|
Plagegeister aller Art und deren Bekämpfung: Eventuell Virus durch einen Facebook-Link?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.10.2014, 16:01 | #1 |
| Eventuell Virus durch einen Facebook-Link? Hallo Zusammen, Klassischer Fall: Mir hat eine Person auf Facebook einen Link geschickt, den ich dann in einem Anfall geistiger Umnachtung angeklickt hab. Als ich den Link angeklickt hatte fiel mir ein, dass das keine so gute Idee gewesen sein wird und hab die Internetseite sofort wieder geschlossen. Jetzt wollte ich mal checken lassen, ob irgendetwas meinen Computer versucht hat. FRST.txt Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01 Ran by Darth Vader (administrator) on IMPERIUM on 07-10-2014 15:36:32 Running from C:\Users\Darth Vader\Downloads Loaded Profile: Darth Vader (Available profiles: Darth Vader) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe () C:\Windows\SysWOW64\ASGT.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Miranda Fusion Team) C:\Program Files (x86)\MirandaFusion\fusiontools\mfstart.exe (Spotify Ltd) C:\Users\Darth Vader\AppData\Roaming\Spotify\spotify.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Miranda IM) C:\Program Files (x86)\MirandaFusion\miranda32.exe (InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Users\Darth Vader\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Darth Vader\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Darth Vader\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Darth Vader\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Darth Vader\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-26] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-06] (Intel Corporation) HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3802448 2014-09-04] (LogMeIn Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1751566222-4030162687-618853015-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation) HKU\S-1-5-21-1751566222-4030162687-618853015-1000\...\Run: [Miranda Fusion] => C:\Program Files (x86)\MirandaFusion\fusiontools\mfstart.exe [1122241 2012-06-12] (Miranda Fusion Team) HKU\S-1-5-21-1751566222-4030162687-618853015-1000\...\Run: [Spotify] => C:\Users\Darth Vader\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-10-03] (Spotify Ltd) HKU\S-1-5-21-1751566222-4030162687-618853015-1000\...\MountPoints2: {a09c9291-e986-11e3-b2bd-806e6f6e6963} - D:\Run.exe AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-09-14] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-09-14] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\Darth Vader\AppData\Roaming\Mozilla\Firefox\Profiles\vu6rs260.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Adblock Plus - C:\Users\Darth Vader\AppData\Roaming\Mozilla\Firefox\Profiles\vu6rs260.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-01] Chrome: ======= CHR HomePage: Default -> 2307258D472E909ABFE01659825DEFB1058946A3EC71A0B559682260D24DCA94 CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR DefaultSearchKeyword: Default -> F822A93C4E37A245FA2913DFF5DB5D10D2B691163D0DC68D775B780E5DFF4D40 CHR DefaultSearchURL: Default -> 61ED78004750DE212C9868966B3E90EF96A8F6DA82A10BA8236D10E0AA61C392 CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Plugin: ( "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: ( "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Profile: C:\Users\Darth Vader\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Darth Vader\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-30] CHR Extension: (YouTube) - C:\Users\Darth Vader\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-01] CHR Extension: (Google-Suche) - C:\Users\Darth Vader\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-01] CHR Extension: (Google Wallet) - C:\Users\Darth Vader\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-06] CHR Extension: (Google Mail) - C:\Users\Darth Vader\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-01] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed] S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [93048 2014-06-01] (EasyAntiCheat Ltd) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-08-24] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] () R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [490256 2013-01-23] (Intel Corporation) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) R1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21072 2013-03-27] () S3 gdrv; \??