 2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\rundll16.exe 2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\RUNDL132.EXE 2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\logo1_.exe 2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\logo_1.exe 2014-05-09 20:40 - 2014-05-09 20:40 - 00632064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr80.dll 2014-05-09 20:40 - 2014-05-09 20:40 - 00554240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp80.dll 2014-05-09 20:40 - 2014-05-09 20:40 - 00034048 _____ (MicroWorld Technologies Inc.) C:\Windows\SysWOW64\eEmpty.exe 2014-05-09 20:40 - 2014-05-09 20:40 - 00000028 _____ () C:\Windows\Lic.xxx 2014-05-09 20:40 - 2014-05-09 20:40 - 00000000 ____D () C:\ProgramData\MicroWorld 2014-05-09 20:40 - 2005-09-22 23:22 - 00000522 _____ () C:\Windows\SysWOW64\Microsoft.VC80.CRT.manifest 2014-05-09 20:30 - 2014-05-10 11:59 - 00000000 ____D () C:\AdwCleaner 2014-05-09 20:30 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-05-09 20:21 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-09 20:21 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-09 20:21 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-09 19:56 - 2014-05-09 19:56 - 00000000 ____D () C:\Users\Gaming pc\ChromeExtensions 2014-05-09 19:47 - 2014-05-09 19:47 - 00120832 _____ () C:\Windows\system32\cmlua64.exe 2014-05-09 19:41 - 2014-05-10 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-09 19:41 - 2014-05-10 11:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-09 19:37 - 2014-05-09 19:37 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-05-09 19:33 - 2014-05-10 12:01 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Oracle 2014-05-09 17:58 - 2014-05-09 17:58 - 00082457 _____ () C:\Users\Gaming pc\Documents\log.xml 2014-05-09 16:20 - 2014-05-09 16:20 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager 2014-05-09 16:18 - 2014-05-09 16:18 - 00000000 _____ () C:\autoexec.bat 2014-05-09 16:17 - 2014-05-09 16:22 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-05-09 16:17 - 2014-05-09 16:17 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-05-09 16:11 - 2014-03-02 18:24 - 00000426 _____ () C:\AVScanner.ini 2014-05-09 16:09 - 2014-05-10 12:00 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-05-09 15:51 - 2014-05-10 14:23 - 00000000 __RHO () C:\Windows\SysWOW64\Microsoft.com 2014-05-06 15:51 - 2014-05-06 15:54 - 00000302 _____ () C:\Users\Gaming pc\AppData\Roaming\BreakingPoint_Login.ini 2014-05-04 16:37 - 2014-05-04 16:37 - 00003222 _____ () C:\Windows\System32\Tasks\Windows Update Check - 0x140703D5 2014-05-04 14:08 - 2014-05-04 14:08 - 00000019 _____ () C:\Users\Gaming pc\Desktop\[76561198110998659].txt 2014-05-04 12:10 - 2014-05-06 16:03 - 00001256 _____ () C:\Users\Gaming pc\AppData\Roaming\BreakingPoint_Options.ini 2014-05-04 12:03 - 2014-05-04 12:03 - 00001034 _____ () C:\Users\Gaming pc\Desktop\Breaking Point.lnk 2014-05-04 12:02 - 2014-05-06 15:54 - 00000000 ____D () C:\Program Files (x86)\Breaking 2014-05-03 21:48 - 2014-05-03 21:48 - 00000000 ____D () C:\Users\Gaming pc\Documents\Navicat 2014-05-03 21:43 - 2014-05-03 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremiumSoft 2014-05-03 21:43 - 2014-05-03 21:43 - 00000000 ____D () C:\Program Files\PremiumSoft 2014-05-03 21:43 - 2013-10-08 09:55 - 01988096 _____ () C:\Windows\system32\libmysql_e.dll 2014-05-03 21:41 - 2014-05-10 11:51 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\MySQL 2014-05-03 21:37 - 2014-05-09 20:19 - 00000000 ____D () C:\Program Files\MySQL 2014-05-03 21:37 - 2014-05-09 20:16 - 00000023 _____ () C:\Windows\ODBCINST.INI 2014-05-03 21:37 - 2014-05-09 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL 2014-05-03 21:36 - 2014-05-09 20:18 - 00000000 ____D () C:\Program Files (x86)\MySQL 2014-05-03 21:36 - 2014-05-03 21:37 - 00000000 ____D () C:\ProgramData\MySQL 2014-05-03 21:36 - 2014-05-03 21:36 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MySQL 2014-05-01 20:03 - 2014-05-01 20:03 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PBO Manager 2014-05-01 20:03 - 2014-05-01 20:03 - 00000000 ____D () C:\Program Files\PBO Manager v.1.4 beta 2014-04-30 19:49 - 2014-04-30 19:49 - 00001103 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk 2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows 2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN 2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\Program Files\TAP-Windows 2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\Program Files (x86)\OpenVPN 2014-04-30 19:14 - 2014-04-30 19:14 - 00001971 _____ () C:\Users\Public\Desktop\Overwolf.lnk 2014-04-30 19:14 - 2014-04-30 19:14 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf 2014-04-30 19:14 - 2014-04-30 19:14 - 00000000 ____D () C:\Program Files (x86)\Overwolf 2014-04-30 19:13 - 2014-05-10 12:01 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\Overwolf 2014-04-30 19:13 - 2014-04-30 19:13 - 00001222 _____ () C:\Users\Gaming pc\Desktop\TeamSpeak 3 Client.lnk 2014-04-30 19:13 - 2014-04-30 19:13 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\TeamSpeak 3 Client 2014-04-25 20:32 - 2014-04-25 20:32 - 00000201 _____ () C:\Users\Gaming pc\Desktop\arma3.url 2014-04-25 20:24 - 2014-04-25 20:24 - 00000222 _____ () C:\Users\Gaming pc\Desktop\Arma 3.url 2014-04-25 20:16 - 2014-05-09 15:52 - 00000000 __SHD () C:\Program Files (x86)\Windows Manager 2014-04-25 20:11 - 2014-04-25 20:16 - 00000000 ____D () C:\Program Files (x86)\Kepard 2014-04-25 19:51 - 2014-04-25 19:51 - 00003154 _____ () C:\Windows\System32\Tasks\{A8F5506E-8DE9-4484-9A04-FB634B47CB35} 2014-04-25 19:45 - 2014-05-09 16:12 - 00002300 _____ () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2014-04-24 20:56 - 2014-04-30 19:13 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-04-24 17:32 - 2014-05-09 15:44 - 00000000 ___RD () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-24 17:32 - 2014-04-24 17:32 - 00000000 ___RD () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-24 13:20 - 2014-04-24 13:20 - 06389248 _____ (Alderon Games) C:\Program Files (x86)\BreakingPoint.exe 2014-04-24 13:20 - 2014-04-24 13:20 - 03019880 _____ (BitTorrent, Inc.) C:\Program Files (x86)\BTSync.exe 2014-04-24 13:20 - 2014-04-24 13:20 - 01068544 _____ (Alderon Games) C:\Program Files (x86)\ApplyUpdate.exe 2014-04-22 14:58 - 2014-05-08 16:33 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\Arma 3 2014-04-22 14:58 - 2014-04-22 17:31 - 00000000 ____D () C:\Users\Gaming pc\Documents\Arma 3 2014-04-22 14:58 - 2014-04-22 14:58 - 00000000 ____D () C:\ProgramData\Bohemia Interactive 2014-04-22 14:56 - 2014-04-22 19:26 - 00000772 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARMA 3.lnk 2014-04-18 18:56 - 2014-04-22 12:51 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-17 13:04 - 2009-09-27 09:39 - 00415744 ___SH (The Public) C:\Windows\SysWOW64\avisynth.dll 2014-04-17 13:04 - 2005-07-14 12:31 - 00032256 ___SH () C:\Windows\SysWOW64\AVSredirect.dll 2014-04-17 13:04 - 2004-02-22 10:11 - 00764416 ___SH (Abysmal Software) C:\Windows\SysWOW64\devil.dll 2014-04-17 13:04 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\Windows\SysWOW64\yv12vfw.dll 2014-04-17 13:04 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\Windows\SysWOW64\i420vfw.dll 2014-04-17 13:00 - 2014-04-22 15:49 - 00000000 ____D () C:\Program Files (x86)\eRightSoft 2014-04-17 13:00 - 2014-04-17 13:00 - 01097384 _____ (AnyProtect.com) C:\Users\Gaming pc\AppData\Local\nsy525F.tmp 2014-04-17 13:00 - 2014-04-17 13:00 - 00000000 ____D () C:\Users\Gaming pc\Documents\eRightSoft 2014-04-17 13:00 - 2004-10-10 09:50 - 00278528 _____ (Real Networks, Inc) C:\Windows\SysWOW64\pncrt.dll 2014-04-17 13:00 - 2004-07-02 16:33 - 00327749 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\drvc.dll 2014-04-15 08:49 - 2014-04-15 08:49 - 00002990 _____ () C:\Windows\System32\Tasks\{EE1C554C-CCFC-452D-AAE2-71472538B64D} 2014-04-15 08:49 - 2014-04-15 08:49 - 00002990 _____ () C:\Windows\System32\Tasks\{E40D7364-927A-4F7B-B1A6-261C7E340CB4} 2014-04-13 12:29 - 2014-05-10 12:00 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys 2014-04-13 12:19 - 2014-04-13 12:22 - 00000000 ____D () C:\Users\Gaming pc\AppData\libraries 2014-04-13 12:17 - 2014-04-13 12:23 - 00000000 ____D () C:\Users\Gaming pc\AppData\assets 2014-04-13 12:17 - 2014-04-13 12:17 - 00000000 ____D () C:\Users\Gaming pc\AppData\versions 2014-04-13 12:15 - 2014-04-13 12:23 - 00000000 ____D () C:\Users\Gaming pc\AppData\Monster 2014-04-13 12:12 - 2014-04-13 12:25 - 00000000 ____D () C:\Users\Gaming pc\AppData\authlib 2014-04-13 12:12 - 2014-04-13 12:12 - 00000000 _____ () C:\Users\Gaming pc\AppData\FTBOSSent1.3.8.txt 2014-04-11 17:40 - 2014-04-11 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-04-11 17:40 - 2014-04-11 17:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-04-11 17:40 - 2014-04-11 17:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight ==================== One Month Modified Files and Folders ======= 2014-05-10 14:27 - 2014-05-10 14:27 - 00018289 _____ () C:\Users\Gaming pc\Desktop\FRST.txt 2014-05-10 14:27 - 2014-05-10 14:26 - 00048593 _____ () C:\Users\Gaming pc\Downloads\FRST.txt 2014-05-10 14:27 - 2014-05-10 11:38 - 00000000 ____D () C:\FRST 2014-05-10 14:26 - 2014-05-10 14:26 - 02065408 _____ (Farbar) C:\Users\Gaming pc\Desktop\FRST64.exe 2014-05-10 14:23 - 2014-05-09 15:51 - 00000000 __RHO () C:\Windows\SysWOW64\Microsoft.com 2014-05-10 14:23 - 2014-01-27 18:24 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-10 14:23 - 2014-01-27 18:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-10 14:23 - 2013-12-27 12:12 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000UA.job 2014-05-10 14:23 - 2013-12-27 12:12 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000Core.job 2014-05-10 14:23 - 2013-10-15 12:25 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-10 12:08 - 2009-07-14 06:45 - 00026496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-10 12:08 - 2009-07-14 06:45 - 00026496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-10 12:01 - 2014-05-10 12:01 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Macromedia 2014-05-10 12:01 - 2014-05-10 12:01 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Adobe 2014-05-10 12:01 - 2014-05-09 19:33 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Oracle 2014-05-10 12:01 - 2014-04-30 19:13 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\Overwolf 2014-05-10 12:00 - 2014-05-10 12:00 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp 2014-05-10 12:00 - 2014-05-10 12:00 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\ATI 2014-05-10 12:00 - 2014-05-10 12:00 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Apple Computer 2014-05-10 12:00 - 2014-05-10 12:00 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\MFAData 2014-05-10 12:00 - 2014-05-10 12:00 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\Avg2014 2014-05-10 12:00 - 2014-05-09 16:09 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-05-10 12:00 - 2014-04-13 12:29 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys 2014-05-10 12:00 - 2013-11-21 18:46 - 00002020 _____ () C:\Windows\Tasks\CS Browser Assistant 2.0-chromeinstaller.job 2014-05-10 12:00 - 2013-11-21 18:46 - 00001946 _____ () C:\Windows\Tasks\CS Browser Assistant 2.0-firefoxinstaller.job 2014-05-10 12:00 - 2013-11-21 18:46 - 00001386 _____ () C:\Windows\Tasks\CS Browser Assistant 2.0-updater.job 2014-05-10 12:00 - 2013-11-21 18:46 - 00001288 _____ () C:\Windows\Tasks\CS Browser Assistant 2.0-codedownloader.job 2014-05-10 12:00 - 2013-11-21 18:46 - 00001188 _____ () C:\Windows\Tasks\CS Browser Assistant 2.0-enabler.job 2014-05-10 12:00 - 2013-10-15 12:25 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-10 12:00 - 2010-11-21 05:47 - 00872946 _____ () C:\Windows\PFRO.log 2014-05-10 12:00 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-10 12:00 - 2009-07-14 06:51 - 00128300 _____ () C:\Windows\setupact.log 2014-05-10 11:59 - 2014-05-09 20:30 - 00000000 ____D () C:\AdwCleaner 2014-05-10 11:54 - 2014-05-10 11:54 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Mozilla 2014-05-10 11:51 - 2014-05-10 11:51 - 00003374 _____ () C:\Windows\System32\Tasks\Install_SSD 2014-05-10 11:51 - 2014-05-03 21:41 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\MySQL 2014-05-10 11:47 - 2013-11-13 06:13 - 00000000 ____D () C:\ProgramData\Package Cache 2014-05-10 11:47 - 2013-09-10 14:59 - 01983837 _____ () C:\Windows\WindowsUpdate.log 2014-05-10 11:35 - 2014-05-09 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-10 11:32 - 2014-05-10 11:32 - 00000000 _____ () C:\Users\Gaming pc\defogger_reenable 2014-05-10 11:32 - 2013-09-10 15:35 - 00000000 ____D () C:\Users\Gaming pc 2014-05-10 