| |
| |||||||
Log-Analyse und Auswertung: Videos stoppen nach ein paar Sekunden und alles läuft langsam nach einem Virenscann von Avast.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
01.08.2014, 05:07
| #1 |
| |  Videos stoppen nach ein paar Sekunden und alles läuft langsam nach einem Virenscann von Avast. Hallo, Ich habe mir die Punkte durchgelesen, die ich zu verfolgen hatte, jedoch hat "Defogger" gesagt, dass sie bereits deaktiviert ist, ich weiß jetzt nicht ob das gut oder schlecht ist, zu meinem Problem, ich hatte durch einen Freund die Frage bekommen ob die Seite " hxxp://steam-cards.com " denn sicher sei, daraufhin habe ich draufgeklickt und habe ihn gesagt, dass es sehr gut aussieht ich aber denke, dass es sich um ein Virus handelt, habe dennoch auf sein "Click" geklickt, damit er klicks bekommt. Da ich zuvor kein Virus Programm hatte, habe ich Avast durchlaufen lassen (10 Bedrohungen, alle in den Container gepackt) und seit dem geht kein Video mehr, es lädt, stoppt aber nach wenigen Sekunden aber es lädt weiter. Ich bitte um Hilfe, vielen dank. ^^ Geändert von MarcelWeißNi (01.08.2014 um 05:39 Uhr) |
|
01.08.2014, 05:56
| #2 |
| /// the machine /// TB-Ausbilder    | Videos stoppen nach ein paar Sekunden und alles läuft langsam nach einem Virenscann von Avast. Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
01.08.2014, 06:00
| #3 |
| | Videos stoppen nach ein paar Sekunden und alles läuft langsam nach einem Virenscann von Avast. Tut mir Leid
__________________ Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-07-2014 02 Ran by Marcel at 2014-08-01 06:15:44 Running from C:\Users\Marcel\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated) Aeria Ignite (HKLM\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment) Aeria Ignite (HKLM\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment) Aeria Ignite (Version: 1.13.3296 - Aeria Games & Entertainment) Hidden AION Free-to-Play (HKLM\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version: - Gameforge) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software) Battlelog Web Plugins (HKLM\...\Battlelog Web Plugins) (Version: 2.1.7 - EA Digital Illusions CE AB) Blender (HKLM\...\Blender) (Version: 2.67 - Blender Foundation) Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.100.82.95 - Broadcom Corporation) Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation) BrowserSafeguard with Rockettab (HKLM\...\BrowserSafeguard) (Version: - BrowserSafeguard with Rockettab) <==== ATTENTION Bundled software uninstaller (HKLM\...\bi_uninstaller) (Version: - ) <==== ATTENTION Cisco EAP-FAST Module (Version: 2.2.14 - Cisco Systems, Inc.) Hidden Cisco LEAP Module (Version: 1.0.19 - Cisco Systems, Inc.) Hidden Cisco PEAP Module (Version: 1.1.6 - Cisco Systems, Inc.) Hidden Cobalt (HKLM\...\Cobalt) (Version: - ) Craften Terminal 3.4.4 (HKLM\...\{4e7c3936-7c06-4ef0-928b-c5d92f372578}_is1) (Version: 3.4.4 - Craften.de) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd) DayZ (HKLM\...\Steam App 221100) (Version: - Bohemia Interactive) Dead Island Riptide (c) Deep Silver version 1 (HKLM\...\RGVhZCBJc2xhbmQgUmlwdGlkZSAoYykgRGVlcCBTaWx2ZXI=_is1) (Version: 1 - ) Delta Chrome Toolbar (HKLM\...\Delta Chrome Toolbar) (Version: - Delta) <==== ATTENTION Delta toolbar (HKLM\...\delta) (Version: 1.8.16.16 - Delta) <==== ATTENTION Desura (HKLM\...\Desura) (Version: 100.53 - Desura) Desura: ERIE (HKLM\...\Desura_81776177315872) (Version: Full - UGF) Don't Starve (HKLM\...\Steam App 219740) (Version: - Klei Entertainment) Dragonica (HKLM\...\{10C10382-F201-4466-9346-3646B181DF63}_is1) (Version: 092013 - Webzen Dublin Ltd.) EdenEternal-DE (HKLM\...\EdenEternal-DE) (Version: - ) Elsword_DE (HKLM\...\Elsword_DE_is1) (Version: - ) ESN Sonar (HKLM\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB) Fiesta Online DE 1.04.136 (HKLM\...\Fiesta Online DE) (Version: 1.04.136 - Gamigo games) File Identifier version 1.0.3 (HKLM\...\File Identifier_is1) (Version: 1.0.3 - ) File Viewer version 1.0.2 (HKLM\...\{C8B24B83-920A-446E-B027-38F72C9D8898}_is1) (Version: 1.0.2 - Sharpened Productions) FileZilla Client 3.6.0.2 (HKLM\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project) Fotogalerie (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Fraps (remove only) (HKLM\...\Fraps) (Version: - ) Free YouTube to MP3 Converter version 3.12.42.716 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.42.716 - DVDVideoSoft Ltd.) Gameforge Live 1.10.1 "Legend" (HKLM\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.10.1 - Gameforge) GameSpy Arcade (HKLM\...\GameSpy Arcade) (Version: - ) glindorus 2013.11.07.204448 (HKLM\...\glindorus) (Version: 2013.11.07.204448 - glindorus) <==== ATTENTION Glyph (HKLM\...\Glyph) (Version: - Trion Worlds, Inc.) GoforFiles (HKCU\...\GoforFiles) (Version: 1.7.1 - hxxp://www.goforfiles.com/) <==== ATTENTION Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.) Google Update Helper (Version: 1.3.23.0 - DealPly Technologies Ltd) Hidden <==== ATTENTION Hamachi 1.0.3.0 (HKLM\...\Hamachi) (Version: - ) Install(GE) (HKLM\...\{F916C6DF-2601-4385-9500-C45FF398D4CB}) (Version: 1.0 - AeriaGames) Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation) Java 7 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle) Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (Version: 3.0.1 - Riot Games ) Hidden LPT System Updater Service (HKLM\...\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}) (Version: 1.0.0.0 - LPT) <==== ATTENTION Maestia (HKLM\...\Maestia) (Version: - ) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden My Game Long Name (HKLM\...\UDK-c7aa2de6-ad58-4eea-a8f9-354f95499fe9) (Version: - Epic Games, Inc.) Neverwinter (HKLM\...\Neverwinter) (Version: - Cryptic Studios) Nexon Game Manager (HKLM\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version: - ) Nostale(DE) (HKLM\...\NosTale(DE)_is1) (Version: - Gameforge 4D GmbH) NVIDIA Grafiktreiber 267.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.21 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.265.39.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (HKLM\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation) NVIDIA Systemsteuerung 267.21 (Version: 267.21 - NVIDIA Corporation) Hidden Open Broadcaster Software (HKLM\...\Open Broadcaster Software) (Version: - ) OpenAL (HKLM\...\OpenAL) (Version: - ) Orcs Must Die! 2 (HKLM\...\Steam App 201790) (Version: - ) Origin (HKLM\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.) Pacman Bundle by SweetPacks (HKLM\...\Pacman Bundle by SweetPacks) (Version: 1.0.0.0 - SweetPacks LTD) <==== ATTENTION Photo Gallery (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Plus-HD-2.3 (HKLM\...\Plus-HD-2.3) (Version: 1.27.153.5 - Plus HD) <==== ATTENTION Portal 2 (HKLM\...\Steam App 620) (Version: - Valve) PricePeep (HKLM\...\PricePeep) (Version: 2.2.0.4 - betwikx LLC) <==== ATTENTION PS3 Media Server (HKLM\...\PS3 Media Server) (Version: 1.90.1 - PS3 Media Server) PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.) puush (HKLM\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert) QuickShare (HKLM\...\{11D4FAA0-A577-4FA8-B24E-D24283D861D1}) (Version: 11.24.60.15709 - Linkury Inc.) <==== ATTENTION RaiderZ (HKLM\...\RaiderZ) (Version: - Perfect World Entertainment) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.) RIFT (HKLM\...\Glyph RIFT) (Version: - Trion Worlds, Inc.) S.K.I.L.L. - Special Force 2 (HKLM\...\Special Force 2 Beta_is1) (Version: - ) S4 League_EU (HKLM\...\{9177CEEE-B308-4612-BD8C-AE621D3FF441}) (Version: 1.00.0000 - ) Sandboxie 3.76 (32-bit) (HKLM\...\Sandboxie) (Version: 3.76 - SANDBOXIE L.T.D) Search Protect (HKLM\...\SearchProtect) (Version: 2.13.3.38 - Client Connect LTD) <==== ATTENTION Shaiya (HKLM\...\Shaiya) (Version: - ) Shaiya-DE (HKLM\...\Shaiya-DE) (Version: - ) Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) SRWare Iron Version 23.0.1300.0 (HKLM\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: 23.0.1300.0 - SRWare) Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Surf and keeep (HKLM\...\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}) (Version: 3.0.0.1017 - Sourf and keeP) <==== ATTENTION TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH) TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer) The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios) Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Unturned (HKLM\...\Steam App 304930) (Version: - Nelson Sexton) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation) Vegas Pro 11.0 (HKLM\...\{B644D34F-0296-11E2-938E-F04DA23A5C58}) (Version: 11.0.700 - Sony) Virtual Audio Cable 4.12 (HKLM\...\Virtual Audio Cable 4.12) (Version: - ) Wajam (HKLM\...\Wajam) (Version: 1.80 - Wajam) <==== ATTENTION Windows Live Communications Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows Live Essentials (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Mail (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live PIMT Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Writer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Writer Resources (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) WinRAR 4.