| |
| |||||||
Log-Analyse und Auswertung: WIN7:CI.A - sehr langsam/diverse abstürze von programmen/explorer.exe absturzWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.10.2014, 17:16
| #1 |
| |  WIN7:CI.A - sehr langsam/diverse abstürze von programmen/explorer.exe absturz Folgendes Problem habe ich seit gut 5 Tagen. Beim hochfahren vom PC startet mein Panda Endpoint Protection erst nach 5 min gleichzeitig stürzen diverse Programme vom Autostart ab. Der Desktop friert ab und zu mal ein, wenn ich versuche Firefox zu öffnen stürzt meist die Explorer.exe ab. Zwischendurch kommt unten rechts im Desktop eine meldung: Windows 7 7606 oder so Kopie von Windows ist nicht verifiziert und aktiviert Ich habe eine Orginal version und sie war auch verifiziert und aktiviert. Wenn ich dann im System nachsehe verschwindet diese meldung vom Desktop und plötzlich steht sie genau so im System nach 2 min kommt dann mein Key und die Meldung das Windows 7 aktiviert ist. Panda Endpoint Protection hat einen Trojaner erkannt es ist der CI.A. Leider kann ich die Logs nicht einsehen da diese Funktion bei dem Program nicht gegeben ist oder ich sie nicht finde. Panda kann den Trojaner zwar deaktivieren für die Sitzung aber sobald der PC Neustartet ist er wieder Aktiv. Ich danke euch jetzt schon mal für eure Hilfe. Mit freundlichen Grüßen Partyfroschen Defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:29 on 28/10/2014 (Martin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01
Ran by Martin (administrator) on MARTIN-PC on 28-10-2014 16:29:57
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin & (Available profiles: Martin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\WAC\PSANHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\WAC\PSUAService.exe
(Panda Security International) C:\Program Files (x86)\Panda Security\WaAgent\WAHost\WAHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
() C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\WAC\PSUAMain.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-09-29] (Razer Inc.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\WAC\PSUAMain.exe [32736 2013-10-17] (Panda Security, S.L.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-10-18] (LogMeIn Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
HKU\S-1-5-21-1109166967-4130222996-3088973447-1000\...\Run: [uTorrent] => C:\Users\Martin\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-08] (BitTorrent Inc.)
HKU\S-1-5-21-1109166967-4130222996-3088973447-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1938624 2014-10-21] (Valve Corporation)
HKU\S-1-5-21-1109166967-4130222996-3088973447-1000\...\Run: [BRS] => C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe [1043968 2014-10-27] ()
HKU\S-1-5-21-1109166967-4130222996-3088973447-1000\...\MountPoints2: {ef02c810-f9d2-11e3-a2ee-001d7d0300a6} - F:\setup\rsrc\Autorun.exe
HKU\S-1-5-21-1109166967-4130222996-3088973447-1001\...\Run: [BrowserChoice] => C:\Windows\System32\browserchoice.exe [294912 2010-02-23] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://astromenda.com/?f=1&a=ast_dnldstr_14_44_ff&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzyyBzz0Azy0FtBtC0AyBzytN0D0Tzu0StCtDtAtCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StCtBzzzytByCtD0BtGyEtCyE0FtGzytA0CyBtG0CyEyD0DtGtA0E0Bzz0EyCyCtCtD0FtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtBtB0BtAzytD0EtGyCyC0E0EtGyEtDyD0AtG0AzzyE0FtG0E0DtA0D0BtByDtBtD0FtCtB2Q&cr=1162162568&ir=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x620F02B56AADCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=WDCXWD10EARS-00MVWB0_WD-WCAZA848631286312&ts=1380305572
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=WDCXWD10EARS-00MVWB0_WD-WCAZA848631286312&ts=1380305572
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=WDCXWD10EARS-00MVWB0_WD-WCAZA848631286312&ts=1380305572
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=WDCXWD10EARS-00MVWB0_WD-WCAZA848631286312&ts=1380305572
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=WDCXWD10EARS-00MVWB0_WD-WCAZA848631286312&ts=1380305572
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=WDCXWD10EARS-00MVWB0_WD-WCAZA848631286312&ts=1380305572&type=default&q={searchTerms}
SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=WDCXWD10EARS-00MVWB0_WD-WCAZA848631286312&ts=1380305572&type=default&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=WDCXWD10EARS-00MVWB0_WD-WCAZA848631286312&ts=1380305572&type=default&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=WDCXWD10EARS-00MVWB0_WD-WCAZA848631286312&ts=1380305572&type=default&q={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_44_ff&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzyyBzz0Azy0FtBtC0AyBzytN0D0Tzu0StCtDtAtCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StCtBzzzytByCtD0BtGyEtCyE0FtGzytA0CyBtG0CyEyD0DtGtA0E0Bzz0EyCyCtCtD0FtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtBtB0BtAzytD0EtGyCyC0E0EtGyEtDyD0AtG0AzzyE0FtG0E0DtA0D0BtByDtBtD0FtCtB2Q&cr=1162162568&ir=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_44_ff&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzyyBzz0Azy0FtBtC0AyBzytN0D0Tzu0StCtDtAtCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StCtBzzzytByCtD0BtGyEtCyE0FtGzytA0CyBtG0CyEyD0DtGtA0E0Bzz0EyCyCtCtD0FtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtBtB0BtAzytD0EtGyCyC0E0EtGyEtDyD0AtG0AzzyE0FtG0E0DtA0D0BtByDtBtD0FtCtB2Q&cr=1162162568&ir=
SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPB303EE0B-8C8A-491D-BBA9-A0020FE0A6E3&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=WDCXWD10EARS-00MVWB0_WD-WCAZA848631286312&ts=1380305572&type=default&q={searchTerms}
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF user.js: detected! => C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default\user.js
FF SearchPlugin: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default\searchplugins\Astromenda.xml
FF SearchPlugin: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default\searchplugins\zonealarm.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Astrmenda Search - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default\Extensions\{8dc5c42e-9204-2a64-8b97-fa94ff8a241f} [2014-10-27]
FF Extension: Astro New Tab - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default\Extensions\{f2548724-373f-45fe-be6a-3a85e87b7711}.xpi [2014-10-27]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2013-10-31]
Chrome:
=======
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-10-09] (EasyAntiCheat Ltd)
R2 FoxitCloudUpdateService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
R2 GEST Service; C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [68136 2009-12-02] ()
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-10-18] (LogMeIn, Inc.)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\WAC\PSANHost.exe [140768 2013-12-20] (Panda Security, S.L.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3191392 2014-05-15] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-30] ()
R2 PSUAService; C:\Program Files (x86)\Panda Security\WAC\PSUAService.exe [37344 2013-10-17] (Panda Security, S.L.)
R2 WAHost; C:\Program Files (x86)\Panda Security\WaAgent\WAHost\WAHost.exe [558840 2014-06-25] (Panda Security International)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-22] (Disc Soft Ltd)
R2 dvctprov; C:\Windows\System32\DRIVERS\dvctprov.sys [105704 2013-08-30] (Panda Security, S.L.)
S3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech)
S3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93440 2014-01-22] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [124160 2014-01-16] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110624 2014-02-26] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116480 2014-01-16] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [43752 2013-12-22] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [97024 2014-01-16] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [71424 2014-01-16] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [127744 2014-01-22] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [307456 2014-02-24] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [123648 2014-01-16] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [116992 2014-01-16] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [259328 2014-02-24] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109824 2014-01-22] (Panda Security, S.L.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [170752 2014-01-17] (Panda Security, S.L.)
R0 PSINDvct; C:\Windows\System32\DRIVERS\PSINDvct.sys [53480 2013-08-30] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [124160 2014-01-17] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [207616 2014-01-26] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [126208 2014-01-17] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [139520 2014-01-17] (Panda Security, S.L.)