11:26 - 2013-09-16 18:03 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\CrashDumps 2014-05-10 11:23 - 2013-11-13 06:14 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies 2014-05-10 11:22 - 2014-05-09 19:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-10 11:17 - 2014-05-09 20:59 - 00000000 ____D () C:\ProgramData\MFAData 2014-05-10 11:17 - 2013-10-15 12:25 - 00004112 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-10 11:17 - 2013-10-15 12:25 - 00003860 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-10 11:15 - 2014-05-10 11:15 - 06103040 _____ () C:\Program Files (x86)\GUTDF67.tmp 2014-05-10 11:15 - 2014-05-10 11:15 - 00000000 ____D () C:\Program Files (x86)\GUMDF08.tmp 2014-05-10 11:15 - 2014-03-07 20:39 - 00000000 ____D () C:\Users\DefaultAppPool 2014-05-09 21:04 - 2014-05-09 21:04 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\TuneUp Software 2014-05-09 20:43 - 2014-05-09 20:43 - 00858295 _____ () C:\Users\Gaming pc\Documents\pinfect.zip 2014-05-09 20:42 - 2014-05-09 20:41 - 19759335 _____ () C:\Windows\REGBK00.ZIP 2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\VDLL.DLL 2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\SysWOW64\runouce.exe 2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\rundll16.exe 2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\RUNDL132.EXE 2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\logo1_.exe 2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\logo_1.exe 2014-05-09 20:40 - 2014-05-09 20:40 - 00632064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr80.dll 2014-05-09 20:40 - 2014-05-09 20:40 - 00554240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp80.dll 2014-05-09 20:40 - 2014-05-09 20:40 - 00034048 _____ (MicroWorld Technologies Inc.) C:\Windows\SysWOW64\eEmpty.exe 2014-05-09 20:40 - 2014-05-09 20:40 - 00000028 _____ () C:\Windows\Lic.xxx 2014-05-09 20:40 - 2014-05-09 20:40 - 00000000 ____D () C:\ProgramData\MicroWorld 2014-05-09 20:19 - 2014-05-03 21:37 - 00000000 ____D () C:\Program Files\MySQL 2014-05-09 20:18 - 2014-05-03 21:36 - 00000000 ____D () C:\Program Files (x86)\MySQL 2014-05-09 20:16 - 2014-05-03 21:37 - 00000023 _____ () C:\Windows\ODBCINST.INI 2014-05-09 20:16 - 2014-05-03 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL 2014-05-09 19:59 - 2013-11-17 13:33 - 00003036 _____ () C:\Windows\System32\Tasks\MSIAfterburner 2014-05-09 19:56 - 2014-05-09 19:56 - 00000000 ____D () C:\Users\Gaming pc\ChromeExtensions 2014-05-09 19:54 - 2013-09-11 00:52 - 02396496 _____ () C:\Windows\system32\perfh007.dat 2014-05-09 19:54 - 2013-09-11 00:52 - 00680496 _____ () C:\Windows\system32\perfc007.dat 2014-05-09 19:54 - 2009-07-14 07:13 - 00612130 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-09 19:47 - 2014-05-09 19:47 - 00120832 _____ () C:\Windows\system32\cmlua64.exe 2014-05-09 19:37 - 2014-05-09 19:37 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-05-09 19:20 - 2014-03-07 20:03 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-09 17:58 - 2014-05-09 17:58 - 00082457 _____ () C:\Users\Gaming pc\Documents\log.xml 2014-05-09 16:22 - 2014-05-09 16:17 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-05-09 16:20 - 2014-05-09 16:20 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager 2014-05-09 16:18 - 2014-05-09 16:18 - 00000000 _____ () C:\autoexec.bat 2014-05-09 16:17 - 2014-05-09 16:17 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-05-09 16:12 - 2014-04-25 19:45 - 00002300 _____ () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2014-05-09 16:12 - 2014-03-03 11:28 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-09 16:12 - 2014-01-27 18:21 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-09 16:12 - 2014-01-27 18:21 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-05-09 15:54 - 2014-01-27 18:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-09 15:54 - 2013-09-17 15:47 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-09 15:54 - 2013-09-17 15:47 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-09 15:52 - 2014-04-25 20:16 - 00000000 __SHD () C:\Program Files (x86)\Windows Manager 2014-05-09 15:44 - 2014-04-24 17:32 - 00000000 ___RD () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-08 16:33 - 2014-04-22 14:58 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\Arma 3 2014-05-08 16:33 - 2014-02-19 15:38 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-05-08 15:01 - 2013-09-17 15:59 - 00000304 _____ () C:\Windows\Tasks\Registry Optimizer_DEFAULT.job 2014-05-07 15:59 - 2013-09-17 15:59 - 00000312 _____ () C:\Windows\Tasks\Registry Optimizer_UPDATES.job 2014-05-06 16:03 - 2014-05-04 12:10 - 00001256 _____ () C:\Users\Gaming pc\AppData\Roaming\BreakingPoint_Options.ini 2014-05-06 15:54 - 2014-05-06 15:51 - 00000302 _____ () C:\Users\Gaming pc\AppData\Roaming\BreakingPoint_Login.ini 2014-05-06 15:54 - 2014-05-04 12:02 - 00000000 ____D () C:\Program Files (x86)\Breaking 2014-05-04 16:37 - 2014-05-04 16:37 - 00003222 _____ () C:\Windows\System32\Tasks\Windows Update Check - 0x140703D5 2014-05-04 16:21 - 2013-11-13 16:52 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner 2014-05-04 14:08 - 2014-05-04 14:08 - 00000019 _____ () C:\Users\Gaming pc\Desktop\[76561198110998659].txt 2014-05-04 12:03 - 2014-05-04 12:03 - 00001034 _____ () C:\Users\Gaming pc\Desktop\Breaking Point.lnk 2014-05-04 11:13 - 2013-12-27 13:39 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\Microsoft Games 2014-05-04 11:08 - 2013-09-10 15:52 - 00068600 _____ () C:\Users\Gaming pc\AppData\Local\GDIPFONTCACHEV1.DAT 2014-05-04 11:07 - 2009-07-14 06:45 - 00309392 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-05-04 10:12 - 2013-09-10 15:48 - 00603450 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-05-03 21:48 - 2014-05-03 21:48 - 00000000 ____D () C:\Users\Gaming pc\Documents\Navicat 2014-05-03 21:43 - 2014-05-03 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremiumSoft 2014-05-03 21:43 - 2014-05-03 21:43 - 00000000 ____D () C:\Program Files\PremiumSoft 2014-05-03 21:37 - 2014-05-03 21:36 - 00000000 ____D () C:\ProgramData\MySQL 2014-05-03 21:36 - 2014-05-03 21:36 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MySQL 2014-05-03 20:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-05-01 20:03 - 2014-05-01 20:03 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PBO Manager 2014-05-01 20:03 - 2014-05-01 20:03 - 00000000 ____D () C:\Program Files\PBO Manager v.1.4 beta 2014-05-01 17:09 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-30 19:49 - 2014-04-30 19:49 - 00001103 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk 2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows 2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN 2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\Program Files\TAP-Windows 2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\Program Files (x86)\OpenVPN 2014-04-30 19:14 - 2014-04-30 19:14 - 00001971 _____ () C:\Users\Public\Desktop\Overwolf.lnk 2014-04-30 19:14 - 2014-04-30 19:14 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf 2014-04-30 19:14 - 2014-04-30 19:14 - 00000000 ____D () C:\Program Files (x86)\Overwolf 2014-04-30 19:13 - 2014-04-30 19:13 - 00001222 _____ () C:\Users\Gaming pc\Desktop\TeamSpeak 3 Client.lnk 2014-04-30 19:13 - 2014-04-30 19:13 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\TeamSpeak 3 Client 2014-04-30 19:13 - 2014-04-24 20:56 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-04-29 20:08 - 2013-10-15 12:34 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Skype 2014-04-27 09:05 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-04-27 08:59 - 2013-11-22 16:52 - 00000000 ____D () C:\Program Files (x86)\Ubisoft 2014-04-27 08:58 - 2014-02-06 21:59 - 00000000 ____D () C:\Users\Gaming pc\Desktop\Games 2014-04-27 08:55 - 2014-03-04 15:03 - 00000000 ____D () C:\ProgramData\e13531e87054441f 2014-04-26 17:50 - 2014-03-31 16:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games 2014-04-26 17:50 - 2013-09-10 16:08 - 00000000 ____D () C:\Program Files (x86)\EA GAMES 2014-04-25 20:32 - 2014-04-25 20:32 - 00000201 _____ () C:\Users\Gaming pc\Desktop\arma3.url 2014-04-25 20:24 - 2014-04-25 20:24 - 00000222 _____ () C:\Users\Gaming pc\Desktop\Arma 3.url 2014-04-25 20:16 - 2014-04-25 20:11 - 00000000 ____D () C:\Program Files (x86)\Kepard 2014-04-25 19:51 - 2014-04-25 19:51 - 00003154 _____ () C:\Windows\System32\Tasks\{A8F5506E-8DE9-4484-9A04-FB634B47CB35} 2014-04-25 12:59 - 2013-09-10 15:54 - 00000000 ____D () C:\Windows\System32\Tasks\Intel(R) Small Business Advantage 2014-04-25 11:36 - 2013-09-10 16:03 - 00430540 _____ () C:\Windows\DirectX.log 2014-04-24 17:32 - 2014-04-24 17:32 - 00000000 ___RD () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-24 17:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources 2014-04-24 13:20 - 2014-04-24 13:20 - 06389248 _____ (Alderon Games) C:\Program Files (x86)\BreakingPoint.exe 2014-04-24 13:20 - 2014-04-24 13:20 - 03019880 _____ (BitTorrent, Inc.) C:\Program Files (x86)\BTSync.exe 2014-04-24 13:20 - 2014-04-24 13:20 - 01068544 _____ (Alderon Games) C:\Program Files (x86)\ApplyUpdate.exe 2014-04-23 21:02 - 2013-09-10 16:03 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\.minecraft 2014-04-22 19:26 - 2014-04-22 14:56 - 00000772 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARMA 3.lnk 2014-04-22 17:31 - 2014-04-22 14:58 - 00000000 ____D () C:\Users\Gaming pc\Documents\Arma 3 2014-04-22 15:49 - 2014-04-17 13:00 - 00000000 ____D () C:\Program Files (x86)\eRightSoft 2014-04-22 15:03 - 2014-03-08 14:00 - 00000000 ____D () C:\ProgramData\Steam 2014-04-22 14:58 - 2014-04-22 14:58 - 00000000 ____D () C:\ProgramData\Bohemia Interactive 2014-04-22 12:51 - 2014-04-18 18:56 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-19 15:59 - 2013-10-06 17:41 - 00000000 ____D () C:\Windows\Minidump 2014-04-17 22:15 - 2013-10-20 09:18 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\vlc 2014-04-17 13:00 - 2014-04-17 13:00 - 01097384 _____ (AnyProtect.com) C:\Users\Gaming pc\AppData\Local\nsy525F.tmp 2014-04-17 13:00 - 2014-04-17 13:00 - 00000000 ____D () C:\Users\Gaming pc\Documents\eRightSoft 2014-04-15 08:49 - 2014-04-15 08:49 - 00002990 _____ () C:\Windows\System32\Tasks\{EE1C554C-CCFC-452D-AAE2-71472538B64D} 2014-04-15 08:49 - 2014-04-15 08:49 - 00002990 _____ () C:\Windows\System32\Tasks\{E40D7364-927A-4F7B-B1A6-261C7E340CB4} 2014-04-13 16:18 - 2014-01-17 18:38 - 00000000 ____D () C:\Users\Gaming pc\Documents\My Games 2014-04-13 12:25 - 2014-04-13 12:12 - 00000000 ____D () C:\Users\Gaming pc\AppData\authlib 2014-04-13 12:23 - 2014-04-13 12:17 - 00000000 ____D () C:\Users\Gaming pc\AppData\assets 2014-04-13 12:23 - 2014-04-13 12:15 - 00000000 ____D () C:\Users\Gaming pc\AppData\Monster 2014-04-13 12:22 - 2014-04-13 12:19 - 00000000 ____D () C:\Users\Gaming pc\AppData\libraries 2014-04-13 12:17 - 2014-04-13 12:17 - 00000000 ____D () C:\Users\Gaming pc\AppData\versions 2014-04-13 12:13 - 2013-11-01 19:54 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\ftblauncher 2014-04-13 12:12 - 2014-04-13 12:12 - 00000000 _____ () C:\Users\Gaming pc\AppData\FTBOSSent1.3.8.txt 2014-04-13 12:10 - 2013-10-31 15:52 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\.technic 2014-04-11 17:41 - 2013-09-16 15:19 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-11 17:40 - 2014-04-11 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-04-11 17:40 - 2014-04-11 17:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-04-11 17:40 - 2014-04-11 17:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-04-11 17:40 - 2013-09-16 15:19 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Files to move or delete: ==================== C:\Users\Public\AlexaNSISPlugin.4516.dll Some content of TEMP: ==================== C:\Users\Gaming pc\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-09 21:32 ==================== End Of Log ============================ |
10.05.2014, 13:36 | #4 |
/// TB-Ausbilder /// Anleitungs-Guru | Antiviren- und Antimalwareprogramme können nicht installiert oder geöffnet werden, Firewall wurde auch deaktiviert. Ok, bitte auch noch die Addition.txt posten...
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
10.05.2014, 13:57 | #5 |
| Antiviren- und Antimalwareprogramme können nicht installiert oder geöffnet werden, Firewall wurde auch deaktiviert. Wo finde ich die Addition.txt |
10.05.2014, 14:00 | #6 |
/// TB-Ausbilder /// Anleitungs-Guru | Antiviren- und Antimalwareprogramme können nicht installiert oder geöffnet werden, Firewall wurde auch deaktiviert. Die sollte eigentlich auch Code:
ATTFilter C:\Users\Gaming pc\Desktop Wenn Du sie nicht findest nicht schlimm, FRST starten, Haken setzen bei Addition.txt und nochmal auf Scan drücken...