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) WinZip 17.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D6}) (Version: 17.0.10283 - WinZip Computing, S.L. ) Wireshark 1.10.5 (32-bit) (HKLM\...\Wireshark) (Version: 1.10.5 - The Wireshark developer community, hxxp://www.wireshark.org) WolfTeam-DE (HKLM\...\WolfTeam-DE) (Version: - ) World of Warcraft (HKLM\...\World of Warcraft) (Version: - Blizzard Entertainment) YGOPro DevPro Version 1.9.2r2 (HKLM\...\{3CF2634F-3F38-4DD3-9201-CB2FE6B5FF23}_is1) (Version: 1.9.2r2 - YGOPro DevPro Online) YoutubeAdblocker (HKLM\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: 4.1.0.1990 - YoutubeAdblocker) <==== ATTENTION ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-663376851-2353010799-268835600-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Marcel\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS) CustomCLSID: HKU\S-1-5-21-663376851-2353010799-268835600-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Marcel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-663376851-2353010799-268835600-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Marcel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-663376851-2353010799-268835600-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Marcel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-663376851-2353010799-268835600-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Marcel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-663376851-2353010799-268835600-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb.dll () CustomCLSID: HKU\S-1-5-21-663376851-2353010799-268835600-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Marcel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-663376851-2353010799-268835600-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Marcel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\FileSyncApi.dll (Microsoft Corporation) ==================== Restore Points ========================= 31-07-2014 23:34:49 avast! antivirus system restore point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {056D1786-186D-420B-9890-EAF59BF60B4E} - System32\Tasks\{B675329D-8D9A-41D3-B239-4AC079685013} => C:\Program Files\SRWare Iron\iron.exe [2012-11-18] (SRWare) Task: {0A07C2C7-EDF9-41FB-8499-944561666BD8} - System32\Tasks\DealPlyLiveUpdateTaskMachineCore => C:\Program Files\DealPlyLive\Update\DealPlyLive.exe [2013-06-19] (DealPly Technologies Ltd) <==== ATTENTION Task: {0AFE40C3-D56A-470B-839A-CD8A69DCBA55} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-14] (Adobe Systems Incorporated) Task: {0F3D1BF7-A30C-436F-80AD-71C427FE227C} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe [2012-06-25] (Beepa P/L) Task: {252EDA62-1480-456B-BB08-655F4969F3AC} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03] (Sun Microsystems, Inc.) Task: {44858388-ED54-471E-BFA2-43C0873A68AB} - System32\Tasks\{C02F8615-A1FE-4A8C-B719-B3449ED06CD0} => C:\Program Files\SRWare Iron\iron.exe [2012-11-18] (SRWare) Task: {52D970B6-312F-4701-B2F4-7AF2ADC846F0} - System32\Tasks\Plus-HD-2.3-codedownloader => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe [2013-06-19] (Plus HD) Task: {6084DA3C-B873-4275-9AA7-9532A912E926} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-01] (Google Inc.) Task: {73520C78-2DD7-417A-BC54-D4894686D252} - System32\Tasks\{D5C14623-F380-49DC-B56B-43482B787FAF} => C:\Program Files\SRWare Iron\iron.exe [2012-11-18] (SRWare) Task: {7ADAAA8D-AA2E-4738-BA50-6D52CD29F196} - System32\Tasks\Plus-HD-2.3-updater => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-updater.exe [2013-06-19] (Plus HD) Task: {861A9FDE-E409-455A-951C-A2EDEB731CA7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-01] (AVAST Software) Task: {903E01DA-4F63-47A9-A1B4-C0FC24609125} - System32\Tasks\Plus-HD-2.3-enabler => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-enabler.exe [2013-12-24] (Plus HD) Task: {9235C04C-E5E4-4CF9-B5F3-D87179CF4CFF} - System32\Tasks\{FE14FEF8-A5B7-4ADF-9E9D-3B9EDB25E93B} => C:\Riot Games\League of Legends\lol.launcher.exe [2013-11-21] () Task: {96488C81-D655-4504-930A-D6112660CA11} - System32\Tasks\{30DC6AF2-C1C4-4C45-BE5D-12F260DD670C} => C:\Riot Games\League of Legends\lol.launcher.exe [2013-11-21] () Task: {E8E72527-7AE4-406D-A643-016B0D252CFD} - System32\Tasks\GoforFilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe [2013-05-04] (hxxp://www.goforfiles.com/) <==== ATTENTION Task: {EFFE18E2-2D61-4ADF-B988-E9D9B874C32E} - System32\Tasks\DealPlyLiveUpdateTaskMachineUA => C:\Program Files\DealPlyLive\Update\DealPlyLive.exe [2013-06-19] (DealPly Technologies Ltd) <==== ATTENTION Task: {F271DEEB-CCBD-418E-B604-5355F7570192} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-01] (Google Inc.) Task: {FC19C2BF-5B08-4EEF-B56B-ADD8D18E2D89} - System32\Tasks\RunOW => C:\Program Files\Overwolf\OverwolfLauncher.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job => C:\Program Files\DealPlyLive\Update\DealPlyLive.exe <==== ATTENTION Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job => C:\Program Files\DealPlyLive\Update\DealPlyLive.exe <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe <==== ATTENTION Task: C:\Windows\Tasks\Plus-HD-2.3-enabler.job => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-enabler.exe <==== ATTENTION Task: C:\Windows\Tasks\Plus-HD-2.3-updater.job => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-updater.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2014-08-01 01:36 - 2014-08-01 01:36 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-08-01 02:36 - 2014-08-01 02:36 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14073101\algo.dll 2014-03-09 19:43 - 2014-03-09 19:43 - 00035096 _____ () C:\Program Files\LPT\srpts.exe 2014-03-09 19:43 - 2014-03-09 19:43 - 00071448 _____ () C:\Program Files\LPT\srpt.dll 2014-03-09 19:43 - 2014-03-09 19:43 - 00022296 _____ () C:\Program Files\LPT\srptc.dll 2014-03-09 19:42 - 2014-03-09 19:42 - 00018200 _____ () C:\Program Files\LPT\Smartbar.Common.dll 2013-08-31 20:55 - 2013-08-31 22:37 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe 2014-03-09 19:43 - 2014-03-09 19:43 - 00022296 _____ () C:\Users\Marcel\AppData\Local\LPT\srptm.exe 2014-03-09 19:43 - 2014-03-09 19:43 - 00071448 _____ () C:\Users\Marcel\AppData\Local\LPT\srpt.dll 2014-03-09 19:43 - 2014-03-09 19:43 - 00022296 _____ () C:\Users\Marcel\AppData\Local\LPT\srptc.dll 2014-03-09 19:42 - 2014-03-09 19:42 - 00018200 _____ () C:\Users\Marcel\AppData\Local\LPT\Smartbar.Common.dll 2014-03-09 19:43 - 2014-03-09 19:43 - 00055576 _____ () C:\Users\Marcel\AppData\Local\LPT\srut.dll 2014-03-09 19:43 - 2014-03-09 19:43 - 00060184 _____ () C:\Users\Marcel\AppData\Local\LPT\sppsm.dll 2014-03-09 19:43 - 2014-03-09 19:43 - 00153880 _____ () C:\Users\Marcel\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll 2014-03-09 19:43 - 2014-03-09 19:43 - 00026392 _____ () C:\Users\Marcel\AppData\Local\LPT\Smartbar.Personalization.Common.dll 2014-03-09 19:42 - 2014-03-09 19:42 - 00164632 _____ () C:\Users\Marcel\AppData\Local\LPT\Smartbar.Infrastructure.Utilities.dll 2014-03-09 19:43 - 2014-03-09 19:43 - 00042776 _____ () C:\Users\Marcel\AppData\Local\LPT\srbu.dll 2014-03-09 19:43 - 2014-03-09 19:43 - 00023832 _____ () C:\Users\Marcel\AppData\Local\LPT\srpdm.dll 2014-03-09 19:43 - 2014-03-09 19:43 - 00036120 _____ () C:\Users\Marcel\AppData\Local\LPT\Smartbar.Monetization.Proxy.ProxyService.dll 2013-11-08 02:25 - 2013-11-08 02:25 - 00911128 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll 2013-11-07 22:44 - 2014-08-01 02:41 - 00323360 _____ () C:\Program Files\glindorus\updateglindorus.exe 2014-02-14 21:22 - 2014-08-01 02:36 - 00323360 _____ () C:\Program Files\glindorus\bin\utilglindorus.exe 2014-08-01 01:36 - 2014-08-01 01:36 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-04-25 00:52 - 2014-07-03 16:11 - 00239392 _____ () C:\Program Files\glindorus\bin\glindorus.PurBrowse.exe 2014-04-09 23:11 - 2014-08-01 01:22 - 00096544 _____ () C:\Program Files\glindorus\bin\glindorus.BrowserAdapter.exe 2014-02-15 04:24 - 2014-02-15 04:24 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\29335dc88d799664dcd97362bcb687e9\IsdiInterop.ni.dll 2012-12-26 01:59 - 2010-04-13 10:52 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2014-02-06 00:08 - 2013-11-21 21:21 - 01294336 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe 2014-02-06 00:08 - 2014-07-17 17:35 - 05430776 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.213\deploy\LoLLauncher.exe 2014-02-06 00:08 - 2014-07-17 17:35 - 01640440 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.213\deploy\RiotLauncher.dll 2014-02-06 02:01 - 2014-02-06 02:01 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.101\deploy\LolClient.exe 2012-12-26 21:41 - 2012-09-26 16:46 - 00735744 _____ () C:\Program Files\SRWare Iron\libglesv2.dll 2012-12-26 21:41 - 2012-09-26 16:47 - 00144384 _____ () C:\Program Files\SRWare Iron\libegl.dll 2014-06-14 05:02 - 2014-06-14 05:02 - 17024688 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll 2012-12-26 21:41 - 2012-11-08 18:46 - 01400846 _____ () C:\Program Files\SRWare Iron\avcodec-54.dll 2012-12-26 21:41 - 2012-11-08 18:46 - 00151054 _____ () C:\Program Files\SRWare Iron\avutil-51.dll 2012-12-26 21:41 - 2012-11-08 18:46 - 00222734 _____ () C:\Program Files\SRWare Iron\avformat-54.