\C:\Windows\gdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-07 15:36 - 2014-10-07 15:37 - 00015308 _____ () C:\Users\Darth Vader\Downloads\FRST.txt 2014-10-07 15:36 - 2014-10-07 15:36 - 02109952 _____ (Farbar) C:\Users\Darth Vader\Downloads\FRST64.exe 2014-10-07 15:36 - 2014-10-07 15:36 - 00000000 ____D () C:\FRST 2014-10-07 15:34 - 2014-10-07 15:34 - 00050477 _____ () C:\Users\Darth Vader\Desktop\Defogger.exe 2014-10-07 15:34 - 2014-10-07 15:34 - 00000484 _____ () C:\Users\Darth Vader\Desktop\defogger_disable.log 2014-10-07 15:34 - 2014-10-07 15:34 - 00000000 _____ () C:\Users\Darth Vader\defogger_reenable 2014-10-07 15:13 - 2014-10-07 15:13 - 00707664 _____ (iS3, Inc.) C:\Users\Darth Vader\Downloads\SZSetup_AID10121_AV.exe 2014-10-04 16:59 - 2014-10-04 16:59 - 00000000 ____D () C:\Users\Darth Vader\AppData\Roaming\Arrowhead 2014-10-04 16:59 - 2014-10-04 16:59 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2014-10-02 19:04 - 2014-10-02 19:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2014-10-02 19:04 - 2014-10-02 19:04 - 00000000 ____D () C:\Users\Darth Vader\Documents\Lamb of God - Resolution (mp3boo.com) 2014-10-01 21:38 - 2014-10-01 21:38 - 00000000 ____D () C:\Users\Darth Vader\AppData\Local\Zachtronics Industries 2014-10-01 14:33 - 2014-10-01 14:33 - 00000000 ____D () C:\Users\Darth Vader\Desktop\DontMove_v1-3_Windows 2014-10-01 14:33 - 2014-10-01 14:33 - 00000000 ____D () C:\Users\Darth Vader\AppData\Roaming\STVR 2014-10-01 14:27 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-10-01 14:27 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-09-27 15:18 - 2014-09-27 15:18 - 00000000 ____D () C:\Users\Darth Vader\AppData\Roaming\MMFApplications 2014-09-27 14:38 - 2014-09-27 14:38 - 00000000 ____D () C:\Users\Darth Vader\AppData\Roaming\RenPy 2014-09-27 13:40 - 2014-09-27 13:40 - 00000000 __SHD () C:\Users\Darth Vader\AppData\Local\EmieUserList 2014-09-27 13:40 - 2014-09-27 13:40 - 00000000 __SHD () C:\Users\Darth Vader\AppData\Local\EmieSiteList 2014-09-27 13:40 - 2014-09-27 13:40 - 00000000 ____D () C:\Users\Darth Vader\AppData\Local\Adobe 2014-09-27 13:39 - 2014-09-27 13:39 - 00000000 ____D () C:\Users\Darth Vader\AppData\Local\Days of Wonder 2014-09-25 22:01 - 2014-09-25 22:01 - 00009397 _____ () C:\Users\Darth Vader\Desktop\Das Bier.odt 2014-09-25 19:55 - 2014-09-25 19:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-24 14:34 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-24 14:34 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-09-23 21:59 - 2014-09-23 22:00 - 00000000 ____D () C:\Users\Darth Vader\Desktop\Star 0 2014-09-23 21:59 - 2014-09-23 21:59 - 00002195 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk 2014-09-23 21:59 - 2014-09-23 21:59 - 00002189 _____ () C:\Users\Public\Desktop\WinZip.lnk 2014-09-23 21:59 - 2014-09-23 21:59 - 00000000 ____D () C:\Users\Darth Vader\AppData\Local\WinZip 2014-09-23 21:59 - 2014-09-23 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 2014-09-23 21:58 - 2014-09-23 21:59 - 00000000 ____D () C:\ProgramData\WinZip 2014-09-23 21:58 - 2014-09-23 21:58 - 58807808 _____ () C:\Users\Darth Vader\Downloads\wz185gev-64.msi 2014-09-23 21:58 - 2014-09-23 21:58 - 00000000 ____D () C:\Program Files\WinZip 2014-09-23 21:56 - 2014-09-23 21:57 - 74296078 _____ () C:\Users\Darth Vader\Downloads\Sol 0_Windows64_0.44.rar 2014-09-20 01:05 - 2014-09-13 22:13 - 00613696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2014-09-20 01:02 - 2014-09-17 06:51 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2014-09-20 01:02 - 2014-09-17 06:51 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2014-09-20 01:02 - 2014-09-14 01:48 - 31887680 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2014-09-20 01:02 - 2014-09-14 01:48 - 24552592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-09-20 01:02 - 2014-09-14 01:48 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-09-20 01:02 - 2014-09-14 01:48 - 20589536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2014-09-20 01:02 - 2014-09-14 01:48 - 19954520 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2014-09-20 01:02 - 2014-09-14 01:48 - 18106152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-09-20 01:02 - 2014-09-14 01:48 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-09-20 01:02 - 2014-09-14 01:48 - 16875856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2014-09-20 01:02 - 2014-09-14 01:48 - 14026304 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-09-20 01:02 - 2014-09-14 01:48 - 13939272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-09-20 01:02 - 2014-09-14 01:48 - 13157696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-09-20 01:02 - 2014-09-14 01:48 - 11392576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-09-20 01:02 - 2014-09-14 01:48 - 11330776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-09-20 01:02 - 2014-09-14 01:48 - 04287296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-09-20 01:02 - 2014-09-14 01:48 - 04008592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-09-20 01:02 - 2014-09-14 01:48 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434411.dll 2014-09-20 01:02 - 2014-09-14 01:48 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434411.dll 2014-09-20 01:02 - 2014-09-14 01:48 - 00957584 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2014-09-20 01:02 - 2014-09-14 01:48 - 00925896 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2014-09-20 01:02 - 2014-09-14 01:48 - 00919240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-09-20 01:02 - 2014-09-14 01:48 - 00894096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-09-20 01:02 - 2014-09-14 01:48 - 00867528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2014-09-20 01:02 - 2014-09-14 01:48 - 00501064 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2014-09-20 01:02 - 2014-09-14 01:48 - 00417096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2014-09-20 01:02 - 2014-09-14 01:48 - 00393024 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2014-09-20 01:02 - 2014-09-14 01:48 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2014-09-20 01:02 - 2014-09-14 01:48 - 00348304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2014-09-20 01:02 - 2014-09-14 01:48 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2014-09-12 11:49 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-12 11:49 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-12 11:49 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-12 11:49 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-12 11:49 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-12 11:49 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-12 11:49 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-12 11:49 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-12 11:49 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-12 11:49 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-12 11:49 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-12 11:49 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-12 11:49 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-12 11:49 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-12 11:49 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-12 11:49 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-12 11:49 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-12 11:49 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-12 11:49 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-12 11:49 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-12 11:49 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-12 11:49 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-12 11:49 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-12 11:49 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-12 11:49 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-12 11:49 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-12 11:49 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-12 11:49 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-12 11:49 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-12 11:49 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-12 11:49 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-12 11:49 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-12 11:49 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-12 11:49 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-12 11:49 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-12 11:49 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-12 11:49 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-12 11:49 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-12 11:49 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-12 11:49 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-12 11:49 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-12 11:49 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-12 11:49 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-12 11:49 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-12 11:49 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-12 11:49 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-12 11:49 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-12 11:49 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-12 11:49 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-12 11:49 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-12 11:49 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-12 11:49 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-12 11:49 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-12 11:49 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-12 11:49 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-12 11:49 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-12 11:39 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-12 11:39 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-11 13:39 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-11 13:39 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-11 13:39 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-11 13:39 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-11 13:38 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-11 13:38 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-11 13:38 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-11 13:38 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-11 13:38 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-11 13:38 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-11 13:38 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-10 11:49 - 2014-09-10 11:55 - 03548672 _____ (Aurelain) C:\Users\Darth Vader\Desktop\Skillwheel.exe 2014-09-07 17:00 - 2014-09-07 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-09-07 17:00 - 2014-09-07 17:00 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-07 15:34 - 2014-06-01 14:28 - 00000000 ____D () C:\Users\Darth Vader 2014-10-07 15:25 - 2014-07-18 02:02 - 00000000 ____D () C:\Users\Darth Vader\AppData\Roaming\Spotify 2014-10-07 15:04 - 2014-06-01 15:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-07 14:55 - 2014-06-01 14:37 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-07 14:30 - 2014-06-01 17:36 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-10-07 14:27 - 2009-07-14 06:45 - 00035312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-07 14:27 - 2009-07-14 06:45 - 00035312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-07 14:23 - 2014-06-01 14:21 - 01666927 _____ () C:\Windows\WindowsUpdate.log 2014-10-07 14:20 - 2014-06-29 11:31 - 00000000 ____D () C:\Users\Darth Vader\AppData\Local\LogMeIn Hamachi 2014-10-07 14:20 - 2014-06-01 14:37 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-07 14:20 - 2014-06-01 14:32 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-10-07 14:20 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-07 14:20 - 2009-07-14 06:51 - 00045003 _____ () C:\Windows\setupact.log 2014-10-06 18:16 - 2014-07-18 02:02 - 00000000 ____D () C:\Users\Darth Vader\AppData\Local\Spotify 2014-10-04 16:23 - 2014-06-01 20:09 - 00000000 ____D () C:\Users\Darth Vader\Documents\My Games 2014-10-02 19:07 - 2014-06-02 00:14 - 00700454 _____ () C:\Windows\system32\perfh007.dat 2014-10-02 19:07 - 2014-06-02 00:14 - 00150092 _____ () C:\Windows\system32\perfc007.dat 2014-10-02 19:07 - 2009-07-14 07:13 - 01624034 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-02 19:04 - 2014-08-11 02:15 - 00000000 ____D () C:\Users\Darth Vader\Desktop\Lamb of God - Resolution 2014-09-27 13:40 - 2014-06-01 15:04 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-27 13:40 - 2014-06-01 15:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-27 13:40 - 2014-06-01 15:04 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-27 13:39 - 2014-06-09 13:09 - 00000000 ____D () C:\ProgramData\Package Cache 2014-09-27 11:44 - 2014-06-01 14:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-25 20:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-09-22 20:37 - 2014-06-03 19:26 - 00000000 ____D () C:\Users\Darth Vader\Desktop\Bewerbung 2014-09-20 01:05 - 2014-06-01 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-09-20 01:05 - 2014-06-01 14:31 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-09-17 06:51 - 2014-06-01 14:32 - 01538880 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll 2014-09-15 15:05 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-09-15 09:06 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-09-14 01:48 - 2014-06-01 14:31 - 00984424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2014-09-14 01:48 - 2014-06-01 14:31 - 00026956 _____ () C:\Windows\system32\nvinfo.pb 2014-09-14 01:48 - 2014-06-01 14:30 - 03223120 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2014-09-14 01:48 - 2014-06-01 14:30 - 02838424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2014-09-14 01:48 - 2014-06-01 14:30 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2014-09-14 01:48 - 2014-06-01 14:30 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2014-09-13 23:53 - 2014-06-01 14:31 - 06890696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2014-09-13 23:53 - 2014-06-01 14:31 - 03529872 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2014-09-13 23:53 - 2014-06-01 14:31 - 02557640 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2014-09-13 23:53 - 2014-06-01 14:31 - 00934216 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2014-09-13 23:53 - 2014-06-01 14:31 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2014-09-13 23:53 - 2014-06-01 14:31 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2014-09-12 11:47 - 2014-06-01 14:41 - 01597378 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-12 11:46 - 2014-06-01 15:55 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-12 11:42 - 2014-06-01 15:55 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-12 11:39 - 2014-06-01 17:21 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-11 17:37 - 2014-06-01 14:31 - 03961833 _____ () C:\Windows\system32\nvcoproc.bin 2014-09-10 11:58 - 2014-06-01 23:22 - 00420247 _____ () C:\Windows\DirectX.log 2014-09-10 11:39 - 2014-07-16 21:15 - 00000000 ____D () C:\Users\Darth Vader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-09-09 23:48 - 2014-06-23 20:17 - 00000000 ____D () C:\Users\Darth Vader\Documents\SavedGames 2014-09-09 01:27 - 2014-06-01 17:28 - 00000000 ____D () C:\Windows\Minidump 2014-09-09 01:26 - 2014-06-01 17:28 - 726937861 _____ () C:\Windows\MEMORY.DMP Some content of TEMP: ==================== C:\Users\Darth Vader\AppData\Local\Temp\nv3DVStreaming.dll C:\Users\Darth Vader\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Darth Vader\AppData\Local\Temp\nvStereoApiI.dll C:\Users\Darth Vader\AppData\Local\Temp\nvStInst.exe C:\Users\Darth Vader\AppData\Local\Temp\_isC4B5.