__________________ --> Antiviren- und Antimalwareprogramme können nicht installiert oder geöffnet werden, Firewall wurde auch deaktiviert. |
10.05.2014, 14:03 | #7 |
| Antiviren- und Antimalwareprogramme können nicht installiert oder geöffnet werden, Firewall wurde auch deaktiviert. Ok hab´s hier Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-05-2014 Ran by Gaming pc at 2014-05-10 15:01:15 Running from C:\Users\Gaming pc\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Disabled - Out of date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Disabled - Out of date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated) AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden AMD Wireless Display v3.0 (Version: 1.0.0.12 - Advanced Micro Devices, Inc.) Hidden AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.) Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive) AutoCAD 2014 - Deutsch (German) (Version: 19.1.18.0 - Autodesk) Hidden AutoCAD 2014 Language Pack - Deutsch (German) (Version: 19.1.18.0 - Autodesk) Hidden AVG 2014 (Version: 14.0.3882 - AVG Technologies) Hidden Blender (HKLM\...\Blender) (Version: 2.68a - Blender Foundation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden Ghost Recon Phantoms - EU (HKCU\...\d8be6c3f847d7d92) (Version: 1.35.5979.1 - Ubisoft) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden Intel(R) Smart Connect Technology 4.0 x64 (HKLM\...\{B0CA78DB-745A-4857-A73F-9ACD95E62BD0}) (Version: 4.0.41.2072 - Intel) Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.) Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden Music Manager (HKCU\...\MusicManager) (Version: - Google, Inc.) MySQL Examples and Samples 5.6 (HKLM-x32\...\{44D03537-3061-490B-BF0C-DACA4DEE8797}) (Version: 5.6.14 - Oracle Corporation) MySQL Installer (HKLM-x32\...\{88359D24-F64F-477E-B080-50FB024BA6F7}) (Version: 1.3.3.0 - Oracle Corporation) MySQL Notifier 1.1.4 (HKLM-x32\...\{D7C3E617-EB02-47B3-8D0E-BF3E00D873D5}) (Version: 1.1.4 - Oracle) MySQL Server 5.6 (HKLM\...\{23EEC459-9E65-4DCE-83B8-A1FDB44B9337}) (Version: 5.6.14 - Oracle Corporation) MySQL Utilities (HKLM-x32\...\{6A494EFD-CFC6-4534-9E14-26D3F7D888DE}) (Version: 1.3.4 - Oracle) MySQL Workbench 6.0 CE (HKLM-x32\...\{0B724473-51F5-49E8-958C-4BB3C0AAAF35}) (Version: 6.0.7 - Oracle Corporation) OpenVPN 2.3.3-I002 (HKLM-x32\...\OpenVPN) (Version: 2.3.3-I002 - ) Overwolf (HKLM-x32\...\{FB83467F-D8EB-43E6-8B3D-860B045C1C52}) (Version: 0.51.325 - Overwolf) PBO Manager v.1.4 beta (HKLM\...\{127B5371-1802-4EDD-A25A-A43BF761D383}) (Version: 1.4.0 - ) PlanetSide 2 (HKCU\...\SOE-PlanetSide 2 PSG) (Version: 1.0.3.183 - Sony Online Entertainment) PremiumSoft Navicat 11.0 for MySQL (HKLM\...\PremiumSoft Navicat for MySQL_is1) (Version: 11.0.17 - PremiumSoft CyberTech Ltd.) TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH) ==================== Restore Points ========================= 09-05-2014 14:17:38 Installed SpyHunter 09-05-2014 14:22:37 Removed SpyHunter 09-05-2014 18:16:19 Removed MySQL Connector/ODBC 5.2 64bit (community edition) 09-05-2014 18:16:34 Removed MySQL Connector Net 6.7.4 09-05-2014 18:17:00 Removed Vegas Pro 12.0 (64-bit) 09-05-2014 18:18:50 Removed MySQL Documents 5.6 09-05-2014 18:19:50 Removed MySQL Connector C++ 1.1.3 09-05-2014 18:20:02 Removed MySQL Connector J 09-05-2014 18:50:59 RegClean Pro Fr, Mai 09, 14 20:50 09-05-2014 19:00:29 Installed AVG 2014 09-05-2014 19:01:18 Installed AVG 2014 09-05-2014 19:05:14 Removed AVG 2014 10-05-2014 09:16:12 Installed AVG 2014 ==================== Hosts content: ========================== 2009-07-14 04:34 - 2013-06-17 17:57 - 00001487 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 csc3-2010-crl.verisign.com 127.0.0.1 ocsp.verisign.com 127.0.0.1 crl.verisign.com 127.0.0.1 download.dm.origin.com 127.0.0.1 secure.download.dm.origin.com 127.0.0.1 loginregistration.dm.origin.com 127.0.0.1 achievements.gameservices.ea.com 127.0.0.1 friends.dm.origin.com 127.0.0.1 avatar.dm.origin.com 127.0.0.1 ecommerce.dm.origin.com 127.0.0.1 static.cdn.ea.com 127.0.0.1 tealium.hs.llnwd.net 127.0.0.1 heartbeat.dm.origin.com 127.0.0.1 web.dm.origin.com 127.0.0.1 store.origin.com 127.0.0.1 ec2-54-243-231-82.compute-1.amazonaws.com 127.0.0.1 eaassets-a.akamaihd.net 127.0.0.1 ssl.resources.ea.com 127.0.0.1 akamai.cdn.ea.com 127.0.0.1 novafusion.ea.com 127.0.0.1 proxy.novafusion.ea.com 127.0.0.1 ec2-23-23-167-200.compute-1.amazonaws.com 127.0.0.1 dirtybits.dm.origin.com 127.0.0.1 chat.dm.origin.com 127.0.0.1 easo.ea.com 127.0.0.1 ea.com 127.0.0.1 telemetry.simcity.com 127.0.0.1 ec2-54-228-227-181.eu-west-1.compute.amazonaws.com 127.0.0.1 ec2-46-137-177-16.eu-west-1.compute.amazonaws.com There are 11 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {05E22C15-AD8D-49A8-A9FB-24EB083CA143} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-11] (Google Inc.) Task: {0AFE4B3A-10B7-4F95-BE15-9B6890A1D772} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation) Task: {0FE2AB4C-4369-4F52-B37B-9659200A1552} - System32\Tasks\CS Browser Assistant 2.0-enabler => C:\Program Files (x86)\CS Browser Assistant 2.0\CS Browser Assistant 2.0-enabler.exe Task: {28DDF4E9-308C-46B7-8956-CAB825140E55} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation) Task: {35B64F17-8457-4CFB-93D3-E3F8C9A8CCE7} - System32\Tasks\{EE1C554C-CCFC-452D-AAE2-71472538B64D} => C:\Users\Gaming pc\Desktop\Nexus_Mod_Manager-0.49.2.exe Task: {471D57E0-CFD6-4BCD-81A5-DC48DC528523} - System32\Tasks\Intel(R) Small Business Advantage\Notifier => C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\SBA_Notifier.exe [2013-03-13] (Intel Corporation) Task: {5B256E7B-0C95-4D69-AF93-FB157CA177C7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000UA => C:\Users\Gaming pc\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-27] (Google Inc.) Task: {64D2BA3C-A1A6-4109-9ECD-17F4ACEC3375} - System32\Tasks\CS Browser Assistant 2.0-firefoxinstaller => C:\Program Files (x86)\CS Browser Assistant 2.0\CS Browser Assistant 2.0-firefoxinstaller.exe Task: {6569A672-7776-4A44-81AE-F0716AC7ED61} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled Task: {6C6FECA8-BE1C-4AAA-BDFF-B33B46458425} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-11] (Google Inc.) Task: {6CE999AF-84EF-4E49-8616-DDC3743629BB} - System32\Tasks\Windows Update Check - 0x140703D5 => C:\ProgramData\folder\mtqadjqbe.exe [] () Task: {6F5ADDFB-A153-44D2-9ACB-17122CDFFA38} - System32\Tasks\Registry Optimizer_DEFAULT => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe Task: {7443E756-0398-43D1-9D61-59DABBAEEFF1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe Task: {7B778D8D-E9BE-49CC-A92F-9C90CAB6E699} - System32\Tasks\CS Browser Assistant 2.0-updater => C:\Program Files (x86)\CS Browser Assistant 2.0\CS Browser Assistant 2.0-updater.exe Task: {8177C1FF-236F-4A57-BF2E-4377EB1A3789} - System32\Tasks\Registry Optimizer_UPDATES => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe Task: {8249F99B-ABE1-4602-800E-0C12D0097385} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation) Task: {983A234F-DDBC-4096-B734-E6FB0DC6278E} - \AmiUpdXp No Task File <==== ATTENTION Task: {A28EF333-2B66-4651-B2B4-EBD24959D344} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks Task: {A41202DF-47E8-4001-B08D-7A3F39007D30} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000Core => C:\Users\Gaming pc\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-27] (Google Inc.) Task: {A54FCA05-0AC2-4FC6-8BF1-3503D65C5F18} - System32\Tasks\{E40D7364-927A-4F7B-B1A6-261C7E340CB4} => C:\Users\Gaming pc\Desktop\Nexus_Mod_Manager-0.49.2.exe Task: {B9234F7A-4E44-4A40-B473-441AADF72EC2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-09] (Adobe Systems Incorporated) Task: {BFEBC2D9-3AF3-4A23-8B4E-8C4FE8C0396D} - System32\Tasks\Install_SSD => C:\Users\Gaming Task: {D557F350-B077-4C75-B95C-1470A27126A7} - System32\Tasks\CS Browser Assistant 2.0-codedownloader => C:\Program Files (x86)\CS Browser Assistant 2.0\CS Browser Assistant 2.0-codedownloader.exe Task: {DA79FAB7-8775-4B86-97DC-8E79504B7BD2} - System32\Tasks\CS Browser Assistant 2.0-chromeinstaller => C:\Program Files (x86)\CS Browser Assistant 2.0\CS Browser Assistant 2.0-chromeinstaller.exe Task: {FB7CB1B9-2064-45B3-A205-F087A73C561D} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2013-01-23] () Task: {FCACAD34-56A9-4DEE-A5F7-8D491C3B81B9} - System32\Tasks\Registry Optimizer => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\CS Browser Assistant 2.0-chromeinstaller.job => C:\Program Files (x86)\CS Browser Assistant 2.0\CS Browser Assistant 2.0-chromeinstaller.exe Task: C:\Windows\Tasks\CS Browser Assistant 2.0-codedownloader.job => C:\Program Files (x86)\CS Browser Assistant 2.0\CS Browser Assistant 2.0-codedownloader.exe Task: C:\Windows\Tasks\CS Browser Assistant 2.0-enabler.job => C:\Program Files (x86)\CS Browser Assistant 2.0\CS Browser Assistant 2.0-enabler.exe Task: C:\Windows\Tasks\CS Browser Assistant 2.0-firefoxinstaller.job => C:\Program Files (x86)\CS Browser Assistant 2.0\CS Browser Assistant 2.0-firefoxinstaller.exe Task: C:\Windows\Tasks\CS Browser Assistant 2.0-updater.job => C:\Program Files (x86)\CS Browser Assistant 2.0\CS Browser Assistant 2.0-updater.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000Core.job => C:\Users\Gaming pc\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000UA.job => C:\Users\Gaming pc\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Opera scheduled Uninstall survey 1394193655.job => ? Task: C:\Windows\Tasks\Registry Optimizer_DEFAULT.job => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe Task: C:\Windows\Tasks\Registry Optimizer_UPDATES.job => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe Task: C:\Windows\Tasks\WS.Booster-S-1839310039.job => c:\programdata\right soft\ws.booster\WS.Booster.exe ==================== Loaded Modules (whitelisted) ============= 2013-02-13 10:35 - 2013-02-13 10:35 - 00180200 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe 2013-02-13 10:35 - 2013-02-13 10:35 - 00060392 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll 2013-01-23 08:12 - 2013-01-23 08:12 - 00425016 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe 2013-09-10 10:04 - 2013-09-10 10:04 - 12915712 _____ () C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe 2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-01-16 18:01 - 2013-01-16 18:01 - 00069632 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll 2013-01-16 18:00 - 2013-01-16 18:00 - 00061440 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll 2013-01-16 18:01 - 2013-01-16 18:01 - 00229376 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll 2013-01-16 18:00 - 2013-01-16 18:00 - 00143360 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll 2013-01-16 18:01 - 2013-01-16 18:01 - 00348160 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll 2011-04-30 21:04 - 2011-04-30 21:04 - 00013312 _____ () C:\Program Files (x86)\MSI Afterburner\RTTSH.dll 2014-03-19 18:12 - 2014-03-19 18:12 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-09-10 15:52 - 2013-03-12 22:20 - 01199576 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:AD022376 ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: FlexNet Licensing Service 64 => 3 ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (05/10/2014 03:00:43 PM) (Source: Application Hang) (User: ) (EventID: 1002) Description: Programm FRST64.exe, Version 10.5.2014.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 13c0 Startzeit: 01cf6c4fb8cc37c6 Endzeit: 0 Anwendungspfad: C:\Users\Gaming pc\Desktop\FRST64.exe Berichts-ID: 12ee2654-d843-11e3-9004-d43d7ebdbc00 Error: (05/10/2014 02:59:29 PM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/10/2014 00:01:13 PM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/10/2014 11:26:16 AM) (Source: Application Error) (User: ) (EventID: 1000) Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.16521, Zeitstempel: 0x53114286 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000000000 ID des fehlerhaften Prozesses: 0x714 Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0 Pfad der fehlerhaften Anwendung: iexplore.exe1 Pfad des fehlerhaften Moduls: iexplore.exe2 Berichtskennung: iexplore.exe3 Error: (05/10/2014 11:20:19 AM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/10/2014 11:13:08 AM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: m->NextScheduledSPRetry 48507263 Error: (05/10/2014 11:13:08 AM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: m->NextScheduledEvent 48507263 Error: (05/10/2014 11:13:08 AM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/10/2014 11:12:58 AM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: m->NextScheduledSPRetry 48497279 Error: (05/10/2014 11:12:58 AM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: m->NextScheduledEvent 48497279 System errors: ============= Error: (05/10/2014 02:59:52 PM) (Source: Service Control Manager) (User: ) (EventID: 7024) Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143. Error: (05/10/2014 02:59:02 PM) (Source: Service Control Manager) (User: ) (EventID: 7000) Description: Der Dienst "Util Surftastic" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (05/10/2014 02:58:51 PM) (Source: Service Control Manager) (User: ) (EventID: 7003) Description: Der Dienst "Avira Browser-Schutz" ist von folgendem Dienst abhängig: AntiVirService. Dieser Dienst ist eventuell nicht installiert. Error: (05/10/2014 00:03:06 PM) (Source: Service Control Manager) (User: ) (EventID: 7023) Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet: %%-2147024891 Error: (05/10/2014 00:01:06 PM) (Source: Service Control Manager) (User: ) (EventID: 7024) Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143. Error: (05/10/2014 00:00:39 PM) (Source: Service Control Manager) (User: ) (EventID: 7000) Description: Der Dienst "Util Surftastic" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (05/10/2014 00:00:33 PM) (Source: Service Control Manager) (User: ) (EventID: 7003) Description: Der Dienst "Avira Browser-Schutz" ist von folgendem Dienst abhängig: AntiVirService. Dieser Dienst ist eventuell nicht installiert. Error: (05/10/2014 11:22:30 AM) (Source: Service Control Manager) (User: ) (EventID: 7023) Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet: %%-2147024891 Error: (05/10/2014 11:20:58 AM) (Source: Service Control Manager) (User: ) (EventID: 7024) Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143. Error: (05/10/2014 11:19:47 AM) (Source: Service Control Manager) (User: ) (EventID: 7000) Description: Der Dienst "Util Surftastic" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Microsoft Office Sessions: ========================= Error: (05/10/2014 03:00:43 PM) (Source: Application Hang) (User: ) (EventID: 1002) Description: FRST64.exe10.5.2014.013c001cf6c4fb8cc37c60C:\Users\Gaming pc\Desktop\FRST64.exe12ee2654-d843-11e3-9004-d43d7ebdbc00 Error: (05/10/2014 02:59:29 PM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/10/2014 00:01:13 PM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/10/2014 11:26:16 AM) (Source: Application Error) (User: ) (EventID: 1000) Description: iexplore.exe11.0.9600.1652153114286unknown0.0.0.000000000c0000005000000000000000071401cf6c31e470cf9cC:\Program Files\Internet Explorer\iexplore.exeunknown22c28630-d825-11e3-b32e-d43d7ebdbc00 Error: (05/10/2014 11:20:19 AM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/10/2014 11:13:08 AM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: m->NextScheduledSPRetry 48507263 Error: (05/10/2014 11:13:08 AM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: m->NextScheduledEvent 48507263 Error: (05/10/2014 11:13:08 AM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/10/2014 11:12:58 AM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: m->NextScheduledSPRetry 48497279 Error: (05/10/2014 11:12:58 AM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: m->NextScheduledEvent 48497279 ==================== Memory info =========================== Percentage of memory in use: 25% Total physical RAM: 8120.6 MB Available physical RAM: 6027.18 MB Total Pagefile: 16239.38 MB Available Pagefile: 13560.73 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:508.45 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 88570D40) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