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^Marcel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk => C:\Windows\pss\hamachi.lnk.Startup MSCONFIG\startupreg: 4StoryPrePatch => C:\Program Files\Gameforge4D\4Story_DE\PrePatch.exe MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe" MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\Marcel\AppData\Local\Smartbar\Application\QuickShare.exe startup MSCONFIG\startupreg: BrowserSafeguard => "C:\Program Files\Browsersafeguard\BrowserSafeguard.exe" MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: Desura => C:\Program Files\Desura\desura.exe -autostart MSCONFIG\startupreg: EADM => "C:\Program Files\Origin\Origin.exe" -AutoStart MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe MSCONFIG\startupreg: KPeerNexonEU => C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe" MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\steam.exe" -silent ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (08/01/2014 05:52:53 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.24.15\DealPlyLiveHelper.msi Error: (08/01/2014 03:53:16 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.24.15\DealPlyLiveHelper.msi Error: (08/01/2014 02:52:51 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.24.15\DealPlyLiveHelper.msi Error: (08/01/2014 01:52:03 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.24.15\DealPlyLiveHelper.msi Error: (08/01/2014 01:45:58 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm avastUi.exe, Version 9.0.2021.515 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 268c Startzeit: 01cfad190184d7db Endzeit: 60000 Anwendungspfad: C:\Program Files\AVAST Software\Avast\avastUi.exe Berichts-ID: a54fb06d-190c-11e4-9d45-88ae1d992da5 Error: (08/01/2014 01:43:19 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.169\DealPlyLiveHelper.msi Error: (08/01/2014 01:35:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary kegjekcy. System Error: Das System kann die angegebene Datei nicht finden. . Error: (08/01/2014 01:34:48 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {bc37ae1a-b920-46a5-8c90-43335b2113a9} Error: (07/31/2014 07:30:53 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Das Stammelement der Manifestdatei muss assembliert sein. Error: (07/30/2014 04:47:49 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". System errors: ============= Error: (08/01/2014 02:31:32 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 01.08.2014 um 02:29:35 unerwartet heruntergefahren. Error: (08/01/2014 02:30:56 AM) (Source: Ntfs) (EventID: 55) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "C:" den Befehl "chkdsk" aus. Error: (07/30/2014 05:28:20 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (07/30/2014 06:36:16 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht. Error: (07/25/2014 02:42:24 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "WajamUpdater" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (07/23/2014 04:28:16 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 23.07.2014 um 04:26:38 unerwartet heruntergefahren. Error: (07/23/2014 02:26:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "TeamViewer 9" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (07/23/2014 02:26:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst TeamViewer 9 erreicht. Error: (07/23/2014 02:25:37 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 23.07.2014 um 01:45:27 unerwartet heruntergefahren. Error: (07/22/2014 03:27:24 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 22.07.2014 um 05:21:43 unerwartet heruntergefahren. Microsoft Office Sessions: ========================= Error: (08/01/2014 05:52:53 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.24.15\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL) Error: (08/01/2014 03:53:16 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.24.15\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL) Error: (08/01/2014 02:52:51 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.24.15\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL) Error: (08/01/2014 01:52:03 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.24.15\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL) Error: (08/01/2014 01:45:58 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: avastUi.exe9.0.2021.515268c01cfad190184d7db60000C:\Program Files\AVAST Software\Avast\avastUi.exea54fb06d-190c-11e4-9d45-88ae1d992da5 Error: (08/01/2014 01:43:19 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.169\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL) Error: (08/01/2014 01:35:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary kegjekcy. System Error: Das System kann die angegebene Datei nicht finden. Error: (08/01/2014 01:34:48 AM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005, Zugriff verweigert Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {bc37ae1a-b920-46a5-8c90-43335b2113a9} Error: (07/31/2014 07:30:53 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2 Error: (07/30/2014 04:47:49 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\S4League\Aegis64.exe ==================== Memory info =========================== Percentage of memory in use: 59% Total physical RAM: 2550.71 MB Available physical RAM: 1031 MB Total Pagefile: 5099.71 MB Available Pagefile: 2620.25 MB Total Virtual: 2047.88 MB Available Virtual: 1896.79 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:60.17 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 70C3F1DE) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ==================== End Of Log ============================ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-07-2014 02
Ran by Marcel (administrator) on MARCEL-PC on 01-08-2014 06:14:11
Running from C:\Users\Marcel\Downloads
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\LPT\srpts.exe
(Beepa P/L) C:\Fraps\fraps.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Users\Marcel\AppData\Local\LPT\srptm.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files\glindorus\updateglindorus.exe
() C:\Program Files\glindorus\bin\utilglindorus.exe
(Wajam) C:\Program Files\Wajam\Updater\WajamUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Akamai Technologies, Inc.) C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files\glindorus\bin\glindorus.PurBrowse.exe
() C:\Program Files\glindorus\bin\glindorus.BrowserAdapter.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.213\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.101\deploy\LolClient.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(Microsoft Corporation) C:\Windows\System32\slui.exe
(Farbar) C:\Users\Marcel\Downloads\FRST (1).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-663376851-2353010799-268835600-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-663376851-2353010799-268835600-1000\...\Run: [Desura] => C:\Program Files\Desura\desura.exe [2529096 2013-12-15] (Desura Pty Ltd)
HKU\S-1-5-21-663376851-2353010799-268835600-1000\...\MountPoints2: {16a0aa6f-b7e7-11e2-a70d-88ae1d992da5} - E:\setup.exe
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File Not Found
AppInit_DLLs: c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll => c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll File Not Found
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Marcel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Marcel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Marcel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * aswBoot.exe /M:14604dd08 /dir:"C:\Program Files\AVAST Software\Avast"
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTy4QzA5O1whTQJ3RGG2u7Rp8GwCMqLiySS9WbniHRLhoYIRLK15mZXh48V7Gyqow-6LL4HYdphlm0Y5S-kXGe0VETIV6vda80DPLGQG45CPuM7-Rqpr7ZtUxEd0j1I,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3323900&octid=EB_ORIGINAL_CTID&ISID=M1FF6239F-826C-40E9-9C11-C45A29F77F70&SearchSource=55&CUI=&UM=5&UP=SP63AABD1E-5FA9-40CC-8915-72C7D55CC63B&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x826D5BAAA0E3CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.golsearch.com/?affID=119995&tt=gc_&babsrc=HP_ss_Btisdt6&mntrId=622A18F46A0C7C1D
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTy4QzA5O1whTQJ3RGG2u7Rp8GwCMqLiySS9WbniHRLhoYIRLK15mZXh48V7Gyqow-6LL4HYdphlm0Y5S-kXGe0VETIV6vda80DPLGQG45CPuM7-Rqpr7ZtUxEd0j1I,&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.amaizingsearches.info/?pid=1273&r=2014/04/25&hid=14207138445606467983&lg=EN&cc=DE&unqvl=51
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTy4QzA5O1whTQJ3RGG2u7Rp8GwCMqLiySS9WbniHRLhoYIRLK15mZXh48V7Gyqow-6LL4HYdphlm0Y5S-kXGe0VETIV6vda80DPLGQG45CPuM7-Rqpr7ZtUxEd0j1I,&q={searchTerms}
