| |
| |||||||
Log-Analyse und Auswertung: Windows 7 : PC und Internet langsamWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.07.2014, 14:56
| #1 |
| |  Windows 7 : PC und Internet langsam Hallo mein PC hängt sich seit neustem immer auf, er friert mitten im Betrieb für mehrere Sekunden ein, Videos in einem Tab streamen und im anderen Tab etwas schauen funktioniert nicht ohne Ruckler. Außerdem habe ich eine 8k Internetleitung , mehrere male schon den Speedtest gemacht. Doch Seiten laden sich erst in 6-8 Sekunden, zudem hängen sich Seiten oft auf. Ich gehe davon aus das mein Rechner infiziert ist. Zugegeben, mein PC ist nicht der Neuste (7 Jahre alt) allerdings habe ich ihn erst vor 3 Tagen entstaubt und gereinigt. GMER Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-22 15:21:33
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320820AS rev.3.AAD 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\****\AppData\Local\Temp\pwtorpog.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0x8E074990]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcConnectPort [0x8E0251CE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0x8E025400]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0x8E024FC8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0x8E07755C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0x8E07698C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0x8E076BD8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0x8E07651E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0x8E015640]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0x8E074AD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadDriver [0x8E0745FE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0x8E077312]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0x8E076052]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0x8E07778C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0x8E07667E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0x8E0771C6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0x8E0252D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0x8E076EE2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0x8E0250C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0x8E077048]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0x8E015A5A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSystemInformation [0x8E074936]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0x8E07625A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0x8E076D82]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSystemDebugControl [0x8E015A6C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0x8E0763C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0x8E076882]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0x8E077894]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0x8E07761E]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 83057A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83091212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 8309846C 4 Bytes [90, 49, 07, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 83098494 4 Bytes [CE, 51, 02, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 830984D8 4 Bytes [00, 54, 02, 8E] {ADD [EDX+EAX-0x72], DL}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 83098528 4 Bytes [C8, 4F, 02, 8E] {ENTER 0x24f, 0x8e}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 8309858C 4 Bytes [5C, 75, 07, 8E]
.text ...
---- EOF - GMER 2.1 ----
DEFOGGER
Log created at 14:36 on 22/07/2014 (****) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-07-2014
Ran by **** at 2014-07-22 14:39:44
Running from C:\Users\****\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
Bundled software uninstaller (HKLM\...\bi_uninstaller) (Version: - ) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CPUID CPU-Z 1.69.2 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Cross Fire En (HKLM\...\Cross Fire_is1) (Version: - Z8Games.com)
DarkComet RAT Remover version 1.0 (HKLM\...\DarkComet RAT Remover_is1) (Version: 1.0 - Phrozen ® Software 2012.)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
f.lux (HKCU\...\Flux) (Version: - )
FLV Player 2.0 (build 25) (HKLM\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser)
Free YouTube to MP3 Converter version 3.11.32.918 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.32.918 - DVDVideoSoft Ltd.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (Version: 1.3.21.145 - Google Inc.) Hidden
Java Auto Updater (Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Kaspersky Internet Security (HKLM\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Basic PowerPacks 10.0 (HKLM\...\{85317F07-8719-36EF-B19E-B196F383D0F3}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MSI Afterburner 3.0.1 (HKLM\...\Afterburner) (Version: 3.0.1 - MSI Co., LTD)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
Nexon Game Manager (HKLM\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version: - )
NVIDIA 3D Vision Controller-Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.21 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3221 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Ralink RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.19.2 - Ralink)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Samsung SyncMaster 3D Game Launcher (TriDef 3D) 1.1 (HKLM\...\experience-samsung-mon-bundle) (Version: 1.1 - Dynamic Digital Depth Australia Pty Ltd)
Sandboxie 4.12 (32-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM\...\{943A8D28-80D6-41DC-AE94-81FEB42041BF}) (Version: 4.5.1.0 - Husdawg, LLC)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VIA Rhine Family Fast Ethernet Adapter (HKLM\...\VN_VUIns_Rhine_VIA) (Version: - VIA Technologies, Inc.)