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-06 18:02 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01 Ran by Darth Vader at 2014-10-07 15:37:33 Running from C:\Users\Darth Vader\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) Assassin's Creed Brotherhood (HKLM-x32\...\Steam App 48190) (Version: - Ubisoft Montreal) ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.3.9.2 - ASUSTek COMPUTER INC.) ASUS GPU Tweak (x32 Version: 2.3.9.2 - ASUSTek COMPUTER INC.) Hidden Banished (HKLM-x32\...\Steam App 242920) (Version: - Shining Rock Software LLC) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) BIT.TRIP RUNNER (HKLM-x32\...\Steam App 63710) (Version: - Gaijin Games) Blackguards (HKLM-x32\...\Blackguards_is1) (Version: 1.0 - Daedalic Entertainment GmbH) Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software) Cubemen (HKLM-x32\...\Steam App 207250) (Version: - 3 Sprockets) Darksiders (HKLM-x32\...\Steam App 50620) (Version: - Vigil Games) DarksidersInstaller (HKLM-x32\...\{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}) (Version: 1.00.1000 - Ihr Firmenname) Deadlight (HKLM-x32\...\Steam App 211400) (Version: - Tequila Works, S.L.) Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks) Endless Space (HKLM-x32\...\Steam App 208140) (Version: - AMPLITUDE Studios) Evoland (HKLM-x32\...\Steam App 233470) (Version: - Shiro Games) Factorio version 0.10.0 (HKLM\...\Factorio_is1) (Version: - ) Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment) FORCED (HKLM-x32\...\Steam App 249990) (Version: - BetaDwarf) Gauntlet™ (HKLM-x32\...\Steam App 258970) (Version: - Arrowhead Game Studios) Gone Home (HKLM-x32\...\Steam App 232430) (Version: - The Fullbright Company) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.) Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Gunpoint (HKLM-x32\...\Steam App 206190) (Version: - Suspicious Developments) Hand Of Fate (HKLM-x32\...\Steam App 266510) (Version: - Defiant Development) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Heroes of Might & Magic V (HKLM-x32\...\Steam App 15170) (Version: - Nival) Heroes of Might & Magic V: Tribes of the East (HKLM-x32\...\Steam App 15370) (Version: - Nival) Hitman 2: Silent Assassin (HKLM-x32\...\Steam App 6850) (Version: - IO Interactive) Hotline Miami (HKLM-x32\...\Steam App 219150) (Version: - Dennaton Games) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation) Intel(R) Network Connections 18.0.1.0 (HKLM\...\PROSetDX) (Version: 18.0.1.0 - Intel) Intel(R) Network Connections 18.0.1.0 (Version: 18.0.1.0 - Intel) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3071 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation) Intel(R) Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Hidden Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.100 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden Interplanetary (HKLM-x32\...\Steam App 278910) (Version: - Team Jolly Roger) Invisible, Inc. (HKLM-x32\...\Steam App 243970) (Version: - Klei Entertainment) Jamestown (HKLM-x32\...\Steam App 94200) (Version: - Final Form Games) Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle) Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle) Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden Kenshi (HKLM-x32\...\Steam App 233860) (Version: - Lo-Fi Games) King of Dragon Pass (HKLM-x32\...\GOGPACKKODP_is1) (Version: 2.0.0.12 - GOG.com) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.236 - LogMeIn, Inc.) Hidden Long Live The Queen (HKLM-x32\...\Steam App 251990) (Version: - Hanako Games) LUFTRAUSERS (HKLM-x32\...\Steam App 233150) (Version: - Vlambeer) Magicmaker (HKLM-x32\...\Steam App 319250) (Version: - Tasty Stewdios LLC) Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version: - Klei Entertainment) Mass Effect (HKLM-x32\...\Steam App 17460) (Version: - BioWare) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Miranda Fusion 3.2.9.0 (HKLM-x32\...\MirandaFusion) (Version: 3.2.9.0 - Miranda Fusion Team) Monaco (HKLM-x32\...\Steam App 113020) (Version: - Pocketwatch Games) Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) NVIDIA 3D Vision Controller-Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation) NVIDIA Grafiktreiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 344.11 (Version: 344.11 - NVIDIA Corporation) Hidden NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden ON_OFF Charge 2 B13.0403.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE) ON_OFF Charge 2 B13.0403.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden ON_OFF Charge B13.0403.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation) Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games) Planescape Torment (German) (HKLM-x32\...\GOGPACKPLANESCAPETORMENT_is1) (Version: 2.0.0.8 - GOG.com) PlanetSide 2 (HKCU\...\SOE-PlanetSide 2) (Version: - Sony Online Entertainment) PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment) Project Zomboid (HKLM-x32\...