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTy4QzA5O1whTQJ3RGG2u7Rp8GwCMqLiySS9WbniHRLhoYIRLK15mZXh48V7Gyqow-6LL4HYdphlm0Y5S-kXGe0VETIV6vda80DPLGQG45CPuM7-Rqpr7ZtUxEd0j1I,&q={searchTerms}
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.amaizingsearches.info/?l=1&q={searchTerms}&pid=1273&r=2014/04/25&hid=14207138445606467983&lg=EN&cc=DE&unqvl=51
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3323900&octid=EB_ORIGINAL_CTID&ISID=M1FF6239F-826C-40E9-9C11-C45A29F77F70&SearchSource=58&CUI=&UM=5&UP=SP63AABD1E-5FA9-40CC-8915-72C7D55CC63B&q={searchTerms}&SSPV=
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTy4QzA5O1whTQJ3RGG2u7Rp8GwCMqLiySS9WbniHRLhoYIRLK15mZXh48V7Gyqow-6LL4HYdphlm0Y5S-kXGe0VETIV6vda80DPLGQG45CPuM7-Rqpr7ZtUxEd0j1I,&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3323900&octid=EB_ORIGINAL_CTID&ISID=M1FF6239F-826C-40E9-9C11-C45A29F77F70&SearchSource=58&CUI=&UM=5&UP=SP63AABD1E-5FA9-40CC-8915-72C7D55CC63B&q={searchTerms}&SSPV=
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.amaizingsearches.info/?l=1&q={searchTerms}&pid=1273&r=2014/04/25&hid=14207138445606467983&lg=EN&cc=DE&unqvl=51
BHO: Plus-HD-2.3 -> {11111111-1111-1111-1111-110311341126} -> C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-bho.dll (Plus HD)
BHO: SmartbarInternetExplorerBHOEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Wajam -> {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} -> C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
BHO: DealPly Shopping -> {ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} -> C:\Program Files\DealPly\DealPlyIE.dll No File
BHO: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> C:\Program Files\Delta\delta\1.8.16.16\bh\delta.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name -> {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} -> No File
Toolbar: HKLM - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @esn.me/esnsonar,version=0.70.4 - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin: @esn/esnlaunch,version=2.1.7 - C:\Program Files\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.dpliveupdate.com/DealPlyLive Update;version=3 - C:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin: @tools.dpliveupdate.com/DealPlyLive Update;version=9 - C:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Marcel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-01]
Chrome:
=======
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-01]
CHR Extension: (Google Drive) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-01]
CHR Extension: (YouTube) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-01]
CHR Extension: (Google-Suche) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-01]
CHR Extension: (avast! Online Security) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-01]
CHR Extension: (Google Wallet) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-01]
CHR Extension: (Google Mail) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-01]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-01]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-01] (AVAST Software)
S2 dealplylive; C:\Program Files\DealPlyLive\Update\DealPlyLive.exe [148000 2013-06-19] (DealPly Technologies Ltd)
S3 dealplylivem; C:\Program Files\DealPlyLive\Update\DealPlyLive.exe [148000 2013-06-19] (DealPly Technologies Ltd)
S3 Desura Install Service; C:\Program Files\Common Files\Desura\desura_service.exe [131912 2013-12-15] (Desura Pty Ltd)
R2 LPTSystemUpdater; C:\Program Files\LPT\srpts.exe [35096 2014-03-09] ()
S3 npggsvc; C:\Windows\system32\GameMon.des [4868640 2013-08-25] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-08-31] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [85776 2012-12-16] (SANDBOXIE L.T.D)
R2 Update glindorus; C:\Program Files\glindorus\updateglindorus.exe [323360 2014-08-01] ()
R2 Util glindorus; C:\Program Files\glindorus\bin\utilglindorus.exe [323360 2014-08-01] ()
R2 WajamUpdater; C:\Program Files\Wajam\Updater\WajamUpdater.exe [109064 2013-05-02] (Wajam) [File not signed]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 apf003; C:\Windows\system32\apf003.sys [13232 2013-06-07] () [File not signed]
S3 apf005; C:\Windows\system32\apf005.sys [14160 2014-05-17] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-08-01] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-01] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-08-01] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-01] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-05-09] (DT Soft Ltd)
R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [84096 2014-01-01] (Eugene V. Muzychenko)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2014-02-23] (LogMeIn, Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [157776 2012-12-16] (SANDBOXIE L.T.D)
R1 {26d264d2-014c-4f07-bf2c-ebf9aed40cef}w; C:\Windows\System32\drivers\{26d264d2-014c-4f07-bf2c-ebf9aed40cef}w.sys [52920 2014-04-24] (StdLib)
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S1 unjbqhsi; \??\C:\Windows\system32\drivers\unjbqhsi.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-01 06:14 - 2014-08-01 06:15 - 00017681 _____ () C:\Users\Marcel\Downloads\FRST.txt
2014-08-01 06:14 - 2014-08-01 06:14 - 00000000 ____D () C:\FRST
2014-08-01 06:13 - 2014-08-01 06:13 - 01084928 _____ (Farbar) C:\Users\Marcel\Downloads\FRST (1).exe
2014-08-01 06:10 - 2014-08-01 06:11 - 01083476 _____ () C:\Users\Marcel\Downloads\FRST.exe
2014-08-01 05:57 - 2014-08-01 05:57 - 00000448 _____ () C:\Users\Marcel\Downloads\defogger_disable.log
2014-08-01 05:57 - 2014-08-01 05:57 - 00000000 _____ () C:\Users\Marcel\defogger_reenable
2014-08-01 05:55 - 2014-08-01 05:56 - 00050477 _____ () C:\Users\Marcel\Downloads\Defogger.exe
2014-08-01 04:58 - 2014-08-01 04:58 - 00003408 ____N () C:\bootsqm.dat
2014-08-01 01:42 - 2014-08-01 01:42 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\AVAST Software
2014-08-01 01:40 - 2014-08-01 01:40 - 00002119 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-01 01:40 - 2014-08-01 01:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-01 01:39 - 2014-08-01 01:39 - 00002193 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-01 01:39 - 2014-08-01 01:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-01 01:37 - 2014-08-01 05:53 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-01 01:37 - 2014-08-01 05:12 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-01 01:37 - 2014-08-01 01:39 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-01 01:37 - 2014-08-01 01:36 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-01 01:37 - 2014-08-01 01:36 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-01 01:37 - 2014-08-01 01:36 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-01 01:37 - 2014-08-01 01:36 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-01 01:37 - 2014-08-01 01:36 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-01 01:37 - 2014-08-01 01:36 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-01 01:37 - 2014-08-01 01:36 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-01 01:36 - 2014-08-01 01:36 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-01 01:30 - 2014-08-01 01:32 - 91906368 _____ (AVAST Software) C:\Users\Marcel\Downloads\avast_free_antivirus_setup_9_0_2021.exe
2014-07-30 19:49 - 2014-07-30 19:49 - 00159144 _____ (Microsoft Corporation) C:\Users\Marcel\Downloads\WindowsActivationUpdate.exe
2014-07-30 10:45 - 2014-07-30 10:45 - 00567048 _____ () C:\Users\Marcel\Downloads\combat-arms.exe
2014-07-26 21:00 - 2014-07-28 03:10 - 00000216 _____ () C:\Users\Marcel\Desktop\Unturned.url
2014-07-24 04:47 - 2014-07-24 04:47 - 00001652 _____ () C:\Users\Marcel\Desktop\Maestia.lnk
2014-07-23 13:15 - 2014-07-25 00:51 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\.crazycraft2
2014-07-23 13:13 - 2014-07-24 00:18 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\.jurassiccraft
2014-07-23 12:28 - 2014-07-23 12:29 - 02104188 _____ () C:\Users\Marcel\Downloads\SkyBlock2.1.zip
2014-07-23 04:31 - 2014-06-09 10:09 - 02697677 _____ (RichDigits Development) C:\Users\Marcel\Desktop\VoidLauncher.exe
2014-07-23 04:20 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\.crazycraft
2014-07-23 04:11 - 2014-07-25 00:22 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\.fellowship
2014-07-23 04:11 - 2014-07-25 00:22 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\.electriciansjourney
2014-07-23 04:11 - 2014-07-24 00:18 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\.pokepack
2014-07-23 04:11 - 2014-07-23 22:28 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\.vanilla1.5.2
2014-07-23 04:11 - 2014-07-23 13:18 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\.voidswrath
2014-07-23 04:11 - 2014-07-23 13:18 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\.vanilla1.7.2
2014-07-23 04:11 - 2014-07-23 13:14 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\.vanilla1.6.4
2014-07-23 04:11 - 2014-07-23 13:14 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\.vanilla1.6.2
2014-07-23 04:10 - 2014-07-25 00:52 - 00000000 ____D () C:\VoidLauncher
2014-07-23 04:10 - 2014-07-25 00:22 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\.dreamcraft