WarRock (HKLM\...\Warrock EU) (Version: - )
Windows 7 USB/DVD Download Tool (HKLM\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Utils (HKLM\...\Windows Utils) (Version: - )
WinRAR 4.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
World of Tanks (HKLM\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1) (Version: - Wargaming.net)
Yahoo Community Smartbar (HKLM\...\{1897D0E7-2AA7-421D-9B12-4B0CBC1AB7C7}) (Version: 1.133.66.11819 - Linkury Inc.) <==== ATTENTION
==================== Restore Points =========================
07-06-2014 00:27:33 Windows-Sicherung
13-06-2014 18:11:22 Windows-Sicherung
15-06-2014 19:47:42 Windows-Sicherung
08-07-2014 21:20:24 Windows-Sicherung
10-07-2014 10:34:10 Installed Windows 7 USB/DVD Download Tool
13-07-2014 17:00:37 Windows-Sicherung
14-07-2014 07:50:13 Windows Update
16-07-2014 16:28:19 Installiert Ralink Wireless LAN
20-07-2014 17:26:59 Windows-Sicherung
==================== Hosts content: ==========================
2009-07-14 04:04 - 2014-01-17 23:11 - 00450837 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.codercf.jimdo.com
127.0.0.1 codercf.jimdo.com
127.0.0.1 xdcrossmang.com
127.0.0.1 www.xdcrossmang.com
127.0.0.1 ger-hacks.forumieren.com
127.0.0.1 www.ger-hacks.forumieren.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {00FA8981-6794-4C45-8863-287692B002E9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {02696B56-BD14-4235-B2B7-D5F2C9E77517} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {36F8E8E8-C9E8-47AE-BD01-09FDB7A6EDBD} - System32\Tasks\BrowserProtect => Sc.exe start BrowserProtect
Task: {5564A133-4C26-4BCC-A3F4-A06BE15BD294} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {672A8AB2-8981-4A22-8C9D-A0E9C4B334BD} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {7310939A-BC94-450E-BCDB-7A3FF38CE6DE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {8EEE12A6-D5C0-457E-AC6A-03B22CB98288} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2705547614-3527389456-357161654-1000UA => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-31] (Google Inc.)
Task: {A9DB74A9-8E37-4DB0-A273-3FB3EE004323} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {B3B4D619-5905-4420-AE0E-20AAFA42D776} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {EF9C7EF4-E03D-4D93-80B2-3B8BBFE0C5D9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-19] (Piriform Ltd)
Task: {F931FE52-3961-4754-9C02-77F5D206F64D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2705547614-3527389456-357161654-1000Core => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-31] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2705547614-3527389456-357161654-1000Core.job => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2705547614-3527389456-357161654-1000UA.job => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-01-25 18:08 - 2013-12-19 20:37 - 00107296 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2013-02-23 03:32 - 2013-02-23 03:32 - 00702248 _____ () C:\Program Files\Hotspot Shield\bin\af_proxy.dll
2013-02-23 03:33 - 2013-02-23 03:33 - 00389928 _____ () C:\Program Files\Hotspot Shield\bin\hsswd.exe
2014-01-17 23:07 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-01-17 23:07 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-01-17 23:07 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-01-17 23:07 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-01-17 23:07 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2012-02-08 15:26 - 2014-07-22 14:25 - 00057344 _____ () C:\ProgramData\DivX\Setup\RunAsUser\RUNASUSERPROCESS.dll
2014-07-19 15:31 - 2014-07-15 11:24 - 00718664 _____ () C:\Users\****\AppData\Local\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-19 15:31 - 2014-07-15 11:24 - 00126280 _____ () C:\Users\****\AppData\Local\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-19 15:31 - 2014-07-15 11:24 - 08537928 _____ () C:\Users\****\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-19 15:31 - 2014-07-15 11:24 - 00353096 _____ () C:\Users\****\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-19 15:31 - 2014-07-15 11:24 - 01732936 _____ () C:\Users\****\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-19 15:31 - 2014-07-15 11:24 - 14664008 _____ () C:\Users\****\AppData\Local\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
2014-07-22 14:36 - 2014-07-22 14:36 - 00050477 _____ () C:\Users\****\Downloads\Defogger.exe
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\****\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\****\AppData\Roaming:NT
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk => C:\Windows\pss\GamersFirst LIVE!.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^net.lnk => C:\Windows\pss\net.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\****\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: F.lux => "C:\Users\****\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
MSCONFIG\startupreg: Google Update => "C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: ICQ => "C:\Program Files\ICQ7.7\ICQ.exe" silent loginmode=4
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Nvtmru => "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SearchSettings => "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => c:\program files\common files\java\java update\jusched.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/21/2014 04:33:53 PM) (Source: MSMQ) (EventID: 2170) (User: )
Description: Message Queuing konnte nicht an Port 1801 binden. Möglichweise ist der Port bereits an einen anderen Prozess gebunden. Vergewissern Sie sich, dass der Port nicht belegt ist, und versuchen Sie Message Queuing erneut zu starten. Geben Sie den Port frei, und führen Sie Setup erneut aus, falls dieses Problem während Setup auftritt.