\Steam App 108600) (Version: - The Indie Stone) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.) Quest of Dungeons (HKLM-x32\...\Steam App 270050) (Version: - David Amador) Race The Sun (HKLM-x32\...\Steam App 253030) (Version: - Flippfly LLC) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6849 - Realtek Semiconductor Corp.) Reus (HKLM-x32\...\GOGPACKREUS_is1) (Version: 2.2.0.15 - GOG.com) Risen (HKLM-x32\...\Steam App 40300) (Version: - Piranha – Bytes) Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version: - Cellar Door Games) Scrolls (HKLM-x32\...\Scrolls 1.0.0) (Version: 1.0.0 - Mojang) Scrolls (x32 Version: 1.0.0 - Mojang) Hidden SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.) Skyward Collapse (HKLM-x32\...\Steam App 238890) (Version: - Arcen Games, LLC) Small World 2 (HKLM-x32\...\Steam App 235620) (Version: - Days of Wonder) SpaceChem (HKLM-x32\...\Steam App 92800) (Version: - Zachtronics) Spotify (HKCU\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB) Star Conflict (HKLM-x32\...\Steam App 212070) (Version: - Star Gem Inc.) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) SteamWorld Dig (HKLM-x32\...\Steam App 252410) (Version: - Image&Form) Super House of Dead Ninjas (HKLM-x32\...\Steam App 224820) (Version: - Megadev) Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH) The Bridge (HKLM-x32\...\Steam App 204240) (Version: - Ty Taylor and Mario Castañeda) The Cat Lady (HKLM-x32\...\Steam App 253110) (Version: - Harvester Games) The Escapists (HKLM-x32\...\Steam App 298630) (Version: - Mouldy Toof Studios) The Incredible Adventures of Van Helsing (HKLM-x32\...\Steam App 215530) (Version: - NeocoreGames) The Secret of Monkey Island: Special Edition (HKLM-x32\...\Steam App 32360) (Version: - LucasArts) The Yawhg (HKLM-x32\...\Steam App 269030) (Version: - Damian Sommer) Transistor (HKLM-x32\...\Steam App 237930) (Version: - Supergiant Games) Ultimate General: Gettysburg (HKLM-x32\...\Steam App 306660) (Version: - Game-Labs) Uplay (HKLM-x32\...\Uplay) (Version: 4.4 - Ubisoft) Uplink (HKLM-x32\...\Steam App 1510) (Version: - Introversion Software) Valiant Hearts: The Great War™ / Soldats Inconnus : Mémoires de la Grande Guerre™ (HKLM-x32\...\Steam App 260230) (Version: - Ubisoft Montpellier) VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden War of the Vikings (HKLM-x32\...\Steam App 234530) (Version: - Fatshark) WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. ) XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version: - Firaxis Games) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 27-09-2014 11:38:17 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 27-09-2014 11:38:58 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 30-09-2014 12:46:46 Windows Update 02-10-2014 14:39:32 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {6943D839-85A4-4FEA-BE78-BEFE9D236EC8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-01] (Google Inc.) Task: {8746F946-B803-40D9-AE4A-ABE46DF84E65} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-01] (Google Inc.) Task: {A50F7D3C-71AD-422F-9059-154F017AC6E9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-27] (Adobe Systems Incorporated) Task: {B322A909-EBB1-4C47-89AF-9C2A7EC7B79A} - System32\Tasks\Mülleimer raus! Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe 2014-06-01 14:31 - 2014-09-13 23:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-08-24 20:17 - 2014-08-24 20:17 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2014-07-18 02:02 - 2014-10-03 03:36 - 00613944 _____ () C:\Users\Darth Vader\AppData\Roaming\Spotify\Data\SpotifyHelper.exe 2014-10-07 14:20 - 2014-10-07 14:20 - 00011264 _____ () C:\Users\Darth Vader\AppData\Local\Temp\nspF160.tmp\System.dll 2014-07-18 02:02 - 2014-10-03 03:36 - 36966968 _____ () C:\Users\Darth Vader\AppData\Roaming\Spotify\Data\libcef.dll 2014-09-09 19:25 - 2014-09-09 19:25 - 00057432 _____ () C:\Program Files (x86)\MirandaFusion\zlib.dll 2008-05-03 09:59 - 2008-05-03 09:59 - 00094208 _____ () C:\Program Files (x86)\MirandaFusion\Plugins\svc_dbepp.dll 2009-08-04 09:46 - 2009-08-04 09:46 - 00162304 _____ () C:\Program Files (x86)\MirandaFusion\Plugins\actman.dll 2014-09-09 19:24 - 2014-09-09 19:24 - 00203357 _____ () C:\Program Files (x86)\MirandaFusion\Plugins\aim.dll 2009-05-08 23:42 - 2009-05-08 23:42 - 00067072 _____ () C:\Program Files (x86)\MirandaFusion\Plugins\authstate.dll 2010-02-10 20:42 - 2010-02-10 20:42 - 00117760 _____ () C:\Program Files (x86)\MirandaFusion\Plugins\extraicons.dll 2013-03-15 10:27 - 2013-03-15 10:27 - 00322048 _____ () C:\Program Files (x86)\MirandaFusion\Plugins\facebook.dll 2010-09-28 17:59 - 2010-09-28 17:59 - 00498688 _____ () C:\Program Files (x86)\MirandaFusion\Plugins\fingerprint.dll 2012-05-24 20:20 - 2012-05-24 20:20 - 00110592 _____ () C:\Program Files (x86)\MirandaFusion\Plugins\folders.dll 2014-09-09 19:25 - 2014-09-09 19:25 - 00339550 _____ () C:\Program Files (x86)\MirandaFusion\Plugins\icq.dll 2014-09-09 19:24 - 