2014-07-23 04:09 - 2014-07-23 04:10 - 02459959 _____ () C:\Users\Marcel\Downloads\VoidLauncher.zip
2014-07-22 03:45 - 2014-07-30 05:07 - 00000775 _____ () C:\Users\Marcel\Desktop\Vorgangs beschreibung.txt
2014-07-19 21:55 - 2014-07-19 21:55 - 00002272 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-07-19 21:55 - 2014-07-19 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-19 21:55 - 2014-07-19 21:55 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-07-19 21:55 - 2014-07-19 21:55 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-07-19 21:52 - 2014-07-19 21:56 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\DVDVideoSoft
2014-07-19 21:49 - 2014-07-19 21:50 - 29527272 _____ (DVDVideoSoft Ltd. ) C:\Users\Marcel\Downloads\FreeYouTubeToMP3Converter-3.12.42.716.exe
2014-07-18 02:15 - 2014-07-18 02:21 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\RIFT
2014-07-18 02:15 - 2014-07-18 02:15 - 00000000 ____D () C:\Users\Marcel\Documents\RIFT
2014-07-18 02:13 - 2014-07-18 02:13 - 00001811 _____ () C:\Users\Marcel\Desktop\RIFT.lnk
2014-07-18 01:58 - 2014-07-18 02:13 - 00000000 ____D () C:\Program Files\Glyph
2014-07-18 01:58 - 2014-07-18 01:58 - 00000909 _____ () C:\Users\Marcel\Desktop\Glyph.lnk
2014-07-18 01:58 - 2014-07-18 01:58 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Glyph
2014-07-18 01:58 - 2014-07-18 01:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-07-18 01:58 - 2014-07-18 01:58 - 00000000 ____D () C:\ProgramData\Glyph
2014-07-18 01:53 - 2014-07-18 01:55 - 31195760 _____ (Trion Worlds Inc.) C:\Users\Marcel\Downloads\GlyphInstall-0-1.exe
2014-07-17 20:13 - 2014-07-17 20:14 - 05010319 _____ () C:\Users\Marcel\Downloads\Captive-Minecraft-II-Beta1_0.zip
2014-07-17 17:35 - 2014-07-17 17:35 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-10 22:34 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 22:34 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 22:34 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 22:34 - 2014-06-19 01:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 22:34 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 22:34 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 22:34 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 22:34 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 22:34 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 22:34 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 22:34 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 22:34 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 22:34 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 22:34 - 2014-06-19 01:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 22:34 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 22:34 - 2014-06-19 01:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 22:34 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 22:34 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 22:34 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 22:34 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 22:34 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 22:34 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 22:34 - 2014-06-19 00:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 22:34 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 22:34 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 22:34 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 22:34 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 22:34 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 22:34 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 22:34 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 19:51 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 19:48 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 19:48 - 2014-06-18 02:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 19:48 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 19:47 - 2014-06-05 16:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 20:30 - 2014-07-09 20:30 - 00000015 _____ () C:\Users\Marcel\Desktop\Neues Textdokument (4).txt
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-01 06:15 - 2014-08-01 06:14 - 00017681 _____ () C:\Users\Marcel\Downloads\FRST.txt
2014-08-01 06:14 - 2014-08-01 06:14 - 00000000 ____D () C:\FRST
2014-08-01 06:13 - 2014-08-01 06:13 - 01084928 _____ (Farbar) C:\Users\Marcel\Downloads\FRST (1).exe
2014-08-01 06:11 - 2014-08-01 06:10 - 01083476 _____ () C:\Users\Marcel\Downloads\FRST.exe
2014-08-01 06:08 - 2012-12-26 21:44 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Skype
2014-08-01 05:57 - 2014-08-01 05:57 - 00000448 _____ () C:\Users\Marcel\Downloads\defogger_disable.log
2014-08-01 05:57 - 2014-08-01 05:57 - 00000000 _____ () C:\Users\Marcel\defogger_reenable
2014-08-01 05:57 - 2012-12-24 22:21 - 00000000 ____D () C:\Users\Marcel
2014-08-01 05:56 - 2014-08-01 05:55 - 00050477 _____ () C:\Users\Marcel\Downloads\Defogger.exe
2014-08-01 05:53 - 2014-08-01 01:37 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-01 05:38 - 2012-12-27 19:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-01 05:21 - 2014-06-14 04:58 - 00000000 ____D () C:\Program Files\Browsersafeguard
2014-08-01 05:19 - 2013-06-19 21:14 - 00000894 _____ () C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2014-08-01 05:15 - 2012-12-24 22:14 - 01499262 _____ () C:\Windows\WindowsUpdate.log
2014-08-01 05:14 - 2013-02-22 17:20 - 00000000 ____D () C:\Fraps
2014-08-01 05:13 - 2009-07-14 04:04 - 00000603 _____ () C:\Windows\win.ini
2014-08-01 05:12 - 2014-08-01 01:37 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-01 05:11 - 2013-06-19 21:14 - 00000890 _____ () C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2014-08-01 05:11 - 2013-06-19 21:13 - 00001184 _____ () C:\Windows\Tasks\Plus-HD-2.3-updater.job
2014-08-01 05:11 - 2013-06-19 21:13 - 00001088 _____ () C:\Windows\Tasks\Plus-HD-2.3-enabler.job
2014-08-01 05:11 - 2013-06-19 21:11 - 00001188 _____ () C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job
2014-08-01 05:11 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-01 05:11 - 2009-07-14 06:39 - 00108578 _____ () C:\Windows\setupact.log
2014-08-01 04:58 - 2014-08-01 04:58 - 00003408 ____N () C:\bootsqm.dat
2014-08-01 04:45 - 2009-07-14 06:34 - 00013904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-01 04:45 - 2009-07-14 06:34 - 00013904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-01 04:43 - 2013-12-14 14:10 - 00000000 ____D () C:\ProgramData\YoutubeAdblocker
2014-08-01 04:43 - 2013-12-14 14:10 - 00000000 ____D () C:\ProgramData\Surf and keeep
2014-08-01 04:43 - 2013-12-14 14:10 - 00000000 ____D () C:\Program Files\YoutubeAdblocker
2014-08-01 04:43 - 2013-12-14 14:10 - 00000000 ____D () C:\Program Files\Surf and keeep
2014-08-01 04:08 - 2013-10-17 23:10 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\.minecraft
2014-08-01 02:35 - 2013-11-08 02:24 - 00000000 ____D () C:\Program Files\glindorus
2014-08-01 02:31 - 2012-12-30 22:09 - 00187566 _____ () C:\Windows\PFRO.log
2014-08-01 01:42 - 2014-08-01 01:42 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\AVAST Software
2014-08-01 01:40 - 2014-08-01 01:40 - 00002119 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-01 01:40 - 2014-08-01 01:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-01 01:39 - 2014-08-01 01:39 - 00002193 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-01 01:39 - 2014-08-01 01:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-01 01:39 - 2014-08-01 01:37 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-01 01:38 - 2013-01-05 00:18 - 00000000 ____D () C:\Program Files\Google
2014-08-01 01:36 - 2014-08-01 01:37 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-01 01:36 - 2014-08-01 01:37 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-01 01:36 - 2014-08-01 01:37 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-01 01:36 - 2014-08-01 01:37 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-01 01:36 - 2014-08-01 01:37 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-01 01:36 - 2014-08-01 01:37 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-01 01:36 - 2014-08-01 01:37 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-01 01:36 - 2014-08-01 01:36 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-01 01:36 - 2013-01-05 00:16 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-01 01:35 - 2013-01-05 00:16 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-01 01:32 - 2014-08-01 01:30 - 91906368 _____ (AVAST Software) C:\Users\Marcel\Downloads\avast_free_antivirus_setup_9_0_2021.exe
2014-07-31 21:46 - 2014-02-23 19:13 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Hamachi
2014-07-31 14:34 - 2013-01-12 22:14 - 00000000 ____D () C:\Program Files\Steam
2014-07-30 19:49 - 2014-07-30 19:49 - 00159144 _____ (Microsoft Corporation) C:\Users\Marcel\Downloads\WindowsActivationUpdate.exe
2014-07-30 10:45 - 2014-07-30 10:45 - 00567048 _____ () C:\Users\Marcel\Downloads\combat-arms.exe
2014-07-30 05:07 - 2014-07-22 03:45 - 00000775 _____ () C:\Users\Marcel\Desktop\Vorgangs beschreibung.txt