Error: (07/21/2014 01:19:39 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/21/2014 00:48:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/21/2014 11:26:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: sechost.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdb04
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000094a2
ID des fehlerhaften Prozesses: 0x1ac
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (07/20/2014 08:45:32 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Am Sicherungsspeicherort ist nicht genügend freier Speicherplatz verfügbar, um die Daten zu sichern. (0x80780048)"
Error: (07/20/2014 11:58:26 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/19/2014 02:25:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/19/2014 01:48:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm mbam.exe, Version 1.0.0.500 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 8e0
Startzeit: 01cfa32929490603
Endzeit: 408
Anwendungspfad: C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
Berichts-ID: 8c02f936-0f3a-11e4-9402-0019dbaf344a
Error: (07/19/2014 00:26:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/19/2014 08:36:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvBackend.exe, Version: 10.11.15.0, Zeitstempel: 0x52a6776c
Name des fehlerhaften Moduls: nvspcap.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x52a67618
Ausnahmecode: 0xc0000005
Fehleroffset: 0x100077e2
ID des fehlerhaften Prozesses: 0xbcc
Startzeit der fehlerhaften Anwendung: 0xNvBackend.exe0
Pfad der fehlerhaften Anwendung: NvBackend.exe1
Pfad des fehlerhaften Moduls: NvBackend.exe2
Berichtskennung: NvBackend.exe3
System errors:
=============
Error: (07/22/2014 01:06:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Ralink UPnP Media Server erreicht.
Error: (07/22/2014 01:05:45 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 21.07.2014 um 23:42:15 unerwartet heruntergefahren.
Error: (07/21/2014 04:34:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Ralink UPnP Media Server erreicht.
Error: (07/21/2014 04:33:25 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 21.07.2014 um 14:00:32 unerwartet heruntergefahren.
Error: (07/21/2014 11:28:50 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Funktionssuche-Ressourcenveröffentlichung" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (07/21/2014 11:26:54 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "SSDP-Suche" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (07/21/2014 11:26:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "UPnP-Gerätehost" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/21/2014 11:26:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "SSDP-Suche" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/21/2014 11:26:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/21/2014 11:23:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Microsoft Office Sessions:
=========================
Error: (07/21/2014 04:33:53 PM) (Source: MSMQ) (EventID: 2170) (User: )
Description:
Error: (07/21/2014 01:19:39 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Z8Games\crossfire\Aegis64.exe
Error: (07/21/2014 00:48:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Z8Games\crossfire\Aegis64.exe
Error: (07/21/2014 11:26:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100sechost.dll6.1.7600.163854a5bdb04c0000005000094a21ac01cfa4c50ec2d2f0C:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\sechost.dll21556911-10b9-11e4-9495-0019dbaf344a
Error: (07/20/2014 08:45:32 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Am Sicherungsspeicherort ist nicht genügend freier Speicherplatz verfügbar, um die Daten zu sichern. (0x80780048)
Error: (07/20/2014 11:58:26 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Z8Games\crossfire\Aegis64.exe
Error: (07/19/2014 02:25:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Z8Games\crossfire\Aegis64.exe
Error: (07/19/2014 01:48:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.0.5008e001cfa32929490603408C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe8c02f936-0f3a-11e4-9402-0019dbaf344a
Error: (07/19/2014 00:26:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Z8Games\crossfire\Aegis64.exe
Error: (07/19/2014 08:36:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvBackend.exe10.11.15.052a6776cnvspcap.dll_unloaded0.0.0.052a67618c0000005100077e2bcc01cfa31b759fe9e2C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exenvspcap.dll0c8947f7-0f0f-11e4-9082-0019dbaf344a
CodeIntegrity Errors:
===================================
Date: 2014-07-21 13:20:02.637
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-21 13:20:02.637
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-21 13:20:02.637
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-21 13:20:02.622
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-21 13:20:02.606
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-21 13:20:02.606
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-21 13:20:02.591
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-21 13:20:02.591
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-21 13:20:02.591
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-21 13:20:02.559
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 58%
Total physical RAM: 2046.49 MB
Available physical RAM: 845.11 MB
Total Pagefile: 4092.98 MB
Available Pagefile: 2457.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.4 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:192.06 GB) (Free:58.86 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:94.03 GB) (Free:47.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 719ED030)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=192 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=94 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-07-2014
Ran by **** (administrator) on ****-PC on 22-07-2014 14:38:23
Running from C:\Users\****\Downloads
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\openvpnas.exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\HssWPR\HssSrv.exe
() C:\Program Files\Hotspot Shield\bin\hsswd.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Akamai Technologies, Inc.) C:\Users\****\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\****\AppData\Local\Akamai\netsession_win.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaRegistry.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Google Inc.) C:\Users\****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\****\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Users\****\Downloads\Defogger.exe
==================== Registry (Whitelisted) ==================
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\.DEFAULT\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-21] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2705547614-3527389456-357161654-1000\...\Run: [Akamai NetSession Interface] => C:\Users\****\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2705547614-3527389456-357161654-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2705547614-3527389456-357161654-1000\...\Run: [Google Update] => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-31] (Google Inc.)