10.05.2014, 17:40 | #8 |
/// TB-Ausbilder /// Anleitungs-Guru | Antiviren- und Antimalwareprogramme können nicht installiert oder geöffnet werden, Firewall wurde auch deaktiviert. Hallo, Dein PC ist mit einigen Schädlingen infiziert. Es kann nicht schaden von einem anderen PC aus Logindaten zu ändern. Solange dieser Rechner nicht wieder >clean< ist, würde ich damit keine sensiblen Logins etc. mehr vornehmen. Bitte auch keine weiteren Tools installieren etc. Code:
ATTFilter 09-05-2014 14:17:38 Installed SpyHunter Schritt 1 Wichtig: Benenne die runtergeladene Combofix.exe vor dem Start in CF.exe um! Ansonsten folge diesen Anweisungen analog: Scan mit Combofix
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
11.05.2014, 09:34 | #9 |
| Antiviren- und Antimalwareprogramme können nicht installiert oder geöffnet werden, Firewall wurde auch deaktiviert. Ok habs ausgeführt und es gab keine probleme Code:
ATTFilter ComboFix 14-05-10.01 - Gaming pc 11.05.2014 10:21:30.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8121.6436 [GMT 2:00] ausgeführt von:: c:\users\Gaming pc\Desktop\CF.exe AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\program files (x86)\Windows Manager\winmgr.exe c:\programdata\1382544747.bdinstall.bin c:\programdata\1382623707.bdinstall.bin c:\programdata\Folder\mtqadjqbe.exe c:\programdata\Local Settings\Temp c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\background.html c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\content.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\yraM.js c:\users\Gaming pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Surftastic_iels c:\users\Gaming pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Whilokii_iels c:\users\Gaming pc\AppData\Local\nsy525F.tmp c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\background.html c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\content.js c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\lsdb.js c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\manifest.json c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\yraM.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\background.html c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\content.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\lsdb.js c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\manifest.json c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\yraM.js c:\users\Public\AlexaNSISPlugin.4516.dll c:\windows\ST6UNST.000 c:\windows\SysWow64\Microsoft.com c:\programdata\Folder . . . . Nicht in der Lage zu löschen . . ((((((((((((((((((((((( Dateien erstellt von 2014-04-11 bis 2014-05-11 )))))))))))))))))))))))))))))) . . 2014-05-10 16:02 . 2014-05-10 16:02 -------- d-----w- c:\users\Gaming pc\AppData\Local\Apps 2014-05-10 10:00 . 2014-05-10 10:00 -------- d-----w- c:\users\Gaming pc\AppData\Roaming\ATI 2014-05-10 10:00 . 2014-05-10 10:00 -------- d-----w- c:\users\Gaming pc\AppData\Roaming\Apple Computer 2014-05-10 10:00 . 2014-05-10 10:00 -------- d-----w- c:\users\Gaming pc\AppData\Local\Avg2014 2014-05-10 10:00 . 2014-05-10 10:00 -------- d-----w- c:\users\Gaming pc\AppData\Local\MFAData 2014-05-10 09:47 . 2014-05-10 09:47 -------- d-----w- C:\OETemp 2014-05-10 09:38 . 2014-05-10 13:01 -------- d-----w- C:\FRST 2014-05-10 09:15 . 2014-05-10 09:15 -------- d-----w- c:\program files (x86)\GUMDF08.tmp 2014-05-10 09:15 . 2014-05-10 09:15 6103040 ----a-w- c:\program files (x86)\GUTDF67.tmp 2014-05-09 19:04 . 2014-05-09 19:04 -------- d-----w- c:\users\Gaming pc\AppData\Roaming\TuneUp Software 2014-05-09 18:59 . 2014-05-10 09:17 -------- d-----w- c:\programdata\MFAData 2014-05-09 18:41 . 2014-05-09 18:41 -------- d---a-w- c:\windows\VDLL.DLL 2014-05-09 18:41 . 2014-05-09 18:41 -------- d---a-w- c:\windows\SysWow64\runouce.exe 2014-05-09 18:41 . 2014-05-09 18:41 -------- d---a-w- c:\windows\rundll16.exe 2014-05-09 18:41 . 2014-05-09 18:41 -------- d---a-w- c:\windows\RUNDL132.EXE 2014-05-09 18:41 . 2014-05-09 18:41 -------- d---a-w- c:\windows\logo1_.exe 2014-05-09 18:41 . 2014-05-09 18:41 -------- d---a-w- c:\windows\logo_1.exe 2014-05-09 18:40 . 2014-05-09 18:40 632064 ----a-w- c:\windows\SysWow64\msvcr80.dll 2014-05-09 18:40 . 2014-05-09 18:40 554240 ----a-w- c:\windows\SysWow64\msvcp80.dll 2014-05-09 18:40 . 2014-05-09 18:40 34048 ----a-w- c:\windows\SysWow64\eEmpty.exe 2014-05-09 18:40 . 2014-05-09 18:40 -------- d-----w- c:\program files (x86)\Common Files\MicroWorld 2014-05-09 18:40 . 2014-05-09 18:40 -------- d-----w- c:\programdata\MicroWorld 2014-05-09 18:30 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll 2014-05-09 18:30 . 2014-05-10 09:59 -------- d-----w- C:\AdwCleaner 2014-05-09 18:21 . 2014-04-03 07:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-05-09 18:21 . 2014-04-03 07:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-05-09 18:21 . 2014-04-03 07:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-05-09 17:56 . 2014-05-09 17:56 -------- d-----w- c:\users\Gaming pc\ChromeExtensions 2014-05-09 17:47 . 2014-05-09 17:47 120832 ----a-w- c:\windows\system32\cmlua64.exe 2014-05-09 17:41 . 2014-05-10 09:22 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware 2014-05-09 17:37 . 2014-05-09 17:37 -------- d-----w- c:\programdata\AVAST Software 2014-05-09 17:33 . 2014-05-10 10:01 -------- d-----w- c:\users\Gaming pc\AppData\Roaming\Oracle 2014-05-09 14:17 . 2014-05-09 14:17 -------- d-----w- c:\program files\Enigma Software Group 2014-05-09 14:17 . 2014-05-09 14:22 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-05-09 14:17 . 2014-05-09 14:17 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2014-05-09 14:09 . 2014-05-10 10:00 -------- d-----w- c:\program files (x86)\Avira 2014-05-04 14:37 . 2014-05-11 08:27 -------- d-----w- c:\programdata\folder 2014-05-04 10:02 . 2014-05-06 13:54 -------- d-----w- c:\program files (x86)\Breaking 2014-05-03 19:43 . 2013-10-08 07:55 1988096 ----a-w- c:\windows\system32\libmysql_e.dll 2014-05-03 19:43 . 2014-05-03 19:43 -------- d-----w- c:\program files\PremiumSoft 2014-05-03 19:41 . 2014-05-10 09:51 -------- d-----w- c:\users\Gaming pc\AppData\Roaming\MySQL 2014-05-03 19:37 . 2014-05-09 18:19 -------- d-----w- c:\program files\MySQL 2014-05-03 19:36 . 2014-05-09 18:18 -------- d-----w- c:\program files (x86)\MySQL 2014-05-03 19:36 . 2014-05-03 19:37 -------- d-----w- c:\programdata\MySQL 2014-05-01 18:03 . 2014-05-01 18:03 -------- d-----w- c:\program files\PBO Manager v.1.4 beta 2014-04-30 17:49 . 2014-04-30 17:49 -------- d-----w- c:\program files\TAP-Windows 2014-04-30 17:49 . 2014-04-30 17:49 -------- d-----w- c:\program files (x86)\OpenVPN 2014-04-30 17:14 . 2014-04-30 17:14 -------- d-----w- c:\program files (x86)\Overwolf 2014-04-30 17:14 . 2014-04-30 17:14 -------- d-----w- c:\program files (x86)\Common Files\Overwolf 2014-04-30 17:13 . 2014-05-10 15:55 -------- d-----w- c:\users\Gaming pc\AppData\Local\Overwolf 2014-04-30 17:13 . 2014-04-30 17:13 -------- d-----w- c:\users\Gaming pc\AppData\Local\TeamSpeak 3 Client 2014-04-25 18:16 . 2014-05-11 08:25 -------- d-sh--w- c:\program files (x86)\Windows Manager 2014-04-25 18:11 . 2014-04-25 18:16 -------- d-----w- c:\program files (x86)\Kepard 2014-04-25 17:53 . 2014-04-25 17:53 -------- d-----w- c:\program files (x86)\Common Files\Steganos 2014-04-25 09:38 . 2014-04-25 09:38 -------- d-----w- c:\program files (x86)\Common Files\BattlEye 2014-04-25 08:22 . 2014-04-25 08:22 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{87E93FE7-EC4D-46DF-8A2A-139AD922AC5D}\offreg.dll 2014-04-24 11:20 . 2014-04-24 11:20 3019880 ----a-w- c:\program files (x86)\BTSync.exe 2014-04-24 11:20 . 2014-04-24 11:20 1068544 ----a-w- c:\program files (x86)\ApplyUpdate.exe 2014-04-22 12:58 . 2014-05-10 15:28 -------- d-----w- c:\users\Gaming pc\AppData\Local\Arma 3 2014-04-22 12:58 . 2014-04-22 12:58 -------- d-----w- c:\programdata\Bohemia Interactive 2014-04-18 16:56 . 2014-04-22 10:51 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-04-17 11:04 . 2004-02-22 08:11 764416 --sh--w- c:\windows\SysWow64\devil.dll 2014-04-17 11:04 . 2009-09-27 07:39 415744 --sh--w- c:\windows\SysWow64\avisynth.dll 2014-04-17 11:04 . 2005-07-14 10:31 32256 --sh--w- c:\windows\SysWow64\AVSredirect.dll 2014-04-17 11:04 . 2004-01-24 22:00 70656 --sh--w- c:\windows\SysWow64\yv12vfw.dll 2014-04-17 11:04 . 2004-01-24 22:00 70656 --sh--w- c:\windows\SysWow64\i420vfw.dll 2014-04-17 11:00 . 2004-07-02 14:33 327749 ----a-w- c:\windows\SysWow64\drvc.dll 2014-04-17 11:00 . 2014-04-22 13:49 -------- d-----w- c:\program files (x86)\eRightSoft 2014-04-16 11:23 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{87E93FE7-EC4D-46DF-8A2A-139AD922AC5D}\mpengine.dll 2014-04-13 10:29 . 2014-05-11 08:27 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys 2014-04-11 15:40 . 2014-04-11 15:40 -------- d-----w- c:\program files\Microsoft Silverlight 2014-04-11 15:40 . 2014-04-11 15:40 -------- d-----w- c:\program files (x86)\Microsoft Silverlight . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-05-09 18:42 . 2014-05-09 18:41 19759335 ----a-w- c:\windows\REGBK00.ZIP 2014-05-09 13:54 . 2013-09-17 13:47 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-05-09 13:54 . 2013-09-17 13:47 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-04-11 15:40 . 2013-09-16 13:19 90655440 ----a-w- c:\windows\system32\MRT.exe 2014-03-01 06:05 . 2014-03-19 14:56 23133696 ----a-w- c:\windows\system32\mshtml.dll 2014-03-01 05:17 . 2014-03-19 14:56 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2014-03-01 05:16 . 2014-03-19 14:56 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll 2014-03-01 04:58 . 2014-03-19 14:56 2765824 ----a-w- c:\windows\system32\iertutil.dll 2014-03-01 04:52 . 2014-03-19 14:56 66048 ----a-w- c:\windows\system32\iesetup.dll 2014-03-01 04:51 . 2014-03-19 14:56 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll 2014-03-01 04:42 . 2014-03-19 14:56 53760 ----a-w- c:\windows\system32\jsproxy.dll 2014-03-01 04:40 . 2014-03-19 14:56 33792 ----a-w- c:\windows\system32\iernonce.dll 2014-03-01 04:37 . 2014-03-19 14:56 574976 ----a-w- c:\windows\system32\ieui.dll 2014-03-01 04:33 . 2014-03-19 14:56 139264 ----a-w- c:\windows\system32\ieUnatt.exe 2014-03-01 04:33 . 2014-03-19 14:56 111616 ----a-w- c:\windows\system32\ieetwcollector.exe 2014-03-01 04:32 . 2014-03-19 14:56 708608 ----a-w- c:\windows\system32\jscript9diag.dll 2014-03-01 04:23 . 2014-03-19 14:56 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2014-03-01 04:17 . 2014-03-19 14:56 218624 ----a-w- c:\windows\system32\ie4uinit.exe 2014-03-01 04:11 . 2014-03-19 14:56 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2014-03-01 04:02 . 2014-03-19 14:56 195584 ----a-w- c:\windows\system32\msrating.dll 2014-03-01 03:54 . 2014-03-19 14:56 5768704 ----a-w- c:\windows\system32\jscript9.dll 2014-03-01 03:52 . 2014-03-19 14:56 61952 ----a-w- c:\windows\SysWow64\iesetup.dll 2014-03-01 03:51 . 2014-03-19 14:56 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll 2014-03-01 03:42 . 2014-03-19 14:56 627200 ----a-w- c:\windows\system32\msfeeds.dll 2014-03-01 03:38 . 2014-03-19 14:56 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2014-03-01 03:37 . 2014-03-19 14:56 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll 2014-03-01 03:35 . 2014-03-19 14:56 2041856 ----a-w- c:\windows\system32\inetcpl.cpl 2014-03-01 03:18 . 2014-03-19 14:56 13051904 ----a-w- c:\windows\system32\ieframe.dll 2014-03-01 03:14 . 2014-03-19 14:56 4244480 ----a-w- c:\windows\SysWow64\jscript9.dll 2014-03-01 03:10 . 2014-03-19 14:56 2334208 ----a-w- c:\windows\system32\wininet.dll 2014-03-01 03:00 . 2014-03-19 14:56 1964032 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2014-03-01 02:38 . 2014-03-19 14:56 1393664 ----a-w- c:\windows\system32\urlmon.dll 2014-03-01 02:32 . 2014-03-19 14:56 1820160 ----a-w- c:\windows\SysWow64\wininet.dll 2014-03-01 02:25 . 2014-03-19 14:56 817664 ----a-w- c:\windows\system32\ieapfltr.dll 2014-01-07 14:58 . 2014-01-07 12:56 820984 ----a-w- c:\program files (x86)\DragonsProphetSetup.exe 2014-01-07 14:58 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-9.bin 2014-01-07 14:56 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-8.bin 2014-01-07 14:54 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-7.bin 2014-01-07 14:51 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-6.bin 2014-01-07 14:49 . 2014-01-07 12:56 92102186 ----a-w- c:\program files (x86)\DragonsProphetSetup-51.bin 2014-01-07 14:48 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-50.bin 2014-01-07 14:45 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-5.bin 2014-01-07 14:43 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-49.bin 2014-01-07 14:40 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-48.bin 2014-01-07 14:38 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-47.bin 2014-01-07 14:36 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-46.bin 2014-01-07 14:33 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-45.bin 2014-01-07 14:31 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-44.bin 2014-01-07 14:28 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-43.bin 2014-01-07 14:26 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-42.bin 2014-01-07 14:24 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-41.bin 2014-01-07 14:21 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-40.bin 2014-01-07 14:19 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-4.bin 2014-01-07 14:16 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-39.bin 2014-01-07 14:14 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-38.bin 2014-01-07 14:12 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-37.bin 2014-01-07 14:09 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-36.bin 2014-01-07 14:07 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-35.bin 2014-01-07 14:04 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-34.bin 2014-01-07 14:02 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-33.bin 2014-01-07 14:00 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-32.bin 2014-01-07 13:57 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-31.bin 2014-01-07 13:55 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-30.bin 2014-01-07 13:52 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-3.bin 2014-01-07 13:50 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-29.bin 2014-01-07 13:48 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-28.bin 2014-01-07 13:45 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-27.bin 2014-01-07 13:43 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-26.bin 2014-01-07 13:40 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-25.bin 2014-01-07 13:38 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-24.bin 2014-01-07 13:36 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-23.bin 2014-01-07 13:33 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-22.bin 2014-01-07 13:31 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-21.bin 2014-01-07 13:28 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-20.bin 2014-01-07 13:26 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-2.bin 2014-01-07 13:24 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-19.bin 2014-01-07 13:21 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-18.bin 2014-01-07 13:19 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-17.bin 2014-01-07 13:16 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-16.bin 2014-01-07 13:14 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-15.bin 2014-01-07 13:12 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-14.bin 2014-01-07 13:09 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-13.bin 2014-01-07 13:07 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-12.bin 2014-01-07 13:04 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-11.bin 2014-01-07 13:02 . 2014-01-07 12:56 209715200 ----a-w- c:\program files (x86)\DragonsProphetSetup-10.bin 2014-01-07 12:59 . 