2014-07-28 03:10 - 2014-07-26 21:00 - 00000216 _____ () C:\Users\Marcel\Desktop\Unturned.url
2014-07-27 20:04 - 2012-12-27 21:39 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\TS3Client
2014-07-27 17:12 - 2013-11-08 02:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 03:01 - 2013-11-08 02:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-25 01:11 - 2014-03-11 15:58 - 00000000 ____D () C:\Users\Marcel\AppData\Local\File Viewer
2014-07-25 00:52 - 2014-07-23 04:10 - 00000000 ____D () C:\VoidLauncher
2014-07-25 00:51 - 2014-07-23 13:15 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\.crazycraft2
2014-07-25 00:22 - 2014-07-23 04:11 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\.fellowship
2014-07-25 00:22 - 2014-07-23 04:11 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\.electriciansjourney
2014-07-25 00:22 - 2014-07-23 04:10 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\.dreamcraft
2014-07-24 06:37 - 2014-01-22 08:20 - 00000000 ____D () C:\Users\Marcel\Desktop\Musi
2014-07-24 04:47 - 2014-07-24 04:47 - 00001652 _____ () C:\Users\Marcel\Desktop\Maestia.lnk
2014-07-24 04:47 - 2013-01-14 01:55 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2014-07-24 04:34 - 2013-01-14 01:37 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin
2014-07-24 04:34 - 2013-01-13 23:24 - 00000000 ____D () C:\AeriaGames
2014-07-24 00:18 - 2014-07-23 13:13 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\.jurassiccraft
2014-07-24 00:18 - 2014-07-23 04:11 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\.pokepack
2014-07-23 22:28 - 2014-07-23 04:11 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\.vanilla1.5.2
2014-07-23 13:18 - 2014-07-23 04:11 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\.voidswrath
2014-07-23 13:18 - 2014-07-23 04:11 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\.vanilla1.7.2
2014-07-23 13:14 - 2014-07-23 04:11 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\.vanilla1.6.4
2014-07-23 13:14 - 2014-07-23 04:11 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\.vanilla1.6.2
2014-07-23 13:10 - 2014-07-23 04:20 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\.crazycraft
2014-07-23 12:29 - 2014-07-23 12:28 - 02104188 _____ () C:\Users\Marcel\Downloads\SkyBlock2.1.zip
2014-07-23 04:10 - 2014-07-23 04:09 - 02459959 _____ () C:\Users\Marcel\Downloads\VoidLauncher.zip
2014-07-19 21:56 - 2014-07-19 21:52 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\DVDVideoSoft
2014-07-19 21:55 - 2014-07-19 21:55 - 00002272 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-07-19 21:55 - 2014-07-19 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-19 21:55 - 2014-07-19 21:55 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-07-19 21:55 - 2014-07-19 21:55 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-07-19 21:50 - 2014-07-19 21:49 - 29527272 _____ (DVDVideoSoft Ltd. ) C:\Users\Marcel\Downloads\FreeYouTubeToMP3Converter-3.12.42.716.exe
2014-07-18 13:42 - 2012-12-31 22:50 - 00000000 ____D () C:\Program Files\GameforgeLive
2014-07-18 11:11 - 2012-12-24 22:23 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-18 02:21 - 2014-07-18 02:15 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\RIFT
2014-07-18 02:15 - 2014-07-18 02:15 - 00000000 ____D () C:\Users\Marcel\Documents\RIFT
2014-07-18 02:13 - 2014-07-18 02:13 - 00001811 _____ () C:\Users\Marcel\Desktop\RIFT.lnk
2014-07-18 02:13 - 2014-07-18 01:58 - 00000000 ____D () C:\Program Files\Glyph
2014-07-18 01:58 - 2014-07-18 01:58 - 00000909 _____ () C:\Users\Marcel\Desktop\Glyph.lnk
2014-07-18 01:58 - 2014-07-18 01:58 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Glyph
2014-07-18 01:58 - 2014-07-18 01:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-07-18 01:58 - 2014-07-18 01:58 - 00000000 ____D () C:\ProgramData\Glyph
2014-07-18 01:55 - 2014-07-18 01:53 - 31195760 _____ (Trion Worlds Inc.) C:\Users\Marcel\Downloads\GlyphInstall-0-1.exe
2014-07-17 20:14 - 2014-07-17 20:13 - 05010319 _____ () C:\Users\Marcel\Downloads\Captive-Minecraft-II-Beta1_0.zip
2014-07-17 17:35 - 2014-07-17 17:35 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-14 14:05 - 2013-04-30 11:33 - 00002908 _____ () C:\Windows\Sandboxie.ini
2014-07-14 10:23 - 2013-04-30 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-07-13 02:23 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-11 16:48 - 2014-05-16 18:58 - 00000000 ____D () C:\Windows\rescache
2014-07-11 13:02 - 2009-07-14 06:33 - 00269680 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-11 13:00 - 2009-07-14 10:56 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 20:30 - 2014-07-09 20:30 - 00000015 _____ () C:\Users\Marcel\Desktop\Neues Textdokument (4).txt
2014-07-04 14:33 - 2014-01-10 15:42 - 00002280 _____ () C:\Users\Marcel\Desktop\starbound_opengl - Verknüpfung.lnk
Files to move or delete:
====================
C:\ProgramData\hash.dat
Some content of TEMP:
====================
C:\Users\Marcel\AppData\Local\Temp\0cdfb06df40322cf4ae116a6dad91257.dll
C:\Users\Marcel\AppData\Local\Temp\6_Offer_12.exe
C:\Users\Marcel\AppData\Local\Temp\down.4612.assistant_v3.exe
C:\Users\Marcel\AppData\Local\Temp\down.6080.newtab_setup.exe
C:\Users\Marcel\AppData\Local\Temp\f.exe
C:\Users\Marcel\AppData\Local\Temp\ff468bd0dc9eab59998f7dcfce2a6ad5.dll
C:\Users\Marcel\AppData\Local\Temp\jansi-32-git-Bukkit-jenkins-CraftBukkit-173.dll
C:\Users\Marcel\AppData\Local\Temp\jna3977080980415237007.dll
C:\Users\Marcel\AppData\Local\Temp\nsi1268.exe
C:\Users\Marcel\AppData\Local\Temp\nsjDC7F.exe
C:\Users\Marcel\AppData\Local\Temp\nsxEBC3.exe
C:\Users\Marcel\AppData\Local\Temp\nszC95B.exe
C:\Users\Marcel\AppData\Local\Temp\rd.exe
C:\Users\Marcel\AppData\Local\Temp\rtinstaller.exe
C:\Users\Marcel\AppData\Local\Temp\SCC.dll
C:\Users\Marcel\AppData\Local\Temp\SearchProtectINT.exe
C:\Users\Marcel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Marcel\AppData\Local\Temp\SPSetup.exe
C:\Users\Marcel\AppData\Local\Temp\SymCCIS.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite10993.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite12120.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite12127.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite12900.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite12940.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite13183.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite13418.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite13672.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite13803.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite13813.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite14011.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite14903.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite15866.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite15871.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite16108.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite16779.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite17953.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite18344.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite19616.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite19735.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite19847.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite20648.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite21489.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite21495.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite23720.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite23847.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite24963.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite27016.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite29245.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite31879.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite31913.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite32116.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite32821.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite33214.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite34861.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite35018.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite35668.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite36017.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite36589.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite36947.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite37354.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite37831.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite39385.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite40322.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite40449.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite40779.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite41495.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite42898.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite45754.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite47335.