HKU\S-1-5-21-2705547614-3527389456-357161654-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [631816 2014-05-29] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2705547614-3527389456-357161654-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe [841096 2014-03-12] (Adobe Systems Incorporated)
HKU\S-1-5-21-2705547614-3527389456-357161654-1000\...\MountPoints2: {00e0d951-334b-11e1-9f45-806e6f6e6963} - E:\Start.exe
HKU\S-1-5-21-2705547614-3527389456-357161654-1000\...\MountPoints2: {52fd4023-a9fb-11e2-9e4e-0019dbaf344a} - H:\Setup.exe
HKU\S-1-5-21-2705547614-3527389456-357161654-1000\...\MountPoints2: {8713ea7a-0a6e-11e3-8c10-0019dbaf344a} - H:\Setup.exe
HKU\S-1-5-21-2705547614-3527389456-357161654-1000\...\MountPoints2: {b71aec53-93d8-11e2-9c5d-0019dbaf344a} - G:\autorun.exe
HKU\S-1-5-21-2705547614-3527389456-357161654-1000\...\MountPoints2: {fc3f1201-05c3-11e3-9144-0019dbaf344a} - G:\autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB22015BCCE24CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/my_homepage/1024/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=12ef3cf9-983f-40be-2e44-07e6c83693bd&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=18/08/2013&type=hp1000
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=12ef3cf9-983f-40be-2e44-07e6c83693bd&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=18/08/2013&type=hp1000
SearchScopes: HKCU - DefaultScope {DB75C392-578C-4E7C-A415-8647B36F84C6} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=668083&p={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=12ef3cf9-983f-40be-2e44-07e6c83693bd&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=18/08/2013&type=hp1000
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_def_sps
SearchScopes: HKCU - {38ACA896-024C-494B-B6E7-6DE0EA364B40} URL = hxxp://searchou.com/?q={searchTerms}&id=8080fc2600000000000000ffc4c6fa08&r=203
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {DB75C392-578C-4E7C-A415-8647B36F84C6} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=668083&p={searchTerms}
SearchScopes: HKCU - {EFE0956E-5FEB-4CB3-B3D4-519760F459DF} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=668083&p={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{103B118E-5CF7-4CD8-BC2E-93912AB8F460}: [NameServer]192.168.2.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-04-03]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-04-03]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-04-03]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-04-03]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-04-03]
Chrome:
=======
CHR Extension: (Kaspersky Protection) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-04-05]
CHR Extension: (Adblock Plus) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-30]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-04-03]
CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-04-03]
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2013-03-15]
CHR Extension: (Modul zum Sperren von gefährlichen Webseiten) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-04-03]
CHR Extension: (Virtual Keyboard) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-04-03]
CHR Extension: (Slick Savings) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2014-04-24]
CHR Extension: (Amazon-Icon) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2013-09-12]
CHR Extension: (DvdVideoSoft Free Youtube Download) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2014-03-30]
CHR Extension: (Google Wallet) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (YouTube Unblocker) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl [2014-05-08]
CHR Extension: (Anti-Banner) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-04-03]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-04-03]
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx [2013-04-26]
CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\****\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2013-09-12]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\****\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-10-04]
CHR StartMenuInternet: Google Chrome - C:\Users\****\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 hshld; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [545576 2013-02-23] (AnchorFree Inc.)
R2 HssSrv; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [453928 2013-02-23] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-02-22] ()
R2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [389928 2013-02-23] ()
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [8704 2009-07-14] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14658848 2013-12-10] (NVIDIA Corporation)
R2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed]
S2 RaMediaServer; C:\Program Files\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [134664 2014-05-29] (Sandboxie Holdings, LLC)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
R3 FETNDIS; C:\Windows\System32\DRIVERS\FETN62.sys [53872 2011-04-25] (VIA Technologies, Inc. )
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [40136 2013-02-22] (AnchorFree Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-04-04] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2014-04-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-04-04] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-04-04] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-04-04] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [141824 2010-11-20] (Microsoft Corporation)
R3 MTKSCVAD; C:\Windows\System32\drivers\mtkvad.sys [37376 2012-07-16] (Ralink Technology, Corp.)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1321568 2012-08-17] (Ralink Technology Corp.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-05] (NVIDIA Corporation)
R0 RRamdisk; C:\Windows\System32\DRIVERS\rramdisk.sys [10368 2003-12-09] (gavotte) [File not signed]
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [160264 2014-05-29] (Sandboxie Holdings, LLC)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31360 2013-02-08] (The OpenVPN Project)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2012-01-05] (AnchorFree Inc)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-02-22] (Anchorfree Inc.)