2014-01-07 12:56 208900096 ----a-w- c:\program files (x86)\DragonsProphetSetup-1.bin 2009-09-27 07:39 415744 --sh--w- c:\windows\SysWOW64\avisynth.dll 2005-07-14 10:31 32256 --sh--w- c:\windows\SysWOW64\AVSredirect.dll 2004-02-22 08:11 764416 --sh--w- c:\windows\SysWOW64\devil.dll 2004-01-24 22:00 70656 --sh--w- c:\windows\SysWOW64\i420vfw.dll 2004-01-24 22:00 70656 --sh--w- c:\windows\SysWOW64\yv12vfw.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "Overwolf"="c:\program files (x86)\Overwolf\Overwolf.exe" [2014-03-05 37664] "MySQL Notifier"="c:\program files (x86)\MySQL\MySQL Notifier 1.1.4\MySqlNotifier.exe" [2013-07-05 762368] "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2013-12-06 389120] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-11 292848] "Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2013-03-08 506864] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 152392] "IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-03-12 134616] "ADSK DLMSession"="c:\program files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2013-02-01 1641368] "MFARestart"="c:\programdata\MFAData\pack\avgrunasx.exe" [2014-03-27 314896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "TaskbarNoNotification"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"="0" "UpdatesDisableNotify"="0" . R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x] R2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 Util Surftastic;Util Surftastic;c:\program files (x86)\Surftastic\bin\utilSurftastic.exe;c:\program files (x86)\Surftastic\bin\utilSurftastic.exe [x] R3 ALSysIO;ALSysIO;c:\users\GAMING~1\AppData\Local\Temp\ALSysIO64.sys;c:\users\GAMING~1\AppData\Local\Temp\ALSysIO64.sys [x] R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x] R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x] R3 intelsba;Intel(R) Small Business Advantage;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x] R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x] R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x] R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R4 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x] S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x] S2 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x] S2 MSI_Trigger_Service;MSI_Trigger_Service;c:\program files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe;c:\program files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [x] S2 MySQL56;MySQL56;C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQL56;C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQL56 [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x] S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x] S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x] S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-04-29 14:40 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2014-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-17 13:54] . 2014-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-24 15:57] . 2014-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-24 15:57] . 2014-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000Core.job - c:\users\Gaming pc\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-27 10:12] . 2014-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000UA.job - c:\users\Gaming pc\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-27 10:12] . . --------- X64 Entries ----------- . . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com uStart Page = hxxp://www.bing.com mDefault_Search_URL = hxxp://www.google.com mDefault_Page_URL = hxxp://www.google.com mStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = hxxp://www.google.com uSearchAssistant = hxxp://www.google.com Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\Gaming pc\AppData\Roaming\Mozilla\Firefox\Profiles\3ngzs4ee.default\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . BHO-{41564952-412D-5637-00A7-7A786E7484D7} - (no file) Toolbar-10 - (no file) Toolbar-{41564952-412D-5637-00A7-7A786E7484D7} - (no file) Wow6432Node-HKCU-Run-adminkey - c:\programdata\folder\mtqadjqbe.exe Wow6432Node-HKLM-Run-d2be3e6d11846430c067fc874a79f583 - c:\users\Gaming pc\AppData\Local\Temp\java.exe Wow6432Node-HKLM-Run-ApnTBMon - c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe Wow6432Node-HKLM-Run-Download Protect - c:\programdata\dlprotect.exe Wow6432Node-HKU-Default-Run-Bitdefender-Geldbörse-Agent - c:\program files\Bitdefender\Bitdefender\pmbxag.exe Wow6432Node-HKU-Default-Run-Bitdefender-Geldbörse - c:\program files\Bitdefender\Bitdefender\pwdmanui.exe Wow6432Node-HKU-Default-Run-Bitdefender-Geldbörse-Anwendungs-Agent - c:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start BHO-{41564952-412D-5637-00A7-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll Toolbar-10 - (no file) Toolbar-{41564952-412D-5637-00A7-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll AddRemove-d8be6c3f847d7d92 - c:\users\Gaming pc\AppData\Local\Apps\2.0\N58WLDKM.V42\H71K9KWH.5Q6\laun...app_59711684aa47878d_0001.0023_c2562620c05acb90\Uninstaller.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL56] "ImagePath"="\"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL56" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL56] "ImagePath"="\"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL56" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-1761028741-3533212565-443726766-1000\Software\SecuROM\License information*] "datasecu"=hex:7c,de,e2,59,04,e5,f6,40,27,81,e2,ee,57,80,96,f3,d5,19,98,9a,8f, 80,14,09,20,bd,5e,12,5f,b6,e2,65,af,02,56,a9,52,3a,11,b5,0e,a6,75,ab,5b,cc,\ "rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.13" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe . ************************************************************************** . Zeit der Fertigstellung: 2014-05-11 10:31:16 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2014-05-11 08:31 . Vor Suchlauf: 23 Verzeichnis(se), 541.242.998.784 Bytes frei Nach Suchlauf: 30 Verzeichnis(se), 541.675.495.424 Bytes frei . - - End Of File - - 981B29E1437A31E18C3AC8DE66187C38 A36C5E4F47E84449FF07ED3517B43A31 |
11.05.2014, 11:31 | #10 |
/// TB-Ausbilder /// Anleitungs-Guru | Antiviren- und Antimalwareprogramme können nicht installiert oder geöffnet werden, Firewall wurde auch deaktiviert. Ok, gute Arbeit Manuel! Schritt 1 Scan mit Malwarebytes Antimalware Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits". Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten". Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...) Poste mir den Inhalt der Logdatei. Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle. Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread. Schritt 2
Schritt 3 Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
11.05.2014, 14:41 | #11 |
| Antiviren- und Antimalwareprogramme können nicht installiert oder geöffnet werden, Firewall wurde auch deaktiviert. Hallo, erstmal viellen Dank an Sie, dass Sie mir helfen. Hier ist das Protokoll von Malwarebytes Anti-Malware Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 11.05.2014 Suchlauf-Zeit: 15:21:45 Logdatei: Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.05.11.04 Rootkit Datenbank: v2014.03.27.01 Lizenz: Testversion Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Gaming pc Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 330721 Verstrichene Zeit: 20 Min, 54 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 2 PUP.Optional.HDPlus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PlusSHD-9.9, In Quarantäne, [e8188b7548b8649cfa9393e932d0926e], PUP.Optional.FindADeal.A, HKU\S-1-5-21-1761028741-3533212565-443726766-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\find-a-deal-2, In Quarantäne, [8b75e11fda26f907fdc968189f636b95], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 7 PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[98688c741ce4b050973da79b9e66c53b] PUP.Optional.Snapdo, HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE_ZhNI1aePY6ASEebVtePGwLcMy65uEkqHWzWbOJWZ1QPTH_jB9BqKkYMrQ8MCS5GETuB29HzLsw_QxxQ9W3eZ-Bo_TsVW0W3VKGLGJg89tYY7CU91_a6DvxItB7ybW-lPREnAhwYRME_Jhr2VQHL1QxU,, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE_ZhNI1aePY6ASEebVtePGwLcMy65uEkqHWzWbOJWZ1QPTH_jB9BqKkYMrQ8MCS5GETuB29HzLsw_QxxQ9W3eZ-Bo_TsVW0W3VKGLGJg89tYY7CU91_a6DvxItB7ybW-lPREnAhwYRME_Jhr2VQHL1QxU,),Ersetzt,[fe02a858ac54a65ab49119291be907f9] PUP.Optional.Snapdo, HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE_ZhNI1aePY6ASEebVtePGwLcMy65uEkqHWzWbOJWZ1QPTH_jB9BqKkYMrQ8MCS5GETuB29HzLsw_QxxQ9W3eZ-Bo_Qt777CnDIDnveP3fDZJRQej9QlduTHsI6Se7nVnDzddVhHhK3SM19hhYrOoolsM,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE_ZhNI1aePY6ASEebVtePGwLcMy65uEkqHWzWbOJWZ1QPTH_jB9BqKkYMrQ8MCS5GETuB29HzLsw_QxxQ9W3eZ-Bo_Qt777CnDIDnveP3fDZJRQej9QlduTHsI6Se7nVnDzddVhHhK3SM19hhYrOoolsM,&q={searchTerms}),Ersetzt,[04fcbd43dd23f10fc47ff94952b2f30d] PUP.Optional.Snapdo, HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE_ZhNI1aePY6ASEebVtePGwLcMy65uEkqHWzWbOJWZ1QPTH_jB9BqKkYMrQ8MCS5GETuB29HzLsw_QxxQ9W3eZ-Bo_Qt777CnDIDnveP3fDZJRQej9QlduTHsI6Se7nVnDzddVhHhK3SM19hhYrOoolsM,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE_ZhNI1aePY6ASEebVtePGwLcMy65uEkqHWzWbOJWZ1QPTH_jB9BqKkYMrQ8MCS5GETuB29HzLsw_QxxQ9W3eZ-Bo_Qt777CnDIDnveP3fDZJRQej9QlduTHsI6Se7nVnDzddVhHhK3SM19hhYrOoolsM,&q={searchTerms}),Ersetzt,[bc449b65926e51afe262db67877d35cb] PUP.Optional.Snapdo, HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE_ZhNI1aePY6ASEebVtePGwLcMy65uEkqHWzWbOJWZ1QPTH_jB9BqKkYMrQ8MCS5GETuB29HzLsw_QxxQ9W3eZ-Bo_Qt777CnDIDnveP3fDZJRQej9QlduTHsI6Se7nVnDzddVhHhK3SM19hhYrOoolsM,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE_ZhNI1aePY6ASEebVtePGwLcMy65uEkqHWzWbOJWZ1QPTH_jB9BqKkYMrQ8MCS5GETuB29HzLsw_QxxQ9W3eZ-Bo_Qt777CnDIDnveP3fDZJRQej9QlduTHsI6Se7nVnDzddVhHhK3SM19hhYrOoolsM,&q={searchTerms}),Ersetzt,[45bb4fb1eb15d32d3214123055af03fd] PUP.Optional.Snapdo, HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE_ZhNI1aePY6ASEebVtePGwLcMy65uEkqHWzWbOJWZ1QPTH_jB9BqKkYMrQ8MCS5GETuB29HzLsw_QxxQ9W3eZ-Bo_Qt777CnDIDnveP3fDZJRQej9QlduTHsI6Se7nVnDzddVhHhK3SM19hhYrOoolsM,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE_ZhNI1aePY6ASEebVtePGwLcMy65uEkqHWzWbOJWZ1QPTH_jB9BqKkYMrQ8MCS5GETuB29HzLsw_QxxQ9W3eZ-Bo_Qt777CnDIDnveP3fDZJRQej9QlduTHsI6Se7nVnDzddVhHhK3SM19hhYrOoolsM,&q={searchTerms}),Ersetzt,[df21de2247b95ca4ed5ad46e22e29070] PUP.Optional.SnapDo.A, HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE_ZhNI1aePY6ASEebVtePGwLcMy65uEkqHWzWbOJWZ1QPTH_jB9BqKkYMrQ8MCS5GETuB29HzLsw_QxxQ9W3eZ-Bo_Qt777CnDIDnveP3fDZJRQej9QlduTHsI6Se7nVnDzddVhHhK3SM19hhYrOoolsM,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE_ZhNI1aePY6ASEebVtePGwLcMy65uEkqHWzWbOJWZ1QPTH_jB9BqKkYMrQ8MCS5GETuB29HzLsw_QxxQ9W3eZ-Bo_Qt777CnDIDnveP3fDZJRQej9QlduTHsI6Se7nVnDzddVhHhK3SM19hhYrOoolsM,&q={searchTerms}),Ersetzt,[17e97888956b0df308d7ad8bfa0a3bc5] Ordner: 0 (No malicious items detected) Dateien: 2 PUP.Optional.V9.A, C:\Users\Gaming pc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.v9.com_0.localstorage, In Quarantäne, [956b05fbd22e44bcb8b9f18b54ae43bd], PUP.Optional.V9.A, C:\Users\Gaming pc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.v9.com_0.localstorage-journal, In Quarantäne, [19e77d83e917a15f1b56dba17e843ac6], Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.207 - Bericht erstellt am 11/05/2014 um 15:29:26 # Aktualisiert 05/05/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Gaming pc - GAMINGPC-PC # Gestartet von : C:\Users\Gaming pc\Downloads\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16521 -\\ Mozilla Firefox v29.0.1 (de) [ Datei : C:\Users\Gaming pc\AppData\Roaming\Mozilla\Firefox\Profiles\3ngzs4ee.default\prefs.js ] -\\ Google Chrome v34.0.1847.131 [ Datei : C:\Users\Gaming pc\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [40586 octets] - [09/05/2014 20:30:23] AdwCleaner[R1].txt - [1542 octets] - [10/05/2014 11:58:58] AdwCleaner[R2].txt - [1195 octets] - [11/05/2014 15:28:07] AdwCleaner[S0].txt - [37661 octets] - [09/05/2014 20:32:32] AdwCleaner[S1].txt - [1498 octets] - [10/05/2014 11:59:38] AdwCleaner[S2].txt - [1117 octets] - [11/05/2014 15:29:26] ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1177 octets] ########## Und zu aller letzt von FRST FRST.txt FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 Ran by Gaming pc (administrator) on GAMINGPC-PC on 11-05-2014 15:37:19 Running from C:\Users\Gaming pc\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\System32\CISVC.EXE (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe (Oracle Corporation) C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Autodesk, Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe () C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe (Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-11] (Intel Corporation) HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [506864 2013-03-08] (MSI) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation) HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1641368 2013-02-01] (Autodesk, Inc.) HKLM-x32\...\Run: [MFARestart] => C:\ProgramData\MFAData\pack\avgrunasx.exe [314896 2014-03-27] (AVG Technologies CZ, s.r.o.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [37664 2014-03-05] (Overwolf LTD) HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\Run: [MySQL Notifier] => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySqlNotifier.exe [762368 2013-07-05] (Oracle Corporation) HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-12-06] (AMD) HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\Policies\system: [EnableLUA] 0 HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\Policies\Explorer: [] HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\Policies\Explorer: [TaskbarNoNotification] 1 ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - 931B4090B162439199140CDA6E2CECDF URL = SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=a11465-172&apn_uid=3361143290744442&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKCU - URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPCAF66BCF-5A15-45D9-AAD8-951C2A465CDD&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Gaming pc\AppData\Roaming\Mozilla\Firefox\Profiles\3ngzs4ee.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Gaming pc\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Gaming pc\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR Extension: (Google Wallet) - C:\Users\Gaming pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-15] CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2013-10-15] CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-04-25] () S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation) S3 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [48832 2013-03-13] (Intel Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-13] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation) R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation) S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161264 2013-02-20] (MSI) R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-04-18] (MICRO-STAR INTERNATIONAL CO., LTD.) R2 MySQL56; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14256 2014-05-04] () S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [32568 2014-04-14] (The OpenVPN Project) S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [99616 2014-03-05] (Overwolf LTD) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation) S2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe" [X] S2 APNMCP; "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe" [X] S2 Util Surftastic; "C:\Program Files (x86)\Surftastic\bin\utilSurftastic.exe" [X] ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-17] (Disc Soft Ltd) R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-02-13] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2014-05-11] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI) R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] () S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-01-15] (Anchorfree Inc.) R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-05-11] () S3 ALSysIO; \??\C:\Users\GAMING~1\AppData\Local\Temp\ALSysIO64.sys [X] S3 catchme; \??\C:\CF\catchme.sys [X] S3 MSICDSetup; \??