R3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [39080 2014-05-19] (Razer Inc)
R3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [31912 2014-09-05] (Razer Inc)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-28 16:29 - 2014-10-28 16:30 - 00018253 _____ () C:\Users\Martin\Desktop\FRST.txt
2014-10-28 16:29 - 2014-10-28 16:30 - 00000000 ____D () C:\FRST
2014-10-28 16:29 - 2014-10-28 16:29 - 00000544 _____ () C:\Users\Martin\Desktop\defogger_disable.log
2014-10-28 16:29 - 2014-10-28 16:29 - 00000168 _____ () C:\Users\Martin\defogger_reenable
2014-10-28 16:28 - 2014-10-28 16:28 - 00380416 _____ () C:\Users\Martin\Desktop\Gmer-19357.exe
2014-10-28 16:27 - 2014-10-28 16:27 - 02113024 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2014-10-28 16:26 - 2014-10-28 16:26 - 00050477 _____ () C:\Users\Martin\Desktop\Defogger.exe
2014-10-28 15:16 - 2014-10-28 15:18 - 00000000 ____D () C:\e2b808185c6d95e111d664
2014-10-27 23:24 - 2014-10-27 23:24 - 00001286 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-10-27 23:24 - 2014-10-27 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-10-27 23:23 - 2014-10-27 23:23 - 32515240 _____ (Panda Security ) C:\Users\Martin\Downloads\PandaCloudCleaner.exe
2014-10-27 21:48 - 2014-10-28 15:48 - 00000067 _____ () C:\Users\Martin\AppData\Roaming\WB.CFG
2014-10-27 20:49 - 2014-10-28 15:53 - 00000296 _____ () C:\Windows\Tasks\UpdaterEX.job
2014-10-27 20:49 - 2014-10-27 20:52 - 00003240 _____ () C:\Windows\System32\Tasks\UpdaterEX
2014-10-27 20:49 - 2014-10-27 20:49 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\UpdaterEX
2014-10-27 20:48 - 2014-10-28 15:48 - 00000296 _____ () C:\Windows\Tasks\WSE_Astromenda.job
2014-10-27 20:48 - 2014-10-27 20:48 - 24489269 _____ () C:\Users\Martin\Downloads\setup_free.exe
2014-10-27 20:48 - 2014-10-27 20:48 - 00003240 _____ () C:\Windows\System32\Tasks\WSE_Astromenda
2014-10-27 20:48 - 2014-10-27 20:48 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\WSE_Astromenda
2014-10-27 20:48 - 2014-10-27 20:48 - 00000000 ____D () C:\Program Files (x86)\WSE_Astromenda
2014-10-27 20:47 - 2014-10-27 20:47 - 00796616 _____ ( ) C:\Users\Martin\Downloads\Free_Download_Setup.exe
2014-10-27 20:46 - 2014-10-27 20:46 - 00508360 _____ () C:\Users\Martin\Downloads\ubcd528.exe
2014-10-27 20:46 - 2014-10-27 20:46 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\rmi
2014-10-27 20:42 - 2014-10-27 20:42 - 00610769 _____ () C:\Users\Martin\Downloads\depends22_x86.zip
2014-10-27 20:30 - 2014-10-27 20:30 - 01125200 _____ () C:\Users\Martin\Downloads\Process Viewer - CHIP-Installer.exe
2014-10-25 22:56 - 2014-10-25 22:56 - 00298576 _____ () C:\Windows\Minidump\102514-25209-01.dmp
2014-10-22 19:59 - 2014-10-22 20:00 - 00000000 ____D () C:\Users\Martin\AppData\Local\Adobe
2014-10-20 16:33 - 2014-10-20 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-10-20 16:33 - 2014-10-20 16:33 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-10-17 15:40 - 2014-10-17 15:40 - 00000000 ____D () C:\ProgramData\Codemasters
2014-10-16 21:03 - 2014-10-16 21:03 - 00000221 _____ () C:\Users\Martin\Desktop\GRID 2.url
2014-10-15 18:11 - 2014-10-15 18:11 - 01467128 _____ () C:\Users\Martin\Downloads\SystemCheck_deDE.exe
2014-10-15 04:42 - 2014-10-15 04:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-10-15 04:28 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 04:28 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 04:28 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 04:28 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 04:28 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 04:28 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 04:28 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 04:27 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 04:27 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 04:27 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 04:27 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 04:27 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 04:27 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 04:27 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 04:27 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 04:27 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 04:27 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 04:27 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 04:27 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 04:27 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 04:27 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 04:27 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 04:27 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 04:27 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 04:27 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 04:27 - 2014-08-19 04:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 04:27 - 2014-08-19 04:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 04:27 - 2014-08-19 04:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 04:27 - 2014-08-19 04:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 04:27 - 2014-08-19 04:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 04:27 - 2014-08-19 04:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 04:27 - 2014-08-19 04:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 04:27 - 2014-08-19 04:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 04:27 - 2014-08-19 04:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 04:27 - 2014-08-19 04:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 04:27 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 04:27 - 2014-08-19 03:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 04:27 - 2014-08-19 03:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 04:27 - 2014-07-07 03:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 04:27 - 2014-07-07 03:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 04:27 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 04:27 - 2014-07-07 03:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 04:27 - 2014-07-07 03:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 04:27 - 2014-07-07 03:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 04:27 - 2014-07-07 03:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 04:27 - 2014-07-07 03:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 04:27 - 2014-07-07 03:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 04:27 - 2014-07-07 03:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 04:27 - 2014-07-07 03:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 04:27 - 2014-07-07 03:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 04:27 - 2014-07-07 03:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 04:27 - 2014-07-07 03:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 04:27 - 2014-07-07 03:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 04:27 - 2014-07-07 03:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 04:27 - 2014-07-07 03:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 04:27 - 2014-07-07 03:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 04:27 - 2014-07-07 03:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 04:27 - 2014-07-07 03:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 04:27 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 04:27 - 2014-07-07 03:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 04:27 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 04:27 - 2014-07-07 03:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 04:27 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 04:27 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 04:27 - 2014-07-07 03:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 04:27 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 04:27 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 04:27 - 2014-07-07 03:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 04:27 - 2014-07-07 03:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 04:27 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 04:27 - 2014-07-07 02:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 04:27 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 04:27 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 04:27 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 04:27 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 04:27 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 04:27 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 04:27 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 04:27 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 04:27 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 04:27 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 04:27 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 04:27 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 04:27 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 04:27 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 04:27 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 04:27 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 04:27 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 04:27 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 04:27 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 04:27 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 04:27 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 04:27 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 04:27 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 04:27 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 04:27 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 04:27 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 04:27 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 04:27 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 04:27 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 04:27 - 2014-06-28 01:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 04:27 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 04:27 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 04:26 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 04:26 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 04:26 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 04:26 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 04:26 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 04:26 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 04:26 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 04:26 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 04:26 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 04:26 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 04:26 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 04:26 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 04:26 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 04:26 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 04:26 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 04:26 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 04:26 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 04:26 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 04:26 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 04:26 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 04:26 