S3 cpuz137; \??\C:\Users\****\AppData\Local\Temp\cpuz137\cpuz137_x32.sys [X]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 rhService04v3; \SystemRoot\PPEengine.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 XDva390; \??\C:\Windows\system32\XDva390.sys [X]
S3 XDva391; \??\C:\Windows\system32\XDva391.sys [X]
S3 XDva392; \??\C:\Windows\system32\XDva392.sys [X]
S3 XDva393; \??\C:\Windows\system32\XDva393.sys [X]
S3 XDva394; \??\C:\Windows\system32\XDva394.sys [X]
S3 XDva397; \??\C:\Windows\system32\XDva397.sys [X]
S3 XDva399; \??\C:\Windows\system32\XDva399.sys [X]
S3 XDva400; \??\C:\Windows\system32\XDva400.sys [X]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [X]
S3 XDva403; \??\C:\Windows\system32\XDva403.sys [X]
S3 XDva404; \??\C:\Windows\system32\XDva404.sys [X]
S3 XDva405; \??\C:\Windows\system32\XDva405.sys [X]
S3 XDva406; \??\C:\Windows\system32\XDva406.sys [X]
S3 XDva407; \??\C:\Windows\system32\XDva407.sys [X]
S3 XDva408; \??\C:\Windows\system32\XDva408.sys [X]
S3 XDva409; \??\C:\Windows\system32\XDva409.sys [X]
S3 XDva410; \??\C:\Windows\system32\XDva410.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-22 14:38 - 2014-07-22 14:39 - 00022436 _____ () C:\Users\****\Downloads\FRST.txt
2014-07-22 14:38 - 2014-07-22 14:38 - 00000000 ____D () C:\FRST
2014-07-22 14:37 - 2014-07-22 14:37 - 01080320 _____ (Farbar) C:\Users\****\Downloads\FRST.exe
2014-07-22 14:36 - 2014-07-22 14:37 - 00000472 _____ () C:\Users\****\Downloads\defogger_disable.log
2014-07-22 14:36 - 2014-07-22 14:36 - 00050477 _____ () C:\Users\****\Downloads\Defogger.exe
2014-07-22 14:36 - 2014-07-22 14:36 - 00000000 _____ () C:\Users\****\defogger_reenable
2014-07-22 14:26 - 2014-07-22 14:26 - 00000000 ____D () C:\Users\****\AppData\Local\DDMSettings
2014-07-22 14:23 - 2014-07-22 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-07-22 14:22 - 2014-07-22 14:23 - 00000000 ____D () C:\Program Files\DivX
2014-07-22 14:22 - 2014-07-22 14:23 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared
2014-07-22 14:21 - 2014-07-22 14:21 - 00999232 _____ (DivX, LLC) C:\Users\****\Downloads\DivXWebPlayerInstaller (1).exe
2014-07-22 14:17 - 2014-07-22 14:17 - 00999232 _____ (DivX, LLC) C:\Users\****\Downloads\DivXWebPlayerInstaller.exe
2014-07-20 10:36 - 2014-07-20 10:36 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-07-19 11:04 - 2014-07-19 11:04 - 00002797 _____ () C:\Users\****\Desktop\MH 3 truth.txt
2014-07-17 11:14 - 2014-07-17 11:14 - 00000101 _____ () C:\Users\****\Documents\WoT.bat
2014-07-16 18:35 - 2014-07-16 18:35 - 00000016 _____ () C:\Users\****\Documents\wlan passwort.txt
2014-07-16 18:33 - 2014-07-16 18:33 - 00000000 ____D () C:\ProgramData\Ralink
2014-07-16 18:32 - 2012-07-16 16:20 - 00037376 _____ (Ralink Technology, Corp.) C:\Windows\system32\Drivers\mtkvad.sys
2014-07-16 18:31 - 2014-07-16 18:31 - 00004039 _____ () C:\Windows\system32\RaCoInst.log
2014-07-16 18:31 - 2014-07-16 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ralink Wireless
2014-07-16 18:31 - 2011-09-08 05:51 - 00237568 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\ssleay32.dll
2014-07-16 18:31 - 2011-09-08 05:50 - 01100288 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\libeay32.dll
2014-07-16 18:31 - 2010-12-29 09:22 - 00822272 _____ () C:\Windows\system32\libstdc++-6.dll
2014-07-16 18:31 - 2010-12-29 09:22 - 00089088 _____ () C:\Windows\system32\libgcc_s_sjlj-1.dll
2014-07-16 18:30 - 2014-07-16 18:30 - 00000000 ____D () C:\ProgramData\Ralink Driver
2014-07-16 18:30 - 2012-08-17 22:31 - 01321568 _____ (Ralink Technology Corp.) C:\Windows\system32\Drivers\netr28u.sys
2014-07-16 18:30 - 2011-12-26 10:57 - 00238944 _____ (Ralink Technology, Inc.) C:\Windows\system32\RaCoInst.dll
2014-07-16 18:30 - 2011-12-26 10:57 - 00014119 _____ () C:\Windows\system32\RaCoInst.dat