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite47592.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite49486.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite50623.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite52703.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite53005.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite53025.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite54048.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite54270.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite54495.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite54619.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite54747.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite56004.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite57128.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite58040.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite58508.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite58769.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite59204.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite59369.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite59407.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite60671.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite61524.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite63078.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite63573.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite65033.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite65442.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite65461.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite65698.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite65995.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite66021.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite66549.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite66794.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite67788.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite69269.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite69367.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite70201.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite71003.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite71735.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite71743.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite71855.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite71995.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite74124.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite74397.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite75803.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite76407.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite76474.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite78421.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite78916.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite79687.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite79907.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite79923.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite79951.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite80823.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite81233.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite82284.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite82296.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite83893.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite84017.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite84242.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite84405.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite84697.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite84706.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite84983.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite85895.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite86457.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite86489.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite87267.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite88105.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite88424.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite88613.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite89149.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite89346.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite90456.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite90511.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite91114.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite91469.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite91794.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite92568.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite94345.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite95779.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite96817.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite97230.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite97859.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite98093.dll
C:\Users\Marcel\AppData\Local\Temp\System.Data.SQLite99759.dll
C:\Users\Marcel\AppData\Local\Temp\Tsu65030398.dll
C:\Users\Marcel\AppData\Local\Temp\TsuB4E5A0DF.dll
C:\Users\Marcel\AppData\Local\Temp\TsuB75970D1.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-19 03:59
==================== End Of Log ============================
defogger_disable by jpshortstuff (23.02.10.1) Log created at 05:57 on 01/08/2014 (Marcel) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-01 06:33:49
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Marcel\AppData\Local\Temp\uwdiypog.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8F481BA6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8F482684]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x8F48E6F8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8F48E744]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8F48E8DE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x8F48E666]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x8F538DF0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8F48E6AE]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x8F539080]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x8F53916A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x8F48E898]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8F483472]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8F481C0C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x8F486C68]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x8F4817F8]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x8F538ED0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8F481C72]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8F48705E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8F483F5A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x8F48E722]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8F48E766]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8F48E902]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x8F48E68C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x8F486560]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x8F48E816]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8F48E6D6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x8F48694C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x8F48E8BC]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x8F538C6E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x8F483DCE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x8F483ADC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8F481CD8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8F481D3E]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x8F538FCC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8F481892]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8F481A64]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8F4819F2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8F48363C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x8F48379E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8F481AEC]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x8F538D3C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x8F4832CC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x8F481DA4]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x8F538BA0]
Code 8ED78BFC ZwTraceEvent
Code 8ED78BFB NtTraceEvent
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 83042A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8307C212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 83083460 4 Bytes [A6, 1B, 48, 8F] {CMPSB ; SBB ECX, [EAX-0x71]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 830834E8 4 Bytes [84, 26, 48, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 8308353C 8 Bytes [F8, E6, 48, 8F, 44, E7, 48, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 83083548 4 Bytes CALL FDCBC495
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 83083564 4 Bytes [66, E6, 48, 8F]
.text ...