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 04:26 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 04:26 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 04:26 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 04:26 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 04:26 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 04:26 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 04:26 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 04:26 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 04:26 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 04:26 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 04:26 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 04:26 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 04:26 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 04:26 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 04:26 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 04:26 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 04:26 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 04:26 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 04:26 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 04:26 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 04:25 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 04:25 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 04:25 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 04:25 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 04:25 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 04:25 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 04:25 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 04:25 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 04:25 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 04:25 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 04:25 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 04:25 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 04:25 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 04:25 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 04:25 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 04:25 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 04:24 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 04:24 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 04:24 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 04:24 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-09 18:04 - 2014-10-09 18:04 - 00000222 _____ () C:\Users\Martin\Desktop\7 Days to Die.url
2014-10-05 17:53 - 2014-10-09 18:10 - 00175136 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2014-10-04 03:12 - 2014-10-04 03:12 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-10-04 03:10 - 2014-10-04 03:17 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Origin
2014-10-04 03:10 - 2014-10-04 03:12 - 00000000 ____D () C:\Users\Martin\AppData\Local\Origin
2014-10-04 03:07 - 2014-10-16 18:59 - 00000000 ____D () C:\ProgramData\Origin
2014-10-04 03:07 - 2014-10-16 17:54 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-10-04 03:07 - 2014-10-04 03:07 - 00000983 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-10-04 03:07 - 2014-10-04 03:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-10-04 03:07 - 2014-10-04 03:07 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-10-04 03:06 - 2014-10-04 03:06 - 17088592 _____ (Electronic Arts, Inc.) C:\Users\Martin\Downloads\OriginThinSetup.exe
2014-10-04 03:03 - 2014-10-04 03:04 - 01101648 _____ () C:\Users\Martin\Downloads\Origin EA Download Manager - CHIP-Installer.exe
2014-10-03 20:57 - 2014-10-03 20:57 - 00001298 _____ () C:\Users\Martin\Desktop\iw3mp - Verknüpfung.lnk
2014-10-03 20:35 - 2014-10-03 20:35 - 00000331 _____ () C:\Windows\game.ini
2014-10-03 20:35 - 2014-10-03 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
2014-10-03 20:30 - 2014-10-03 20:30 - 00000000 ____D () C:\Program Files (x86)\Activision
2014-10-03 00:29 - 2014-10-03 00:29 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Wargaming.net
2014-10-02 22:23 - 2014-10-02 22:23 - 00000769 _____ () C:\Users\Public\Desktop\World of Tanks.lnk
2014-10-02 22:23 - 2014-10-02 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
2014-10-02 22:23 - 2014-10-02 22:23 - 00000000 ____D () C:\Games
2014-10-02 22:22 - 2014-10-02 22:22 - 05965584 _____ (Wargaming.net ) C:\Users\Martin\Downloads\WoT_internet_install_eu(1).exe
2014-10-01 17:16 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 17:16 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 06:32 - 2014-09-30 06:32 - 00901632 _____ (Razer Inc) C:\Windows\SysWOW64\rzdevicedll.dll
2014-09-30 06:32 - 2014-09-30 06:32 - 00419840 _____ (Razer Inc) C:\Windows\SysWOW64\rzaudiodll.dll
2014-09-29 18:22 - 2014-09-29 18:22 - 00000222 _____ () C:\Users\Martin\Desktop\The Room.url
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-28 16:29 - 2013-09-08 21:30 - 00000000 ____D () C:\Users\Martin
2014-10-28 15:41 - 2013-09-09 16:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-28 15:20 - 2013-09-08 20:22 - 01860805 _____ () C:\Windows\WindowsUpdate.log
2014-10-28 07:10 - 2009-07-14 05:45 - 00027920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-28 07:10 - 2009-07-14 05:45 - 00027920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-28 06:27 - 2014-06-09 16:13 - 00000000 ____D () C:\Users\Martin\AppData\Local\LogMeIn Hamachi
2014-10-28 06:27 - 2013-09-27 19:58 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\uTorrent
2014-10-28 06:27 - 2011-04-12 08:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-10-28 06:27 - 2011-04-12 08:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-10-28 06:27 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-28 06:26 - 2009-07-14 05:51 - 00174877 _____ () C:\Windows\setupact.log