\D:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-11 15:31 - 2014-05-11 15:31 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp 2014-05-11 15:27 - 2014-05-11 15:27 - 01316991 _____ () C:\Users\Gaming pc\Downloads\adwcleaner.exe 2014-05-11 15:22 - 2014-05-11 15:22 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\VirtualStore 2014-05-11 14:49 - 2014-05-11 14:49 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-11 14:48 - 2014-05-11 14:49 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Gaming pc\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-11 10:38 - 2014-05-11 10:39 - 00426188 _____ () C:\Users\Gaming pc\Downloads\OptiFine_1.6.4_HD_D1.jar 2014-05-11 10:31 - 2014-05-11 10:31 - 00038343 _____ () C:\ComboFix.txt 2014-05-11 10:19 - 2014-05-11 10:31 - 00000000 ____D () C:\Qoobox 2014-05-11 10:19 - 2014-05-11 10:30 - 00000000 ____D () C:\Windows\erdnt 2014-05-11 10:19 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-05-11 10:19 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-05-11 10:19 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-05-11 10:19 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-05-11 10:19 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-05-11 10:19 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-05-11 10:19 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-05-11 10:19 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-05-11 10:17 - 2014-05-11 10:17 - 05200347 ____R (Swearware) C:\Users\Gaming pc\Desktop\CF.exe 2014-05-10 18:02 - 2014-05-11 10:35 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\Apps\2.0 2014-05-10 17:53 - 2014-05-10 17:54 - 00276424 _____ () C:\Windows\Minidump\051014-23431-01.dmp 2014-05-10 15:33 - 2014-05-10 15:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-10 14:27 - 2014-05-11 15:37 - 00014746 _____ () C:\Users\Gaming pc\Desktop\FRST.txt 2014-05-10 14:26 - 2014-05-11 15:37 - 02066432 _____ (Farbar) C:\Users\Gaming pc\Desktop\FRST64.exe 2014-05-10 14:26 - 2014-05-10 14:27 - 00048593 _____ () C:\Users\Gaming pc\Downloads\FRST.txt 2014-05-10 12:01 - 2014-05-10 12:01 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Macromedia 2014-05-10 12:01 - 2014-05-10 12:01 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Adobe 2014-05-10 12:00 - 2014-05-10 12:00 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\ATI 2014-05-10 12:00 - 2014-05-10 12:00 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Apple Computer 2014-05-10 12:00 - 2014-05-10 12:00 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\MFAData 2014-05-10 12:00 - 2014-05-10 12:00 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\Avg2014 2014-05-10 11:54 - 2014-05-10 11:54 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Mozilla 2014-05-10 11:51 - 2014-05-10 11:51 - 00003374 _____ () C:\Windows\System32\Tasks\Install_SSD 2014-05-10 11:38 - 2014-05-11 15:37 - 00000000 ____D () C:\FRST 2014-05-10 11:32 - 2014-05-10 11:32 - 00000000 _____ () C:\Users\Gaming pc\defogger_reenable 2014-05-10 11:15 - 2014-05-10 11:15 - 06103040 _____ () C:\Program Files (x86)\GUTDF67.tmp 2014-05-10 11:15 - 2014-05-10 11:15 - 00000000 ____D () C:\Program Files (x86)\GUMDF08.tmp 2014-05-09 21:04 - 2014-05-09 21:04 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\TuneUp Software 2014-05-09 20:59 - 2014-05-10 11:17 - 00000000 ____D () C:\ProgramData\MFAData 2014-05-09 20:43 - 2014-05-09 20:43 - 00858295 _____ () C:\Users\Gaming pc\Documents\pinfect.zip 2014-05-09 20:41 - 2014-05-09 20:42 - 19759335 _____ () C:\Windows\REGBK00.ZIP 2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\VDLL.DLL 2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\SysWOW64\runouce.exe 2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\rundll16.exe 2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\RUNDL132.EXE 2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\logo1_.exe 2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\logo_1.exe 2014-05-09 20:40 - 2014-05-09 20:40 - 00632064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr80.dll 2014-05-09 20:40 - 2014-05-09 20:40 - 00554240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp80.dll 2014-05-09 20:40 - 2014-05-09 20:40 - 00034048 _____ (MicroWorld Technologies Inc.) C:\Windows\SysWOW64\eEmpty.exe 2014-05-09 20:40 - 2014-05-09 20:40 - 00000028 _____ () C:\Windows\Lic.xxx 2014-05-09 20:40 - 2014-05-09 20:40 - 00000000 ____D () C:\ProgramData\MicroWorld 2014-05-09 20:40 - 2005-09-22 23:22 - 00000522 _____ () C:\Windows\SysWOW64\Microsoft.VC80.CRT.manifest 2014-05-09 20:30 - 2014-05-11 15:29 - 00000000 ____D () C:\AdwCleaner 2014-05-09 20:30 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-05-09 20:21 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-09 20:21 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-09 20:21 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-09 19:56 - 2014-05-09 19:56 - 00000000 ____D () C:\Users\Gaming pc\ChromeExtensions 2014-05-09 19:47 - 2014-05-09 19:47 - 00120832 _____ () C:\Windows\system32\cmlua64.exe 2014-05-09 19:41 - 2014-05-11 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-09 19:41 - 2014-05-11 14:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-09 19:37 - 2014-05-09 19:37 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-05-09 19:33 - 2014-05-10 12:01 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Oracle 2014-05-09 17:58 - 2014-05-09 17:58 - 00082457 _____ () C:\Users\Gaming pc\Documents\log.xml 2014-05-09 16:20 - 2014-05-09 16:20 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager 2014-05-09 16:18 - 2014-05-09 16:18 - 00000000 _____ () C:\autoexec.bat 2014-05-09 16:17 - 2014-05-09 16:22 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-05-09 16:17 - 2014-05-09 16:17 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-05-09 16:11 - 2014-03-02 18:24 - 00000426 _____ () C:\AVScanner.ini 2014-05-09 16:09 - 2014-05-10 12:00 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-05-06 15:51 - 2014-05-06 15:54 - 00000302 _____ () C:\Users\Gaming pc\AppData\Roaming\BreakingPoint_Login.ini 2014-05-04 16:37 - 2014-05-11 10:27 - 00000000 ____D () C:\ProgramData\folder 2014-05-04 16:37 - 2014-05-04 16:37 - 00003222 _____ () C:\Windows\System32\Tasks\Windows Update Check - 0x140703D5 2014-05-04 14:08 - 2014-05-04 14:08 - 00000019 _____ () C:\Users\Gaming pc\Desktop\[76561198110998659].txt 2014-05-04 12:10 - 2014-05-06 16:03 - 00001256 _____ () C:\Users\Gaming pc\AppData\Roaming\BreakingPoint_Options.ini 2014-05-04 12:03 - 2014-05-04 12:03 - 00001034 _____ () C:\Users\Gaming pc\Desktop\Breaking Point.lnk 2014-05-04 12:02 - 2014-05-06 15:54 - 00000000 ____D () C:\Program Files (x86)\Breaking 2014-05-03 21:48 - 2014-05-03 21:48 - 00000000 ____D () C:\Users\Gaming pc\Documents\Navicat 2014-05-03 21:43 - 2014-05-03 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremiumSoft 2014-05-03 21:43 - 2014-05-03 21:43 - 00000000 ____D () C:\Program Files\PremiumSoft 2014-05-03 21:43 - 2013-10-08 09:55 - 01988096 _____ () C:\Windows\system32\libmysql_e.dll 2014-05-03 21:41 - 2014-05-10 11:51 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\MySQL 2014-05-03 21:37 - 2014-05-09 20:19 - 00000000 ____D () C:\Program Files\MySQL 2014-05-03 21:37 - 2014-05-09 20:16 - 00000023 _____ () C:\Windows\ODBCINST.INI 2014-05-03 21:37 - 2014-05-09 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL 2014-05-03 21:36 - 2014-05-09 20:18 - 00000000 ____D () C:\Program Files (x86)\MySQL 2014-05-03 21:36 - 2014-05-03 21:37 - 00000000 ____D () C:\ProgramData\MySQL 2014-05-03 21:36 - 2014-05-03 21:36 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MySQL 2014-05-01 20:03 - 2014-05-01 20:03 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PBO Manager 2014-05-01 20:03 - 2014-05-01 20:03 - 00000000 ____D () C:\Program Files\PBO Manager v.1.4 beta 2014-04-30 19:49 - 2014-04-30 19:49 - 00001103 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk 2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows 2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN 2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\Program Files\TAP-Windows 2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\Program Files (x86)\OpenVPN 2014-04-30 19:14 - 2014-04-30 19:14 - 00001971 _____ () C:\Users\Public\Desktop\Overwolf.lnk 2014-04-30 19:14 - 2014-04-30 19:14 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf 2014-04-30 19:14 - 2014-04-30 19:14 - 00000000 ____D () C:\Program Files (x86)\Overwolf 2014-04-30 19:13 - 2014-05-11 15:31 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\Overwolf 2014-04-30 19:13 - 2014-04-30 19:13 - 00001222 _____ () C:\Users\Gaming pc\Desktop\TeamSpeak 3 Client.lnk 2014-04-30 19:13 - 2014-04-30 19:13 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\TeamSpeak 3 Client 2014-04-25 20:32 - 2014-04-25 20:32 - 00000201 _____ () C:\Users\Gaming pc\Desktop\arma3.url 2014-04-25 20:24 - 2014-04-25 20:24 - 00000222 _____ () C:\Users\Gaming pc\Desktop\Arma 3.url 2014-04-25 20:16 - 2014-05-11 10:25 - 00000000 __SHD () C:\Program Files (x86)\Windows Manager 2014-04-25 20:11 - 2014-04-25 20:16 - 00000000 ____D () C:\Program Files (x86)\Kepard 2014-04-25 19:51 - 2014-04-25 19:51 - 00003154 _____ () C:\Windows\System32\Tasks\{A8F5506E-8DE9-4484-9A04-FB634B47CB35} 2014-04-25 19:45 - 2014-05-09 16:12 - 00002300 _____ () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2014-04-24 20:56 - 2014-04-30 19:13 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-04-24 17:32 - 2014-05-09 15:44 - 00000000 ___RD () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-24 17:32 - 2014-04-24 17:32 - 00000000 ___RD () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-24 13:20 - 2014-04-24 13:20 - 06389248 _____ (Alderon Games) C:\Program Files (x86)\BreakingPoint.exe 2014-04-24 13:20 - 2014-04-24 13:20 - 03019880 _____ (BitTorrent, Inc.) C:\Program Files (x86)\BTSync.exe 2014-04-24 13:20 - 2014-04-24 13:20 - 01068544 _____ (Alderon Games) C:\Program Files (x86)\ApplyUpdate.exe 2014-04-22 14:58 - 2014-05-10 17:28 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\Arma 3 2014-04-22 14:58 - 2014-04-22 17:31 - 00000000 ____D () C:\Users\Gaming pc\Documents\Arma 3 2014-04-22 14:58 - 2014-04-22 14:58 - 00000000 ____D () C:\ProgramData\Bohemia Interactive 2014-04-22 14:56 - 2014-04-22 19:26 - 00000772 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARMA 3.lnk 2014-04-18 18:56 - 2014-05-11 15:34 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-17 13:04 - 2009-09-27 09:39 - 00415744 ___SH (The Public) C:\Windows\SysWOW64\avisynth.dll 2014-04-17 13:04 - 2005-07-14 12:31 - 00032256 ___SH () C:\Windows\SysWOW64\AVSredirect.dll 2014-04-17 13:04 - 2004-02-22 10:11 - 00764416 ___SH (Abysmal Software) C:\Windows\SysWOW64\devil.dll 2014-04-17 13:04 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\Windows\SysWOW64\yv12vfw.dll 2014-04-17 13:04 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\Windows\SysWOW64\i420vfw.dll 2014-04-17 13:00 - 2014-04-22 15:49 - 00000000 ____D () C:\Program Files (x86)\eRightSoft 2014-04-17 13:00 - 2014-04-17 13:00 - 00000000 ____D () C:\Users\Gaming pc\Documents\eRightSoft 2014-04-17 13:00 - 2004-10-10 09:50 - 00278528 _____ (Real Networks, Inc) C:\Windows\SysWOW64\pncrt.dll 2014-04-17 13:00 - 2004-07-02 16:33 - 00327749 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\drvc.dll 2014-04-15 08:49 - 2014-04-15 08:49 - 00002990 _____ () C:\Windows\System32\Tasks\{EE1C554C-CCFC-452D-AAE2-71472538B64D} 2014-04-15 08:49 - 2014-04-15 08:49 - 00002990 _____ () C:\Windows\System32\Tasks\{E40D7364-927A-4F7B-B1A6-261C7E340CB4} 2014-04-13 12:29 - 2014-05-11 15:31 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys 2014-04-13 12:19 - 2014-04-13 12:22 - 00000000 ____D () C:\Users\Gaming pc\AppData\libraries 2014-04-13 12:17 - 2014-04-13 12:23 - 00000000 ____D () C:\Users\Gaming pc\AppData\assets 2014-04-13 12:17 - 2014-04-13 12:17 - 00000000 ____D () C:\Users\Gaming pc\AppData\versions 2014-04-13 12:15 - 2014-04-13 12:23 - 00000000 ____D () C:\Users\Gaming pc\AppData\Monster 2014-04-13 12:12 - 2014-04-13 12:25 - 00000000 ____D () C:\Users\Gaming pc\AppData\authlib 2014-04-13 12:12 - 2014-04-13 12:12 - 00000000 _____ () C:\Users\Gaming pc\AppData\FTBOSSent1.3.8.txt 2014-04-11 17:40 - 2014-04-11 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-04-11 17:40 - 2014-04-11 17:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-04-11 17:40 - 2014-04-11 17:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight ==================== One Month Modified Files and Folders ======= 2014-05-11 15:37 - 2014-05-10 14:27 - 00014746 _____ () C:\Users\Gaming pc\Desktop\FRST.txt 2014-05-11 15:37 - 2014-05-10 14:26 - 02066432 _____ (Farbar) C:\Users\Gaming pc\Desktop\FRST64.exe 2014-05-11 15:37 - 2014-05-10 11:38 - 00000000 ____D () C:\FRST 2014-05-11 15:34 - 2014-04-18 18:56 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-11 15:34 - 2013-09-10 14:59 - 02007578 _____ () C:\Windows\WindowsUpdate.log 2014-05-11 15:31 - 2014-05-11 15:31 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp 2014-05-11 15:31 - 2014-04-30 19:13 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\Overwolf 2014-05-11 15:31 - 2014-04-13 12:29 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys 2014-05-11 15:30 - 2013-10-15 12:25 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-11 15:30 - 2010-11-21 05:47 - 00875998 _____ () C:\Windows\PFRO.log 2014-05-11 15:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-11 15:30 - 2009-07-14 06:51 - 00128692 _____ () C:\Windows\setupact.log 2014-05-11 15:29 - 2014-05-09 20:30 - 00000000 ____D () C:\AdwCleaner 2014-05-11 15:29 - 2009-07-14 06:45 - 00026496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-11 15:29 - 2009-07-14 06:45 - 00026496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-11 15:27 - 2014-05-11 15:27 - 01316991 _____ () C:\Users\Gaming pc\Downloads\adwcleaner.exe 2014-05-11 15:25 - 2013-12-27 12:12 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000UA.job 2014-05-11 15:22 - 2014-05-11 15:22 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\VirtualStore 2014-05-11 15:22 - 2014-02-06 21:59 - 00000000 ____D () C:\Users\Gaming pc\Desktop\Games 2014-05-11 15:22 - 2013-11-17 13:33 - 00003036 _____ () C:\Windows\System32\Tasks\MSIAfterburner 2014-05-11 15:22 - 2013-10-15 12:25 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-11 15:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\TAPI 2014-05-11 15:07 - 2013-11-07 18:18 - 00003234 _____ () C:\Windows\System32\Tasks\SidebarExecute 2014-05-11 14:49 - 2014-05-11 14:49 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-11 14:49 - 2014-05-11 14:48 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Gaming pc\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-11 14:49 - 2014-05-09 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-11 14:49 - 2014-05-09 19:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-11 14:48 - 2014-01-27 18:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-11 10:39 - 2014-05-11 10:38 - 00426188 _____ () C:\Users\Gaming pc\Downloads\OptiFine_1.6.4_HD_D1.jar 2014-05-11 10:35 - 2014-05-10 18:02 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\Apps\2.0 2014-05-11 10:31 - 2014-05-11 10:31 - 00038343 _____ () C:\ComboFix.txt 2014-05-11 10:31 - 2014-05-11 10:19 - 00000000 ____D () C:\Qoobox 2014-05-11 10:31 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-05-11 10:30 - 2014-05-11 10:19 - 00000000 ____D () C:\Windows\erdnt 2014-05-11 10:30 - 2014-01-27 18:24 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-11 10:30 - 2013-09-16 18:03 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\CrashDumps 2014-05-11 10:27 - 2014-05-04 16:37 - 00000000 ____D () C:\ProgramData\folder 2014-05-11 10:27 - 2014-01-27 18:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-11 10:27 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-05-11 10:25 - 2014-04-25 20:16 - 00000000 __SHD () C:\Program Files (x86)\Windows Manager 2014-05-11 10:17 - 2014-05-11 10:17 - 05200347 ____R (Swearware) C:\Users\Gaming pc\Desktop\CF.exe 2014-05-11 10:16 - 2013-11-01 19:54 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\ftblauncher 2014-05-10 17:54 - 2014-05-10 17:53 - 00276424 _____ () C:\Windows\Minidump\051014-23431-01.dmp 2014-05-10 