2014-09-09 19:24 - 00379993 _____ () C:\Program Files (x86)\MirandaFusion\Plugins\irc.dll 2011-02-09 23:56 - 2011-02-09 23:56 - 00082021 _____ () C:\Program Files (x86)\MirandaFusion\Plugins\keepstatus.dll 2010-08-26 18:27 - 2010-08-26 18:27 - 00062976 _____ () C:\Program Files (x86)\MirandaFusion\Plugins\menuex.dll 2012-07-18 20:39 - 2012-07-18 20:39 - 00106496 _____ () C:\Program Files (x86)\MirandaFusion\Plugins\metacontacts.dll 2011-07-17 19:07 - 2011-07-17 19:07 - 00671232 _____ () C:\Program Files (x86)\MirandaFusion\Plugins\mirotr.dll 2010-04-08 20:33 - 2010-04-08 20:33 - 00240128 _____ () C:\Program Files (x86)\MirandaFusion\Plugins\sendss.dll 2011-09-13 15:59 - 2011-09-13 15:59 - 00094315 _____ () C:\Program Files (x86)\MirandaFusion\Plugins\startupstatus.dll 2012-11-05 22:48 - 2012-11-05 22:48 - 00372736 _____ () C:\Program Files (x86)\MirandaFusion\Plugins\twitter.dll 2010-10-10 11:12 - 2010-10-10 11:12 - 00374272 _____ () C:\Program Files (x86)\MirandaFusion\Plugins\uinfoexw.dll 2009-10-09 09:04 - 2009-10-09 09:04 - 00036864 _____ () C:\Program Files (x86)\MirandaFusion\Plugins\useactions.dll 2011-09-13 15:59 - 2011-09-13 15:59 - 00114688 _____ () C:\Program Files (x86)\MirandaFusion\Plugins\variables.dll 2010-07-17 10:16 - 2010-07-17 10:16 - 00283136 _____ () C:\Program Files (x86)\MirandaFusion\Plugins\watrack.dll 2014-07-18 02:02 - 2014-10-03 03:36 - 00867896 _____ () C:\Users\Darth Vader\AppData\Roaming\Spotify\Data\ffmpegsumo.dll 2014-07-18 02:02 - 2014-10-03 03:36 - 00886840 _____ () C:\Users\Darth Vader\AppData\Roaming\Spotify\Data\libglesv2.dll 2014-07-18 02:02 - 2014-10-03 03:36 - 00108600 _____ () C:\Users\Darth Vader\AppData\Roaming\Spotify\Data\libegl.dll 2014-06-01 14:42 - 2013-03-12 13:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2014-09-25 19:55 - 2014-09-25 19:55 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-08-29 13:47 - 2014-08-21 20:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2014-08-29 13:47 - 2014-08-21 20:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2014-08-29 13:47 - 2014-08-21 20:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2014-06-01 17:37 - 2014-09-03 21:28 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2014-06-01 17:37 - 2014-09-23 06:32 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll 2014-08-29 13:47 - 2014-08-21 20:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2014-08-29 13:47 - 2014-08-21 20:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2014-06-01 17:37 - 2014-09-23 06:32 - 00679616 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2014-06-01 17:37 - 2014-09-05 01:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2014-08-22 13:16 - 2014-09-05 01:29 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll 2014-09-10 11:04 - 2014-09-10 11:04 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1751566222-4030162687-618853015-500 - Administrator - Disabled) Darth Vader (S-1-5-21-1751566222-4030162687-618853015-1000 - Administrator - Enabled) => C:\Users\Darth Vader Gast (S-1-5-21-1751566222-4030162687-618853015-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1751566222-4030162687-618853015-1003 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/07/2014 02:29:51 PM) (Source: MsiInstaller) (EventID: 1024) (User: Imperium) Description: Produkt: Adobe Reader XI (11.0.08) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (10/07/2014 02:21:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/06/2014 05:34:34 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/05/2014 10:39:08 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/05/2014 10:38:10 AM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcNvVAD initialization failed [6] Error: (10/05/2014 10:38:10 AM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0] Error: (10/05/2014 10:38:10 AM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcNvVAD endpoint registration failed [0] Error: (10/04/2014 11:57:08 AM) (Source: MsiInstaller) (EventID: 1024) (User: Imperium) Description: Produkt: Adobe Reader XI (11.0.08) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (10/04/2014 11:51:10 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/03/2014 11:41:34 AM) (Source: MsiInstaller) (EventID: 1024) (User: Imperium) Description: Produkt: Adobe Reader XI (11.0.08) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 System errors: ============= Error: (10/02/2014 04:35:38 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (10/01/2014 02:19:33 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (09/29/2014 08:01:20 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 29.09.2014 um 19:33:45 unerwartet heruntergefahren. Error: (09/23/2014 08:19:43 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "JARVIS", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{F96D1A7C-8A58-420F-B7C3-3AD4C83F63AC}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (09/18/2014 11:06:11 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (09/10/2014 00:23:26 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (09/09/2014 