2014-07-16 18:29 - 2014-07-16 18:30 - 00000000 ____D () C:\Program Files\Cisco
2014-07-16 18:29 - 2014-07-16 18:29 - 00000000 ____D () C:\Windows\system32\RaLanguages
2014-07-16 18:29 - 2014-07-16 18:29 - 00000000 ____D () C:\Program Files\Ralink
2014-07-16 18:29 - 2012-08-01 16:47 - 00795648 _____ (Ralink Technology, Corp.) C:\Windows\system32\RAIHV.dll
2014-07-16 18:29 - 2012-01-10 11:29 - 00117760 _____ (Ralink Technology, Corp.) C:\Windows\system32\RAEXTUI.dll
2014-07-16 18:29 - 2011-05-04 13:56 - 01608768 _____ (Ralink Technology, Corp.) C:\Windows\system32\RaCertMgr.dll
2014-07-16 18:29 - 2010-06-29 10:34 - 00480608 _____ () C:\Windows\system32\DiagFunc.dll
2014-07-16 18:29 - 2010-01-27 11:54 - 00000451 _____ () C:\Windows\system32\DiagFunc.ini
2014-07-16 18:27 - 2014-07-16 18:27 - 00000000 ____D () C:\Users\****\AppData\Roaming\InstallShield
2014-07-16 10:44 - 2014-07-16 10:44 - 00000000 ____D () C:\Users\****\Desktop\Neuer Ordner (2)
2014-07-15 14:00 - 2014-07-15 14:00 - 00001028 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2014-07-15 14:00 - 2014-07-15 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2014-07-15 14:00 - 2014-07-15 14:00 - 00000000 ____D () C:\Program Files\CPUID
2014-07-15 13:59 - 2014-07-15 13:59 - 01496480 _____ ( ) C:\Users\****\Downloads\cpu-z_1.692-setup-en.exe
2014-07-14 12:06 - 2014-07-14 12:07 - 00000000 ____D () C:\Program Files\MSI Afterburner
2014-07-14 12:06 - 2014-07-14 12:06 - 00001050 _____ () C:\Users\****\Desktop\MSI Afterburner.lnk
2014-07-14 12:06 - 2014-07-14 12:06 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2014-07-14 12:02 - 2014-07-14 12:03 - 29239096 _____ () C:\Users\****\Downloads\MSIAfterburnerSetup301.zip
2014-07-14 11:58 - 2014-07-14 11:58 - 00961360 _____ (Chip Digital GmbH) C:\Users\****\Downloads\MSI Afterburner - CHIP-Installer.exe
2014-07-13 04:19 - 2014-07-13 04:19 - 00000073 _____ () C:\Users\****\Desktop\test.bat
2014-07-10 13:13 - 2014-07-10 13:16 - 41117080 _____ () C:\Users\****\Downloads\WinSetupFromUSB-1-4_CB-DL-Manager [1].exe
2014-07-10 13:12 - 2014-07-10 13:12 - 00788832 _____ ( ) C:\Users\****\Downloads\WinSetupFromUSB-1-4_CB-DL-Manager.exe
2014-07-10 12:35 - 2014-07-10 12:36 - 00000000 ____D () C:\Users\****\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2014-07-10 12:35 - 2014-07-10 12:35 - 00002510 _____ () C:\Users\****\Desktop\Windows 7 USB DVD Download Tool.lnk
2014-07-10 12:35 - 2014-07-10 12:35 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2014-07-10 12:32 - 2014-07-10 12:33 - 02721168 _____ (Microsoft Corporation) C:\Users\****\Downloads\Windows7-USB-DVD1024-tool.exe
2014-07-10 12:09 - 2014-07-10 12:11 - 03469871 _____ (LIGHTNING UK!) C:\Users\****\Downloads\SetupImgBurn_2.5.8.0.exe
2014-07-10 12:06 - 2014-07-10 12:12 - 00000000 ____D () C:\Users\****\Desktop\gdg
2014-07-10 03:40 - 2014-07-10 03:40 - 00363160 _____ () C:\Users\****\Downloads\Windows_7_Activation_Key_(serial_key)_Works_on_all_windows_7_versions.exe
2014-07-10 03:26 - 2014-07-10 04:39 - 3192264704 _____ () C:\Users\****\Downloads\X15-65741.iso
2014-07-09 19:30 - 2014-07-22 13:06 - 00008839 _____ () C:\Windows\setupact.log
2014-07-09 19:30 - 2014-07-09 19:30 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-09 03:06 - 2014-07-09 03:06 - 00000000 ___RD () C:\Sandbox
2014-07-09 03:04 - 2014-07-21 11:21 - 00001638 _____ () C:\Windows\Sandboxie.ini
2014-07-09 03:04 - 2014-07-09 03:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-07-09 03:04 - 2014-07-09 03:03 - 00001073 _____ () C:\Users\****\Desktop\Sandboxed Web Browser.lnk
2014-07-09 03:03 - 2014-07-09 03:03 - 00000000 ____D () C:\Program Files\Sandboxie
2014-07-09 03:02 - 2014-07-09 03:02 - 00961360 _____ (Chip Digital GmbH) C:\Users\****\Downloads\Sandboxie - CHIP-Installer.exe
2014-07-08 23:27 - 2014-07-08 23:27 - 00000000 ___RD () C:\Users\****\Documents\Notes