2014-10-28 06:23 - 2013-10-12 18:52 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-28 06:23 - 2013-09-10 06:58 - 00000239 _____ () C:\service.log
2014-10-28 06:22 - 2013-09-10 06:57 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-10-28 06:22 - 2013-09-09 13:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-28 06:22 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-28 06:08 - 2010-11-21 04:47 - 00188464 _____ () C:\Windows\PFRO.log
2014-10-27 23:24 - 2013-09-10 08:30 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-10-27 19:41 - 2013-09-27 20:59 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\TS3Client
2014-10-27 06:26 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-26 22:54 - 2013-09-27 21:31 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\vlc
2014-10-25 22:56 - 2013-09-29 18:33 - 377677778 _____ () C:\Windows\MEMORY.DMP
2014-10-25 22:56 - 2013-09-29 18:33 - 00000000 ____D () C:\Windows\Minidump
2014-10-25 22:43 - 2014-08-27 18:49 - 00000000 ____D () C:\Users\Martin\AppData\Local\Battle.net
2014-10-25 19:03 - 2014-08-27 18:49 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-22 20:00 - 2013-09-09 16:48 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-22 20:00 - 2013-09-09 16:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-22 20:00 - 2013-09-09 16:48 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-20 16:40 - 2014-06-22 14:22 - 00122060 _____ () C:\Windows\DPINST.LOG
2014-10-18 11:27 - 2013-11-17 17:17 - 00000000 ____D () C:\Users\Martin\Documents\My Games
2014-10-18 01:43 - 2014-03-26 13:18 - 00000000 ____D () C:\Program Files\Warcraft III
2014-10-16 17:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-15 14:21 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-15 14:17 - 2009-07-14 05:45 - 00462400 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 14:15 - 2014-05-06 22:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 14:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 14:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 04:45 - 2013-10-19 13:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 04:41 - 2013-09-09 13:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 04:39 - 2013-09-09 13:23 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-03 23:58 - 2014-03-31 21:21 - 00000000 ____D () C:\Users\Martin\AppData\Local\Arma 3
2014-10-03 20:43 - 2013-09-09 17:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-03 20:35 - 2013-11-17 17:16 - 00376004 _____ () C:\Windows\DirectX.log
2014-10-02 22:23 - 2014-06-04 19:15 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-10-02 22:23 - 2014-06-04 19:15 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-10-02 14:53 - 2010-11-21 04:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-29 18:26 - 2014-03-27 02:28 - 00000000 ____D () C:\ProgramData\Package Cache
Some content of TEMP:
====================
C:\Users\Martin\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE
C:\Users\Martin\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Martin\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Martin\AppData\Local\Temp\ICReinstall_Firefox_Setup.exe
C:\Users\Martin\AppData\Local\Temp\IminentSetup_20130624.exe
C:\Users\Martin\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Martin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Martin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Martin\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Martin\AppData\Local\Temp\nsf4D4D.exe
C:\Users\Martin\AppData\Local\Temp\nsl4976.exe
C:\Users\Martin\AppData\Local\Temp\nsqC5F3.exe
C:\Users\Martin\AppData\Local\Temp\nsqCBBE.exe
C:\Users\Martin\AppData\Local\Temp\nsw4158.exe
C:\Users\Martin\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Martin\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Martin\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Martin\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Martin\AppData\Local\Temp\nvStInst.exe
C:\Users\Martin\AppData\Local\Temp\ose00000.exe
C:\Users\Martin\AppData\Local\Temp\sonarinst.exe
C:\Users\Martin\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Martin\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Martin\AppData\Local\Temp\utt3B00.tmp.exe
C:\Users\Martin\AppData\Local\Temp\uttD694.tmp.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-27 19:36
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014 01
Ran by Martin at 2014-10-28 16:30:35
Running from C:\Users\Martin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Panda Endpoint Protection (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Endpoint Protection (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Endpoint Protection Firewall (Enabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version: - The Fun Pimps)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch (x32 Version: 1.1 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch (x32 Version: 1.2 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch (x32 Version: 1.4 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch (x32 Version: 1.5 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Energy Saver Advance B10.0309.1 (HKLM-x32\...\{7ED169D4-5053-4166-93DF-53B12AE6C539}) (Version: 1.10.0000 - GIGABYTE)
Extended Update (HKCU\...\UpdaterEX) (Version: - Extended Update) <==== ATTENTION
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.2.802 - Foxit Corporation)
Free YouTube Download version 3.2.16.1028 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.16.1028 - DVDVideoSoft Ltd.)
Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION
GRID 2 (HKLM-x32\...\Steam App 44350) (Version: - Codemasters Racing)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.50 (HKLM\...\Logitech Gaming Software) (Version: 8.50.281 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.255 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.255 - LogMeIn, Inc.) Hidden
MAGIX Fonts Package 1 (x32 Version: 1.0.0.0 - MAGIX AG) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.107 - Panda Security)
Panda Endpoint Agent (HKLM-x32\...\PCOP Agent) (Version: 7.00.00.0000 - Panda Security)
Panda Endpoint Agent (x32 Version: 7.00.00.0000 - Panda Security) Hidden
Panda Endpoint Protection (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 6.81.11 - Panda Security)
Panda Endpoint Protection (Version: 5.15.00.0000 - Panda Security) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
RaceRoom Racing Experience Launcher (HKLM-x32\...\{1FD9F07F-7BBF-4C91-B3F0-A23714A3A913}_is1) (Version: 1.0 - SimBin)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.17.22533 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek)
Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
The Room (HKLM-x32\...\Steam App 288160) (Version: - Fireproof Games)
Tropico 5 (HKLM-x32\...\Steam App 245620) (Version: - Haemimont Games)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WinZip 17.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DA}) (Version: 17.5.10480 - WinZip Computing, S.L. )
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net)
WSE_Astromenda (HKLM-x32\...\WSE_Astromenda) (Version: - WSE_Astromenda) <==== ATTENTION
XSplit Broadcaster (HKLM-x32\...\{3A1F3A32-7E9D-4AD2-A2E2-DFC98BAA9DC7}) (Version: 1.3.1403.1202 - SplitMediaLabs)
XSplit Gamecaster (HKLM-x32\...\{27E6D8B1-70BC-4981-AE4D-B7C73475C416}) (Version: 1.8.1406.0910 - SplitmediaLabs)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
28-10-2014 14:15:18 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2A467D69-9B0D-4019-B609-C71E3AEDC56C} - System32\Tasks\WSE_Astromenda => C:\Users\Martin\AppData\Roaming\WSE_Astromenda\UpdateProc\UpdateTask.exe [2014-10-27] ()
Task: {3DABA142-64A7-4C80-9D2E-732DD893CEA7} - System32\Tasks\UpdaterEX => C:\Users\Martin\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {83F201E1-9E42-4A39-9D68-DB26BC33F44E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-22] (Adobe Systems Incorporated)
Task: {C608F4A6-C422-4083-9907-B9674EDBC908} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Martin\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\WSE_Astromenda.job => C:\Users\Martin\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2013-09-09 13:16 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-10 06:58 - 2009-12-02 18:40 - 00068136 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
2014-05-04 18:15 - 2014-08-30 08:58 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-10-27 20:48 - 2014-10-27 20:48 - 01043968 _____ () C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe
2013-09-10 06:58 - 2009-03-13 10:30 - 00109096 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver\ycc.dll
2013-04-12 17:23 - 2013-04-12 17:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\WAC\SQLite3.dll
2014-06-24 08:43 - 2014-06-24 08:43 - 00046336 _____ () C:\Program Files (x86)\Panda Security\WaAgent\Common\ApiCr.dll
2014-06-24 08:43 - 2014-06-24 08:43 - 00103680 _____ () C:\Program Files (x86)\Panda Security\WaAgent\Common\MiniCrypto.dll
2014-06-24 08:43 - 2014-06-24 08:43 - 00513280 _____ () C:\Program Files (x86)\Panda Security\WaAgent\Common\libxml2.dll
2014-09-26 05:52 - 2014-09-26 05:52 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Spotify => "C:\Users\Martin\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Martin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-1109166967-4130222996-3088973447-500 - Administrator - Disabled)
Gast (S-1-5-21-1109166967-4130222996-3088973447-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1109166967-4130222996-3088973447-1003 - Limited - Enabled)
Martin (S-1-5-21-1109166967-4130222996-3088973447-1000 - Administrator - Enabled) => C:\Users\Martin
==================== Faulty Device Manager Devices =============
Name: USB-Verbundgerät
Description: USB-Verbundgerät
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard-USB-Hostcontroller)
Service: usbccgp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/28/2014 04:24:02 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.