17:53 - 2013-10-06 17:41 - 00000000 ____D () C:\Windows\Minidump 2014-05-10 17:53 - 2013-09-11 11:47 - 798058563 _____ () C:\Windows\MEMORY.DMP 2014-05-10 17:28 - 2014-04-22 14:58 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\Arma 3 2014-05-10 17:28 - 2014-02-19 15:38 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-05-10 16:25 - 2013-12-27 12:12 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000Core.job 2014-05-10 16:20 - 2013-12-27 12:12 - 00004118 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000UA 2014-05-10 16:20 - 2013-12-27 12:12 - 00003722 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000Core 2014-05-10 15:33 - 2014-05-10 15:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-10 14:27 - 2014-05-10 14:26 - 00048593 _____ () C:\Users\Gaming pc\Downloads\FRST.txt 2014-05-10 12:01 - 2014-05-10 12:01 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Macromedia 2014-05-10 12:01 - 2014-05-10 12:01 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Adobe 2014-05-10 12:01 - 2014-05-09 19:33 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Oracle 2014-05-10 12:00 - 2014-05-10 12:00 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\ATI 2014-05-10 12:00 - 2014-05-10 12:00 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Apple Computer 2014-05-10 12:00 - 2014-05-10 12:00 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\MFAData 2014-05-10 12:00 - 2014-05-10 12:00 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\Avg2014 2014-05-10 12:00 - 2014-05-09 16:09 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-05-10 11:54 - 2014-05-10 11:54 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Mozilla 2014-05-10 11:51 - 2014-05-10 11:51 - 00003374 _____ () C:\Windows\System32\Tasks\Install_SSD 2014-05-10 11:51 - 2014-05-03 21:41 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\MySQL 2014-05-10 11:47 - 2013-11-13 06:13 - 00000000 ____D () C:\ProgramData\Package Cache 2014-05-10 11:32 - 2014-05-10 11:32 - 00000000 _____ () C:\Users\Gaming pc\defogger_reenable 2014-05-10 11:32 - 2013-09-10 15:35 - 00000000 ____D () C:\Users\Gaming pc 2014-05-10 11:23 - 2013-11-13 06:14 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies 2014-05-10 11:17 - 2014-05-09 20:59 - 00000000 ____D () C:\ProgramData\MFAData 2014-05-10 11:17 - 2013-10-15 12:25 - 00004112 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-10 11:17 - 2013-10-15 12:25 - 00003860 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-10 11:15 - 2014-05-10 11:15 - 06103040 _____ () C:\Program Files (x86)\GUTDF67.tmp 2014-05-10 11:15 - 2014-05-10 11:15 - 00000000 ____D () C:\Program Files (x86)\GUMDF08.tmp 2014-05-10 11:15 - 2014-03-07 20:39 - 00000000 ____D () C:\Users\DefaultAppPool 2014-05-09 21:04 - 2014-05-09 21:04 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\TuneUp Software 2014-05-09 20:43 - 2014-05-09 20:43 - 00858295 _____ () C:\Users\Gaming pc\Documents\pinfect.zip 2014-05-09 20:42 - 2014-05-09 20:41 - 19759335 _____ () C:\Windows\REGBK00.ZIP 2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\VDLL.DLL 2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\SysWOW64\runouce.exe 2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\rundll16.exe 2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\RUNDL132.EXE 2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\logo1_.exe 2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\logo_1.exe 2014-05-09 20:40 - 2014-05-09 20:40 - 00632064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr80.dll 2014-05-09 20:40 - 2014-05-09 20:40 - 00554240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp80.dll 2014-05-09 20:40 - 2014-05-09 20:40 - 00034048 _____ (MicroWorld Technologies Inc.) C:\Windows\SysWOW64\eEmpty.exe 2014-05-09 20:40 - 2014-05-09 20:40 - 00000028 _____ () C:\Windows\Lic.xxx 2014-05-09 20:40 - 2014-05-09 20:40 - 00000000 ____D () C:\ProgramData\MicroWorld 2014-05-09 20:19 - 2014-05-03 21:37 - 00000000 ____D () C:\Program Files\MySQL 2014-05-09 20:18 - 2014-05-03 21:36 - 00000000 ____D () C:\Program Files (x86)\MySQL 2014-05-09 20:16 - 2014-05-03 21:37 - 00000023 _____ () C:\Windows\ODBCINST.INI 2014-05-09 20:16 - 2014-05-03 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL 2014-05-09 19:56 - 2014-05-09 19:56 - 00000000 ____D () C:\Users\Gaming pc\ChromeExtensions 2014-05-09 19:54 - 2013-09-11 00:52 - 02396496 _____ () C:\Windows\system32\perfh007.dat 2014-05-09 19:54 - 2013-09-11 00:52 - 00680496 _____ () C:\Windows\system32\perfc007.dat 2014-05-09 19:54 - 2009-07-14 07:13 - 00612130 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-09 19:47 - 2014-05-09 19:47 - 00120832 _____ () C:\Windows\system32\cmlua64.exe 2014-05-09 19:37 - 2014-05-09 19:37 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-05-09 19:20 - 2014-03-07 20:03 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-09 17:58 - 2014-05-09 17:58 - 00082457 _____ () C:\Users\Gaming pc\Documents\log.xml 2014-05-09 16:22 - 2014-05-09 16:17 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-05-09 16:20 - 2014-05-09 16:20 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager 2014-05-09 16:18 - 2014-05-09 16:18 - 00000000 _____ () C:\autoexec.bat 2014-05-09 16:17 - 2014-05-09 16:17 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-05-09 16:12 - 2014-04-25 19:45 - 00002300 _____ () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2014-05-09 16:12 - 2014-03-03 11:28 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-09 16:12 - 2014-01-27 18:21 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-09 16:12 - 2014-01-27 18:21 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-05-09 15:54 - 2014-01-27 18:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-09 15:54 - 2013-09-17 15:47 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-09 15:54 - 2013-09-17 15:47 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-09 15:44 - 2014-04-24 17:32 - 00000000 ___RD () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-06 16:03 - 2014-05-04 12:10 - 00001256 _____ () C:\Users\Gaming pc\AppData\Roaming\BreakingPoint_Options.ini 2014-05-06 15:54 - 2014-05-06 15:51 - 00000302 _____ () C:\Users\Gaming pc\AppData\Roaming\BreakingPoint_Login.ini 2014-05-06 15:54 - 2014-05-04 12:02 - 00000000 ____D () C:\Program Files (x86)\Breaking 2014-05-04 16:37 - 2014-05-04 16:37 - 00003222 _____ () C:\Windows\System32\Tasks\Windows Update Check - 0x140703D5 2014-05-04 16:21 - 2013-11-13 16:52 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner 2014-05-04 14:08 - 2014-05-04 14:08 - 00000019 _____ () C:\Users\Gaming pc\Desktop\[76561198110998659].txt 2014-05-04 12:03 - 2014-05-04 12:03 - 00001034 _____ () C:\Users\Gaming pc\Desktop\Breaking Point.lnk 2014-05-04 11:13 - 2013-12-27 13:39 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\Microsoft Games 2014-05-04 11:08 - 2013-09-10 15:52 - 00068600 _____ () C:\Users\Gaming pc\AppData\Local\GDIPFONTCACHEV1.DAT 2014-05-04 11:07 - 2009-07-14 06:45 - 00309392 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-05-04 10:12 - 2013-09-10 15:48 - 00603450 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-05-03 21:48 - 2014-05-03 21:48 - 00000000 ____D () C:\Users\Gaming pc\Documents\Navicat 2014-05-03 21:43 - 2014-05-03 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremiumSoft 2014-05-03 21:43 - 2014-05-03 21:43 - 00000000 ____D () C:\Program Files\PremiumSoft 2014-05-03 21:37 - 2014-05-03 21:36 - 00000000 ____D () C:\ProgramData\MySQL 2014-05-03 21:36 - 2014-05-03 21:36 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MySQL 2014-05-03 20:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-05-01 20:03 - 2014-05-01 20:03 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PBO Manager 2014-05-01 20:03 - 2014-05-01 20:03 - 00000000 ____D () C:\Program Files\PBO Manager v.1.4 beta 2014-05-01 17:09 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-30 19:49 - 2014-04-30 19:49 - 00001103 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk 2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows 2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN 2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\Program Files\TAP-Windows 2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\Program Files (x86)\OpenVPN 2014-04-30 19:14 - 2014-04-30 19:14 - 00001971 _____ () C:\Users\Public\Desktop\Overwolf.lnk 2014-04-30 19:14 - 2014-04-30 19:14 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf 2014-04-30 19:14 - 2014-04-30 19:14 - 00000000 ____D () C:\Program Files (x86)\Overwolf 2014-04-30 19:13 - 2014-04-30 19:13 - 00001222 _____ () C:\Users\Gaming pc\Desktop\TeamSpeak 3 Client.lnk 2014-04-30 19:13 - 2014-04-30 19:13 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\TeamSpeak 3 Client 2014-04-30 19:13 - 2014-04-24 20:56 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-04-29 20:08 - 2013-10-15 12:34 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Skype 2014-04-27 09:05 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-04-27 08:59 - 2013-11-22 16:52 - 00000000 ____D () C:\Program Files (x86)\Ubisoft 2014-04-27 08:55 - 2014-03-04 15:03 - 00000000 ____D () C:\ProgramData\e13531e87054441f 2014-04-26 17:50 - 2014-03-31 16:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games 2014-04-26 17:50 - 2013-09-10 16:08 - 00000000 ____D () C:\Program Files (x86)\EA GAMES 2014-04-25 20:32 - 2014-04-25 20:32 - 00000201 _____ () C:\Users\Gaming pc\Desktop\arma3.url 2014-04-25 20:24 - 2014-04-25 20:24 - 00000222 _____ () C:\Users\Gaming pc\Desktop\Arma 3.url 2014-04-25 20:16 - 2014-04-25 20:11 - 00000000 ____D () C:\Program Files (x86)\Kepard 2014-04-25 19:51 - 2014-04-25 19:51 - 00003154 _____ () C:\Windows\System32\Tasks\{A8F5506E-8DE9-4484-9A04-FB634B47CB35} 2014-04-25 12:59 - 2013-09-10 15:54 - 00000000 ____D () C:\Windows\System32\Tasks\Intel(R) Small Business Advantage 2014-04-25 11:36 - 2013-09-10 16:03 - 00430540 _____ () C:\Windows\DirectX.log 2014-04-24 17:32 - 2014-04-24 17:32 - 00000000 ___RD () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-24 17:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources 2014-04-24 13:20 - 2014-04-24 13:20 - 06389248 _____ (Alderon Games) C:\Program Files (x86)\BreakingPoint.exe 2014-04-24 13:20 - 2014-04-24 13:20 - 03019880 _____ (BitTorrent, Inc.) C:\Program Files (x86)\BTSync.exe 2014-04-24 13:20 - 2014-04-24 13:20 - 01068544 _____ (Alderon Games) C:\Program Files (x86)\ApplyUpdate.exe 2014-04-23 21:02 - 2013-09-10 16:03 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\.minecraft 2014-04-22 19:26 - 2014-04-22 14:56 - 00000772 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARMA 3.lnk 2014-04-22 17:31 - 2014-04-22 14:58 - 00000000 ____D () C:\Users\Gaming pc\Documents\Arma 3 2014-04-22 15:49 - 2014-04-17 13:00 - 00000000 ____D () C:\Program Files (x86)\eRightSoft 2014-04-22 15:03 - 2014-03-08 14:00 - 00000000 ____D () C:\ProgramData\Steam 2014-04-22 14:58 - 2014-04-22 14:58 - 00000000 ____D () C:\ProgramData\Bohemia Interactive 2014-04-17 22:15 - 2013-10-20 09:18 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\vlc 2014-04-17 13:00 - 2014-04-17 13:00 - 00000000 ____D () C:\Users\Gaming pc\Documents\eRightSoft 2014-04-15 08:49 - 2014-04-15 08:49 - 00002990 _____ () C:\Windows\System32\Tasks\{EE1C554C-CCFC-452D-AAE2-71472538B64D} 2014-04-15 08:49 - 2014-04-15 08:49 - 00002990 _____ () C:\Windows\System32\Tasks\{E40D7364-927A-4F7B-B1A6-261C7E340CB4} 2014-04-13 16:18 - 2014-01-17 18:38 - 00000000 ____D () C:\Users\Gaming pc\Documents\My Games 2014-04-13 12:25 - 2014-04-13 12:12 - 00000000 ____D () C:\Users\Gaming pc\AppData\authlib 2014-04-13 12:23 - 2014-04-13 12:17 - 00000000 ____D () C:\Users\Gaming pc\AppData\assets 2014-04-13 12:23 - 2014-04-13 12:15 - 00000000 ____D () C:\Users\Gaming pc\AppData\Monster 2014-04-13 12:22 - 2014-04-13 12:19 - 00000000 ____D () C:\Users\Gaming pc\AppData\libraries 2014-04-13 12:17 - 2014-04-13 12:17 - 00000000 ____D () C:\Users\Gaming pc\AppData\versions 2014-04-13 12:12 - 2014-04-13 12:12 - 00000000 _____ () C:\Users\Gaming pc\AppData\FTBOSSent1.3.8.txt 2014-04-13 12:10 - 2013-10-31 15:52 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\.technic 2014-04-11 17:41 - 2013-09-16 15:19 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-11 17:40 - 2014-04-11 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-04-11 17:40 - 2014-04-11 17:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-04-11 17:40 - 2014-04-11 17:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-04-11 17:40 - 2013-09-16 15:19 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Some content of TEMP: ==================== C:\Users\Gaming pc\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-09 21:32 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2014 Ran by Gaming pc at 2014-05-11 15:37:52 Running from C:\Users\Gaming pc\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated) AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden AMD Wireless Display v3.0 (Version: 1.0.0.12 - Advanced Micro Devices, Inc.) Hidden AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.) Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive) AutoCAD 2014 - Deutsch (German) (Version: 19.1.18.0 - Autodesk) Hidden AutoCAD 2014 Language Pack - Deutsch (German) (Version: 19.1.18.0 - Autodesk) Hidden AVG 2014 (Version: 14.0.3882 - AVG Technologies) Hidden Blender (HKLM\...\Blender) (Version: 2.68a - Blender Foundation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden Intel(R) Smart Connect Technology 4.0 x64 (HKLM\...\{B0CA78DB-745A-4857-A73F-9ACD95E62BD0}) (Version: 4.0.41.2072 - Intel) Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.) Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle) Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden Music Manager (HKCU\...\MusicManager) (Version: - Google, Inc.) MySQL Examples and Samples 5.6 (HKLM-x32\...\{44D03537-3061-490B-BF0C-DACA4DEE8797}) (Version: 5.6.14 - Oracle Corporation) MySQL Installer (HKLM-x32\...\{88359D24-F64F-477E-B080-50FB024BA6F7}) (Version: 1.3.3.0 - Oracle Corporation) MySQL Notifier 1.1.4 (HKLM-x32\...\{D7C3E617-EB02-47B3-8D0E-BF3E00D873D5}) (Version: 1.1.4 - Oracle) MySQL Server 5.6 (HKLM\...\{23EEC459-9E65-4DCE-83B8-A1FDB44B9337}) (Version: 5.6.14 - Oracle Corporation) MySQL Utilities (HKLM-x32\...\{6A494EFD-CFC6-4534-9E14-26D3F7D888DE}) (Version: 1.3.4 - Oracle) MySQL Workbench 6.0 CE (HKLM-x32\...\{0B724473-51F5-49E8-958C-4BB3C0AAAF35}) (Version: 6.0.7 - Oracle Corporation) OpenVPN 2.3.3-I002 (HKLM-x32\...\OpenVPN) (Version: 2.3.3-I002 - ) Overwolf (HKLM-x32\...\{FB83467F-D8EB-43E6-8B3D-860B045C1C52}) (Version: 0.51.325 - Overwolf) PBO Manager v.1.4 beta (HKLM\...\{127B5371-1802-4EDD-A25A-A43BF761D383}) (Version: 1.4.0 - ) PlanetSide 2 (HKCU\...\SOE-PlanetSide 2 PSG) (Version: 1.0.3.183 - Sony Online Entertainment) PremiumSoft Navicat 11.0 for MySQL (HKLM\...