==================== One Month Modified Files and Folders =======
2014-07-22 14:39 - 2014-07-22 14:38 - 00022436 _____ () C:\Users\****\Downloads\FRST.txt
2014-07-22 14:38 - 2014-07-22 14:38 - 00000000 ____D () C:\FRST
2014-07-22 14:37 - 2014-07-22 14:37 - 01080320 _____ (Farbar) C:\Users\****\Downloads\FRST.exe
2014-07-22 14:37 - 2014-07-22 14:36 - 00000472 _____ () C:\Users\****\Downloads\defogger_disable.log
2014-07-22 14:36 - 2014-07-22 14:36 - 00050477 _____ () C:\Users\****\Downloads\Defogger.exe
2014-07-22 14:36 - 2014-07-22 14:36 - 00000000 _____ () C:\Users\****\defogger_reenable
2014-07-22 14:36 - 2011-12-31 03:26 - 00000000 ____D () C:\Users\****
2014-07-22 14:26 - 2014-07-22 14:26 - 00000000 ____D () C:\Users\****\AppData\Local\DDMSettings
2014-07-22 14:23 - 2014-07-22 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-07-22 14:23 - 2014-07-22 14:22 - 00000000 ____D () C:\Program Files\DivX
2014-07-22 14:23 - 2014-07-22 14:22 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared
2014-07-22 14:23 - 2012-02-08 15:21 - 00000000 ____D () C:\ProgramData\DivX
2014-07-22 14:22 - 2014-03-27 14:54 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2705547614-3527389456-357161654-1000UA.job
2014-07-22 14:21 - 2014-07-22 14:21 - 00999232 _____ (DivX, LLC) C:\Users\****\Downloads\DivXWebPlayerInstaller (1).exe
2014-07-22 14:17 - 2014-07-22 14:17 - 00999232 _____ (DivX, LLC) C:\Users\****\Downloads\DivXWebPlayerInstaller.exe
2014-07-22 13:12 - 2012-05-17 14:59 - 01453385 _____ () C:\Windows\WindowsUpdate.log
2014-07-22 13:11 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-22 13:11 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-22 13:08 - 2014-05-08 21:29 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-22 13:07 - 2012-03-03 21:30 - 00000000 ____D () C:\Users\****\AppData\Roaming\Skype
2014-07-22 13:06 - 2014-07-09 19:30 - 00008839 _____ () C:\Windows\setupact.log
2014-07-22 13:06 - 2014-04-03 19:18 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-22 13:05 - 2012-01-25 18:09 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-22 13:05 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-21 23:21 - 2014-03-27 14:54 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2705547614-3527389456-357161654-1000Core.job
2014-07-21 11:21 - 2014-07-09 03:04 - 00001638 _____ () C:\Windows\Sandboxie.ini
2014-07-20 19:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-07-20 10:36 - 2014-07-20 10:36 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-07-19 11:04 - 2014-07-19 11:04 - 00002797 _____ () C:\Users\****\Desktop\MH 3 truth.txt
2014-07-17 12:44 - 2011-12-31 03:31 - 01640528 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-17 11:14 - 2014-07-17 11:14 - 00000101 _____ () C:\Users\****\Documents\WoT.bat
2014-07-16 18:35 - 2014-07-16 18:35 - 00000016 _____ () C:\Users\****\Documents\wlan passwort.txt
2014-07-16 18:33 - 2014-07-16 18:33 - 00000000 ____D () C:\ProgramData\Ralink
2014-07-16 18:31 - 2014-07-16 18:31 - 00004039 _____ () C:\Windows\system32\RaCoInst.log
2014-07-16 18:31 - 2014-07-16 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ralink Wireless
2014-07-16 18:30 - 2014-07-16 18:30 - 00000000 ____D () C:\ProgramData\Ralink Driver
2014-07-16 18:30 - 2014-07-16 18:29 - 00000000 ____D () C:\Program Files\Cisco
2014-07-16 18:29 - 2014-07-16 18:29 - 00000000 ____D () C:\Windows\system32\RaLanguages
2014-07-16 18:29 - 2014-07-16 18:29 - 00000000 ____D () C:\Program Files\Ralink
2014-07-16 18:29 - 2012-02-10 23:42 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-07-16 18:27 - 2014-07-16 18:27 - 00000000 ____D () C:\Users\****\AppData\Roaming\InstallShield
2014-07-16 15:59 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-16 10:44 - 2014-07-16 10:44 - 00000000 ____D () C:\Users\****\Desktop\Neuer Ordner (2)