01:27:16 AM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x0000003b (0x00000000c0000005, 0xfffff800033e74e0, 0xfffff8800690df40, 0x0000000000000000)C:\Windows\MEMORY.DMP Error: (09/09/2014 01:27:16 AM) (Source: BugCheck) (EventID: 1005) (User: ) Description: Error: (09/09/2014 01:27:06 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 08.09.2014 um 17:35:16 unerwartet heruntergefahren. Error: (09/07/2014 05:01:10 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Microsoft Office Sessions: ========================= Error: (10/07/2014 02:29:51 PM) (Source: MsiInstaller) (EventID: 1024) (User: Imperium) Description: Adobe Reader XI (11.0.08) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL) Error: (10/07/2014 02:21:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/06/2014 05:34:34 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/05/2014 10:39:08 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/05/2014 10:38:10 AM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcNvVAD initialization failed [6] Error: (10/05/2014 10:38:10 AM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0] Error: (10/05/2014 10:38:10 AM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcNvVAD endpoint registration failed [0] Error: (10/04/2014 11:57:08 AM) (Source: MsiInstaller) (EventID: 1024) (User: Imperium) Description: Adobe Reader XI (11.0.08) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL) Error: (10/04/2014 11:51:10 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/03/2014 11:41:34 AM) (Source: MsiInstaller) (EventID: 1024) (User: Imperium) Description: Adobe Reader XI (11.0.08) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL) ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz Percentage of memory in use: 19% Total physical RAM: 16274 MB Available physical RAM: 13119.18 MB Total Pagefile: 32546.18 MB Available Pagefile: 29250.02 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:574.07 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 874F8EC8) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-10-07 16:56:24 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000069 Intel___ rev.1.0. 931,50GB Running: eoqs4ddy.exe; Driver: C:\Users\DARTHV~1\AppData\Local\Temp\kxlcrpow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[2132] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072bc1a22 2 bytes [BC, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2132] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072bc1ad0 2 bytes [BC, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2132] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072bc1b08 2 bytes [BC, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2132] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072bc1bba 2 bytes [BC, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2132] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072bc1bda 2 bytes [BC, 72] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2572] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69 0000000076661465 2 bytes [66, 76] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2572] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155 00000000766614bb 2 bytes [66, 76] .text ... * 2 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076661465 2 bytes [66, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766614bb 2 bytes [66, 76] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [4844:3228] 000007fef4b39688 ---- Processes - GMER 2.1 ---- Library C:\Users\DARTHV~1\AppData\Local\Temp\nspF160.tmp\System.dll (*** suspicious ***) @ C:\Program Files (x86)\MirandaFusion\fusiontools\mfstart.exe [3568](2014-10-07 12:20:44) 0000000010000000 ---- EOF - GMER 2.1 ---- Grüße, Piggeldi |
07.10.2014, 16:19 | #2 | |
/// the machine /// TB-Ausbilder | Eventuell Virus durch einen Facebook-Link?Zitat:
__________________ |
07.10.2014, 16:27 | #3 |
| Eventuell Virus durch einen Facebook-Link? Virustotal sagt, dass es harmlos ist. (Erkennungsrate 0/54)
__________________Soll ich dir einen Screenshot posten, oder sonst etwas? |
08.10.2014, 11:49 | #4 |
/// the machine /// TB-Ausbilder | Eventuell Virus durch einen Facebook-Link? Passt schon. Bemerkst du was am Rechner? Logs sehen gut aus.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
08.10.2014, 13:59 | #5 |
| Eventuell Virus durch einen Facebook-Link? Am Rechner merk ich nichts. Ich war eigentlich auch nur etwas panisch, nachdem ich den Link angeklickt habe, auf der Seite selber hab ich zum glück nichts angeklickt. Das heißt, dass alles in Ordnung ist, oder? |
09.10.2014, 10:46 | #6 |
/// the machine /// TB-Ausbilder | Eventuell Virus durch einen Facebook-Link? jo
__________________ --> Eventuell Virus durch einen Facebook-Link? |
Themen zu Eventuell Virus durch einen Facebook-Link? |
adware, amplitude, browser, computer, cpu, desktop, failed, fehlercode 1, firefox, flash player, homepage, installation, mozilla, realtek, refresh, registry, rundll, scan, secur, security, shark, software, svchost.exe, system, tcp, usb, vikings, virus, windows |