.text ntkrnlpa.exe!NtTraceEvent 830CCAE2 5 Bytes JMP 8ED78C00
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 8323E4EF 4 Bytes CALL 8F484641 \SystemRoot\system32\drivers\aswSnx.sys
PAGE ntkrnlpa.exe!NtRequestWaitReplyPort + 2 83243B34 5 Bytes JMP 8ED78D40
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 2 83258237 5 Bytes JMP 8ED78DE0
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 83258357 4 Bytes CALL 8F484657 \SystemRoot\system32\drivers\aswSnx.sys
PAGE ntkrnlpa.exe!NtRequestPort + 2 832867DD 5 Bytes JMP 8ED78CA0
---- User code sections - GMER 2.1 ----
.text C:\Windows\System32\spoolsv.exe[464] kernel32.dll!GetBinaryTypeW + 70 77426AAC 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[472] kernel32.dll!GetBinaryTypeW + 70 77426AAC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[492] kernel32.dll!GetBinaryTypeW + 70 77426AAC 1 Byte [62]
.text C:\Windows\system32\csrss.exe[536] kernel32.dll!GetBinaryTypeW + 70 77426AAC 1 Byte [62]
.text C:\Windows\system32\csrss.exe[600] kernel32.dll!GetBinaryTypeW + 70 77426AAC 1 Byte [62]
.text ...
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1692] kernel32.dll!SetUnhandledExceptionFilter 7740F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1692] kernel32.dll!GetBinaryTypeW + 70 77426AAC 1 Byte [62]
.text C:\Windows\system32\WLANExt.exe[1700] kernel32.dll!GetBinaryTypeW + 70 77426AAC 1 Byte [62]
.text C:\Windows\system32\conhost.exe[1708] kernel32.dll!GetBinaryTypeW + 70 77426AAC 1 Byte [62]
.text C:\Fraps\fraps.exe[1848] kernel32.dll!GetBinaryTypeW + 70 77426AAC 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[1916] kernel32.dll!GetBinaryTypeW + 70 77426AAC 1 Byte [62]
.text ...
.text C:\Program Files\AVAST Software\Avast\avastui.exe[2832] kernel32.dll!SetUnhandledExceptionFilter 7740F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Program Files\AVAST Software\Avast\avastui.exe[2832] kernel32.dll!GetBinaryTypeW + 70 77426AAC 1 Byte [62]
.text C:\Program Files\glindorus\updateglindorus.exe[2908] KERNEL32.dll!GetBinaryTypeW + 70 77426AAC 1 Byte [62]
.text C:\Users\Marcel\Downloads\Gmer-19357.exe[3004] kernel32.dll!GetBinaryTypeW + 70 77426AAC 1 Byte [62]
.text C:\Program Files\glindorus\bin\utilglindorus.exe[3016] KERNEL32.dll!GetBinaryTypeW + 70 77426AAC 1 Byte [62]
.text C:\Program Files\Wajam\Updater\WajamUpdater.exe[3092] kernel32.dll!GetBinaryTypeW + 70 77426AAC 1 Byte [62]
.text ...
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3E82C9E5-81D7-43F1-8CAD-BED58BD76F80}@LeaseObtainedTime 1406866885
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3E82C9E5-81D7-43F1-8CAD-BED58BD76F80}@T1 1406867012
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3E82C9E5-81D7-43F1-8CAD-BED58BD76F80}@T2 1406867108
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3E82C9E5-81D7-43F1-8CAD-BED58BD76F80}@LeaseTerminatesTime 1406867140
---- EOF - GMER 2.1 ----
|
|
01.08.2014, 19:56
| #4 |
| /// the machine /// TB-Ausbilder | Videos stoppen nach ein paar Sekunden und alles läuft langsam nach einem Virenscann von Avast. Adware & Co. deinstallieren
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.08.2014, 20:25
| #5 |
| | Videos stoppen nach ein paar Sekunden und alles läuft langsam nach einem Virenscann von Avast. Hallo, Erstmal danke für deine Bemühung, ich habe mir das Programm gedownloadet aber finde in der Uninstallbox nichts, dass den Namen trägt, mache ich etwas falsch? :s Oder muss ich auf irgendwas noch klicken? Tut mir leid für die Umstände ^^ |
|
02.08.2014, 20:22
| #6 |
| /// the machine /// TB-Ausbilder | Videos stoppen nach ein paar Sekunden und alles läuft langsam nach einem Virenscann von Avast. Den Zusatz ATTENTION findest Du im Addition Log von FRST, genau lesen 
__________________ --> Videos stoppen nach ein paar Sekunden und alles läuft langsam nach einem Virenscann von Avast. |
|
03.08.2014, 01:22
| #7 |
| | Videos stoppen nach ein paar Sekunden und alles läuft langsam nach einem Virenscann von Avast. Vielen Dank !  Es funktioniert wieder !! ))Ihr seid die besten, ich werde euch weiter empfehlen !!! =)    |
|
03.08.2014, 07:10
| #8 |
| /// the machine /// TB-Ausbilder | Videos stoppen nach ein paar Sekunden und alles läuft langsam nach einem Virenscann von Avast. Wir sind nicht fertig, jetzt bitte Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Videos stoppen nach ein paar Sekunden und alles läuft langsam nach einem Virenscann von Avast. |
| avast, bedrohungen, bereits, click, container, deaktiviert, frage, freund, gepackt, laggs, langsam, lädt, problem, programm, punkte, scan, schlecht, seite, sekunden, stoppen, stoppt, video, videos, videospinnt, virenscan, virenscann, virus, wenige |
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
Linear-Darstellung