2014-07-15 14:00 - 2014-07-15 14:00 - 00001028 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2014-07-15 14:00 - 2014-07-15 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2014-07-15 14:00 - 2014-07-15 14:00 - 00000000 ____D () C:\Program Files\CPUID
2014-07-15 13:59 - 2014-07-15 13:59 - 01496480 _____ ( ) C:\Users\****\Downloads\cpu-z_1.692-setup-en.exe
2014-07-14 12:07 - 2014-07-14 12:06 - 00000000 ____D () C:\Program Files\MSI Afterburner
2014-07-14 12:06 - 2014-07-14 12:06 - 00001050 _____ () C:\Users\****\Desktop\MSI Afterburner.lnk
2014-07-14 12:06 - 2014-07-14 12:06 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2014-07-14 12:03 - 2014-07-14 12:02 - 29239096 _____ () C:\Users\****\Downloads\MSIAfterburnerSetup301.zip
2014-07-14 11:58 - 2014-07-14 11:58 - 00961360 _____ (Chip Digital GmbH) C:\Users\****\Downloads\MSI Afterburner - CHIP-Installer.exe
2014-07-14 11:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-13 04:19 - 2014-07-13 04:19 - 00000073 _____ () C:\Users\****\Desktop\test.bat
2014-07-10 13:16 - 2014-07-10 13:13 - 41117080 _____ () C:\Users\****\Downloads\WinSetupFromUSB-1-4_CB-DL-Manager [1].exe
2014-07-10 13:12 - 2014-07-10 13:12 - 00788832 _____ ( ) C:\Users\****\Downloads\WinSetupFromUSB-1-4_CB-DL-Manager.exe
2014-07-10 12:36 - 2014-07-10 12:35 - 00000000 ____D () C:\Users\****\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2014-07-10 12:35 - 2014-07-10 12:35 - 00002510 _____ () C:\Users\****\Desktop\Windows 7 USB DVD Download Tool.lnk
2014-07-10 12:35 - 2014-07-10 12:35 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2014-07-10 12:33 - 2014-07-10 12:32 - 02721168 _____ (Microsoft Corporation) C:\Users\****\Downloads\Windows7-USB-DVD1024-tool.exe
2014-07-10 12:12 - 2014-07-10 12:06 - 00000000 ____D () C:\Users\****\Desktop\gdg
2014-07-10 12:11 - 2014-07-10 12:09 - 03469871 _____ (LIGHTNING UK!) C:\Users\****\Downloads\SetupImgBurn_2.5.8.0.exe
2014-07-10 04:39 - 2014-07-10 03:26 - 3192264704 _____ () C:\Users\****\Downloads\X15-65741.iso
2014-07-10 03:40 - 2014-07-10 03:40 - 00363160 _____ () C:\Users\****\Downloads\Windows_7_Activation_Key_(serial_key)_Works_on_all_windows_7_versions.exe
2014-07-09 19:30 - 2014-07-09 19:30 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-09 03:06 - 2014-07-09 03:06 - 00000000 ___RD () C:\Sandbox
2014-07-09 03:04 - 2014-07-09 03:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-07-09 03:03 - 2014-07-09 03:04 - 00001073 _____ () C:\Users\****\Desktop\Sandboxed Web Browser.lnk
2014-07-09 03:03 - 2014-07-09 03:03 - 00000000 ____D () C:\Program Files\Sandboxie
2014-07-09 03:02 - 2014-07-09 03:02 - 00961360 _____ (Chip Digital GmbH) C:\Users\****\Downloads\Sandboxie - CHIP-Installer.exe
2014-07-08 23:27 - 2014-07-08 23:27 - 00000000 ___RD () C:\Users\****\Documents\Notes
Files to move or delete:
====================
C:\Users\****\War_Rock_10182011_G1_Xfire.exe
Some content of TEMP:
====================
C:\Users\****\AppData\Local\Temp\vcredist_x86.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-18 11:14
==================== End Of Log ============================
|
|
22.07.2014, 15:14
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7 : PC und Internet langsam hi,
__________________Adware & Co. deinstallieren
Scan mit Combofix
__________________ |
|
| Themen zu Windows 7 : PC und Internet langsam |
| amazon-icon, antivir, avira, avp, bluestacks, converter, coupons, cpu-z, desktop, dvdvideosoft ltd., ebanking, ebay, firefox, flash player, helper, hotspot, hängen, hängt, internet langsam, internetleitung, langsam, lightning, linkury, mp3, nvbackend, problem, programm, refresh, scan, security, sekunden, server, software, speedtest, svchost.exe, system, updates, vcredist, vergewissern sie sich, windows |
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
WARNUNG an die MITLESER: 
Linear-Darstellung