\PremiumSoft Navicat for MySQL_is1) (Version: 11.0.17 - PremiumSoft CyberTech Ltd.) TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH) ==================== Restore Points ========================= 09-05-2014 14:17:38 Installed SpyHunter 09-05-2014 14:22:37 Removed SpyHunter 09-05-2014 18:16:19 Removed MySQL Connector/ODBC 5.2 64bit (community edition) 09-05-2014 18:16:34 Removed MySQL Connector Net 6.7.4 09-05-2014 18:17:00 Removed Vegas Pro 12.0 (64-bit) 09-05-2014 18:18:50 Removed MySQL Documents 5.6 09-05-2014 18:19:50 Removed MySQL Connector C++ 1.1.3 09-05-2014 18:20:02 Removed MySQL Connector J 09-05-2014 18:50:59 RegClean Pro Fr, Mai 09, 14 20:50 09-05-2014 19:00:29 Installed AVG 2014 09-05-2014 19:01:18 Installed AVG 2014 09-05-2014 19:05:14 Removed AVG 2014 10-05-2014 09:16:12 Installed AVG 2014 ==================== Hosts content: ========================== 2009-07-14 04:34 - 2014-05-11 10:27 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {05E22C15-AD8D-49A8-A9FB-24EB083CA143} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-11] (Google Inc.) Task: {0AFE4B3A-10B7-4F95-BE15-9B6890A1D772} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation) Task: {28DDF4E9-308C-46B7-8956-CAB825140E55} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation) Task: {35B64F17-8457-4CFB-93D3-E3F8C9A8CCE7} - System32\Tasks\{EE1C554C-CCFC-452D-AAE2-71472538B64D} => C:\Users\Gaming pc\Desktop\Nexus_Mod_Manager-0.49.2.exe Task: {471D57E0-CFD6-4BCD-81A5-DC48DC528523} - System32\Tasks\Intel(R) Small Business Advantage\Notifier => C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\SBA_Notifier.exe [2013-03-13] (Intel Corporation) Task: {5B256E7B-0C95-4D69-AF93-FB157CA177C7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000UA => C:\Users\Gaming pc\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-27] (Google Inc.) Task: {6569A672-7776-4A44-81AE-F0716AC7ED61} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled Task: {6C6FECA8-BE1C-4AAA-BDFF-B33B46458425} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-11] (Google Inc.) Task: {6CE999AF-84EF-4E49-8616-DDC3743629BB} - System32\Tasks\Windows Update Check - 0x140703D5 => C:\ProgramData\folder\mtqadjqbe.exe Task: {7443E756-0398-43D1-9D61-59DABBAEEFF1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe Task: {8B37E0A1-C5AB-49C8-9C87-FA7969075EAC} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2013-01-23] () Task: {983A234F-DDBC-4096-B734-E6FB0DC6278E} - \AmiUpdXp No Task File <==== ATTENTION Task: {A28EF333-2B66-4651-B2B4-EBD24959D344} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks Task: {A41202DF-47E8-4001-B08D-7A3F39007D30} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000Core => C:\Users\Gaming pc\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-27] (Google Inc.) Task: {A54FCA05-0AC2-4FC6-8BF1-3503D65C5F18} - System32\Tasks\{E40D7364-927A-4F7B-B1A6-261C7E340CB4} => C:\Users\Gaming pc\Desktop\Nexus_Mod_Manager-0.49.2.exe Task: {B9234F7A-4E44-4A40-B473-441AADF72EC2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-09] (Adobe Systems Incorporated) Task: {BFEBC2D9-3AF3-4A23-8B4E-8C4FE8C0396D} - System32\Tasks\Install_SSD => C:\Users\Gaming Task: {FCACAD34-56A9-4DEE-A5F7-8D491C3B81B9} - System32\Tasks\Registry Optimizer => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000Core.job => C:\Users\Gaming pc\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000UA.job => C:\Users\Gaming pc\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-02-13 10:35 - 2013-02-13 10:35 - 00180200 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe 2013-02-13 10:35 - 2013-02-13 10:35 - 00060392 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll 2013-01-23 08:12 - 2013-01-23 08:12 - 00425016 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe 2013-09-10 10:04 - 2013-09-10 10:04 - 12915712 _____ () C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe 2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-01-16 18:01 - 2013-01-16 18:01 - 00069632 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll 2013-01-16 18:00 - 2013-01-16 18:00 - 00061440 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll 2013-01-16 18:01 - 2013-01-16 18:01 - 00229376 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll 2013-01-16 18:00 - 2013-01-16 18:00 - 00143360 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll 2013-01-16 18:01 - 2013-01-16 18:01 - 00348160 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll 2011-04-30 21:04 - 2011-04-30 21:04 - 00013312 _____ () C:\Program Files (x86)\MSI Afterburner\RTTSH.dll 2014-05-10 15:33 - 2014-05-10 15:33 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-09-10 15:52 - 2013-03-12 22:20 - 01199576 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:AD022376 ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: FlexNet Licensing Service 64 => 3 ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (05/11/2014 03:34:01 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: Name der fehlerhaften Anwendung: mbamscheduler.exe, Version: 2.0.23.0, Zeitstempel: 0x52f2947e Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften Prozesses: 0x4dc Startzeit der fehlerhaften Anwendung: 0xmbamscheduler.exe0 Pfad der fehlerhaften Anwendung: mbamscheduler.exe1 Pfad des fehlerhaften Moduls: mbamscheduler.exe2 Berichtskennung: mbamscheduler.exe3 Error: (05/11/2014 03:34:01 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: Name der fehlerhaften Anwendung: mbamscheduler.exe, Version: 2.0.23.0, Zeitstempel: 0x52f2947e Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften Prozesses: 0x1374 Startzeit der fehlerhaften Anwendung: 0xmbamscheduler.exe0 Pfad der fehlerhaften Anwendung: mbamscheduler.exe1 Pfad des fehlerhaften Moduls: mbamscheduler.exe2 Berichtskennung: mbamscheduler.exe3 Error: (05/11/2014 03:34:00 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 2.1.9.0, Zeitstempel: 0x530619b7 Name des fehlerhaften Moduls: mbamservice.exe, Version: 2.1.9.0, Zeitstempel: 0x530619b7 Ausnahmecode: 0x40000015 Fehleroffset: 0x0007d28a ID des fehlerhaften Prozesses: 0x1464 Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0 Pfad der fehlerhaften Anwendung: mbamservice.exe1 Pfad des fehlerhaften Moduls: mbamservice.exe2 Berichtskennung: mbamservice.exe3 Error: (05/11/2014 03:31:21 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 2.1.9.0, Zeitstempel: 0x530619b7 Name des fehlerhaften Moduls: mbamservice.exe, Version: 2.1.9.0, Zeitstempel: 0x530619b7 Ausnahmecode: 0x40000015 Fehleroffset: 0x0007d28a ID des fehlerhaften Prozesses: 0xa10 Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0 Pfad der fehlerhaften Anwendung: mbamservice.exe1 Pfad des fehlerhaften Moduls: mbamservice.exe2 Berichtskennung: mbamservice.exe3 Error: (05/11/2014 03:31:16 PM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/11/2014 03:30:53 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: Name der fehlerhaften Anwendung: mbamscheduler.exe, Version: 2.0.23.0, Zeitstempel: 0x52f2947e Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften Prozesses: 0x7c0 Startzeit der fehlerhaften Anwendung: 0xmbamscheduler.exe0 Pfad der fehlerhaften Anwendung: mbamscheduler.exe1 Pfad des fehlerhaften Moduls: mbamscheduler.exe2 Berichtskennung: mbamscheduler.exe3 Error: (05/11/2014 03:24:01 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: Name der fehlerhaften Anwendung: mbamscheduler.exe, Version: 2.0.23.0, Zeitstempel: 0x52f2947e Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften Prozesses: 0xfa4 Startzeit der fehlerhaften Anwendung: 0xmbamscheduler.exe0 Pfad der fehlerhaften Anwendung: mbamscheduler.exe1 Pfad des fehlerhaften Moduls: mbamscheduler.exe2 Berichtskennung: mbamscheduler.exe3 Error: (05/11/2014 03:24:00 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: Name der fehlerhaften Anwendung: mbamscheduler.exe, Version: 2.0.23.0, Zeitstempel: 0x52f2947e Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften Prozesses: 0xaf4 Startzeit der fehlerhaften Anwendung: 0xmbamscheduler.exe0 Pfad der fehlerhaften Anwendung: mbamscheduler.exe1 Pfad des fehlerhaften Moduls: mbamscheduler.exe2 Berichtskennung: mbamscheduler.exe3 Error: (05/11/2014 03:23:59 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 2.1.9.0, Zeitstempel: 0x530619b7 Name des fehlerhaften Moduls: mbamservice.exe, Version: 2.1.9.0, Zeitstempel: 0x530619b7 Ausnahmecode: 0x40000015 Fehleroffset: 0x0007d28a ID des fehlerhaften Prozesses: 0x11d4 Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0 Pfad der fehlerhaften Anwendung: mbamservice.exe1 Pfad des fehlerhaften Moduls: mbamservice.exe2 Berichtskennung: mbamservice.exe3 Error: (05/11/2014 03:23:28 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 2.1.9.0, Zeitstempel: 0x530619b7 Name des fehlerhaften Moduls: mbamservice.exe, Version: 2.1.9.0, Zeitstempel: 0x530619b7 Ausnahmecode: 0x40000015 Fehleroffset: 0x0007d28a ID des fehlerhaften Prozesses: 0xa50 Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0 Pfad der fehlerhaften Anwendung: mbamservice.exe1 Pfad des fehlerhaften Moduls: mbamservice.exe2 Berichtskennung: mbamservice.exe3 System errors: ============= Error: (05/11/2014 03:34:01 PM) (Source: Service Control Manager) (User: ) (EventID: 7000) Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (05/11/2014 03:34:01 PM) (Source: Service Control Manager) (User: ) (EventID: 7009) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMScheduler erreicht. Error: (05/11/2014 03:34:01 PM) (Source: Service Control Manager) (User: ) (EventID: 7000) Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (05/11/2014 03:34:01 PM) (Source: Service Control Manager) (User: ) (EventID: 7009) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMScheduler erreicht. Error: (05/11/2014 03:34:01 PM) (Source: Service Control Manager) (User: ) (EventID: 7034) Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert. Error: (05/11/2014 03:31:54 PM) (Source: Service Control Manager) (User: ) (EventID: 7023) Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet: %%-2147024891 Error: (05/11/2014 03:31:29 PM) (Source: Service Control Manager) (User: ) (EventID: 7034) Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/11/2014 03:31:08 PM) (Source: Service Control Manager) (User: ) (EventID: 7000) Description: Der Dienst "Util Surftastic" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (05/11/2014 03:30:59 PM) (Source: Service Control Manager) (User: ) (EventID: 7000) Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (05/11/2014 03:30:59 PM) (Source: Service Control Manager) (User: ) (EventID: 7009) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMScheduler erreicht. Microsoft Office Sessions: ========================= Error: (05/11/2014 03:34:01 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: mbamscheduler.exe2.0.23.052f2947eMSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd4dc01cf6d1dab5977ceC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dlle906ae8e-d910-11e3-912d-d43d7ebdbc00 Error: (05/11/2014 03:34:01 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: mbamscheduler.exe2.0.23.052f2947eMSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd137401cf6d1dab45a1acC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dlle8f45f0c-d910-11e3-912d-d43d7ebdbc00 Error: (05/11/2014 03:34:00 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: mbamservice.exe2.1.9.0530619b7mbamservice.exe2.1.9.0530619b7400000150007d28a146401cf6d1da75972ffC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exee8c38b08-d910-11e3-912d-d43d7ebdbc00 Error: (05/11/2014 03:31:21 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: mbamservice.exe2.1.9.0530619b7mbamservice.exe2.1.9.0530619b7400000150007d28aa1001cf6d1d3f0d24ceC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe89bf7e02-d910-11e3-912d-d43d7ebdbc00 Error: (05/11/2014 03:31:16 PM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/11/2014 03:30:53 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: mbamscheduler.exe2.0.23.052f2947eMSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd7c001cf6d1d316384ecC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dll7926ad2a-d910-11e3-912d-d43d7ebdbc00 Error: (05/11/2014 03:24:01 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: mbamscheduler.exe2.0.23.052f2947eMSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdfa401cf6d1c458f7f67C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dll833cb628-d90f-11e3-a0d0-d43d7ebdbc00 Error: (05/11/2014 03:24:00 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: mbamscheduler.exe2.0.23.052f2947eMSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdaf401cf6d1c457d2fe6C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dll832bed46-d90f-11e3-a0d0-d43d7ebdbc00 Error: (05/11/2014 03:23:59 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: mbamservice.exe2.1.9.0530619b7mbamservice.exe2.1.9.0530619b7400000150007d28a11d401cf6d1c416de8d6C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe821f5f2d-d90f-11e3-a0d0-d43d7ebdbc00 Error: (05/11/2014 03:23:28 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: mbamservice.exe2.1.9.0530619b7mbamservice.exe2.1.9.0530619b7400000150007d28aa5001cf6d1c26106672C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe6fc1377b-d90f-11e3-a0d0-d43d7ebdbc00 CodeIntegrity Errors: =================================== Date: 2014-05-11 10:25:53.003 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\CF\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-05-11 10:25:52.983 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\CF\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 26% Total physical RAM: 8120.6 MB Available physical RAM: 5953.61 MB Total Pagefile: 16239.38 MB Available Pagefile: 13544.28 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:503.75 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 88570D40) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Gruß Manuel Geändert von Manuel.E (11.05.2014 um 14:49 Uhr) |
11.05.2014, 14:48 | #12 |
/// TB-Ausbilder /// Anleitungs-Guru | Antiviren- und Antimalwareprogramme können nicht installiert oder geöffnet werden, Firewall wurde auch deaktiviert. Gerne! Wir bleiben beim DU, OK? Weitere Anweisungen folgen....
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
11.05.2014, 16:11 | #13 |
/// TB-Ausbilder /// Anleitungs-Guru | Antiviren- und Antimalwareprogramme können nicht installiert oder geöffnet werden, Firewall wurde auch deaktiviert. So gehts weiter... Schritt 1 ESET Online Scanner
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
11.05.2014, 18:00 | #14 |
| Antiviren- und Antimalwareprogramme können nicht installiert oder geöffnet werden, Firewall wurde auch deaktiviert.Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=ab88f0d694b4204a85908fa1b48cbb6d # engine=18219 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-05-11 04:55:57 # local_time=2014-05-11 06:55:57 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 1413231 151457207 0 0 # scanned=164003 # found=3 # cleaned=0 # scan_time=3623 sh=1AE672D6821B7F7C17B2CCCE440A4CF9CCD5DF61 ft=1 fh=934c6409541a48b0 vn="Variante von Win32/Injector.BDCP Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\folder\mtqadjqbe.exe.vir" sh=FEC7F50106423390FBF356F93D6398BD0D4301E6 ft=1 fh=ac8fa984cdaa6a95 vn="Win32/Adware.1ClickDownload.AJ Anwendung" ac=I fn="C:\Users\Gaming pc\AppData\Local\Google\Chrome\User Data\Default\File System\015\t\00\00000000" sh=31A6BAB451D4A3E64B816CF69EE23214011473DF ft=0 fh=0000000000000000 vn="VBS/Runner.NBV Trojaner" ac=I fn="C:\Users\Gaming pc\kpo7vgeu6mu71\71463.vbs" |
11.05.2014, 19:30 | #15 |
/// TB-Ausbilder /// Anleitungs-Guru | Antiviren- und Antimalwareprogramme können nicht installiert oder geöffnet werden, Firewall wurde auch deaktiviert. OK, auf gehts in die letzte Runde... Schritt 1 Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=a11465-172&apn_uid=3361143290744442&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKCU - URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPCAF66BCF-5A15-45D9-AAD8-951C2A465CDD&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION S2 APNMCP; "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe" [X] S2 Util Surftastic; "C:\Program Files (x86)\Surftastic\bin\utilSurftastic.exe" [X] 2014-05-09 16:17 - 2014-05-09 16:17 - 00000000 ____D () C:\Program Files\Enigma Software Group C:\Users\Gaming pc\kpo7vgeu6mu71 C:\Users\Gaming pc\AppData\Local\Google\Chrome\User Data\Default\File System\015\t\00\00000000 AlternateDataStreams: C:\ProgramData\TEMP:AD022376 AVG 2014 (Version: 14.0.3882 - AVG Technologies) Hidden
Schritt 2 Ich sehe in den Logfiles keine laufende Anti-Viren-Software. Was ist mit AVG 2014? Gibt es Probleme? Du solltest es nach dem Fix von oben wieder in der Programmliste sehen und deinstallieren/reinstallieren können. Ansonsten kann ich empfehlen: Schritt 3 Java bitte von hier neu herunterladen und anschließend Deine Version Java 7 Update 45 deinstallieren. Grundsätzlich bei solchen Downloads (Flash etc.) die "optionalen Angebote" ablehnen... Schritt 4 Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
Themen zu Antiviren- und Antimalwareprogramme können nicht installiert oder geöffnet werden, Firewall wurde auch deaktiviert. |
admin, aktiviere, aktivieren, angemeldet, antimalwareprogramme, avira, avira funktioniert nicht, berechtigungen, deaktiviert, festgestellt, firewall, firewall deaktiviert, gemeldet, gestellt, gestern, hoffe, installier, installiert, malwarebytes, malwarebytes geht nicht, meldung, nicht mehr, nicht mehr öffnen, problem, windows, windows firewall, öffnen |