Error: (10/28/2014 06:26:12 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "C:\Program Files (x86)\Panda Security\WaAgent\WAPWInst\WAPWInst.exe" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm Automatic Instalation Process wurde wegen dieses Fehlers geschlossen.
Programm: Automatic Instalation Process
Datei: C:\Program Files (x86)\Panda Security\WaAgent\WAPWInst\WAPWInst.exe
Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
- diese sich im Netzwerk befindet,
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
- diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.
Zusätzliche Daten
Fehlerwert: C0000185
Datenträgertyp: 3
Error: (10/28/2014 06:26:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WAPWINST.exe, Version: 5.6.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: WAPWINST.exe, Version: 5.6.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000006
Fehleroffset: 0x00067104
ID des fehlerhaften Prozesses: 0x117c
Startzeit der fehlerhaften Anwendung: 0xWAPWINST.exe0
Pfad der fehlerhaften Anwendung: WAPWINST.exe1
Pfad des fehlerhaften Moduls: WAPWINST.exe2
Berichtskennung: WAPWINST.exe3
Error: (10/28/2014 06:26:12 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "C:\Program Files (x86)\Steam\Steam.exe" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm Steam Client Bootstrapper wurde wegen dieses Fehlers geschlossen.
Programm: Steam Client Bootstrapper
Datei: C:\Program Files (x86)\Steam\Steam.exe
Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
- diese sich im Netzwerk befindet,
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
- diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.
Zusätzliche Daten
Fehlerwert: C0000185
Datenträgertyp: 3
Error: (10/28/2014 06:26:12 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "C:\Program Files (x86)\DAEMON Tools Lite\DTCommonRes.dll" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm DAEMON Tools Lite wurde wegen dieses Fehlers geschlossen.
Programm: DAEMON Tools Lite
Datei: C:\Program Files (x86)\DAEMON Tools Lite\DTCommonRes.dll
Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
- diese sich im Netzwerk befindet,
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
- diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.
Zusätzliche Daten
Fehlerwert: C0000185
Datenträgertyp: 3
Error: (10/28/2014 06:26:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Steam.exe, Version: 2.45.19.81, Zeitstempel: 0x54457aa7
Name des fehlerhaften Moduls: Steam.exe, Version: 2.45.19.81, Zeitstempel: 0x54457aa7
Ausnahmecode: 0xc0000006
Fehleroffset: 0x00121be0
ID des fehlerhaften Prozesses: 0xff8
Startzeit der fehlerhaften Anwendung: 0xSteam.exe0
Pfad der fehlerhaften Anwendung: Steam.exe1
Pfad des fehlerhaften Moduls: Steam.exe2
Berichtskennung: Steam.exe3
Error: (10/28/2014 06:26:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DTLite.exe, Version: 4.49.1.356, Zeitstempel: 0x53159ab2
Name des fehlerhaften Moduls: DTCommonRes.dll, Version: 4.49.1.356, Zeitstempel: 0x53159aa4
Ausnahmecode: 0xc0000006
Fehleroffset: 0x0005eb8b
ID des fehlerhaften Prozesses: 0xb14
Startzeit der fehlerhaften Anwendung: 0xDTLite.exe0
Pfad der fehlerhaften Anwendung: DTLite.exe1
Pfad des fehlerhaften Moduls: DTLite.exe2
Berichtskennung: DTLite.exe3
Error: (10/28/2014 06:26:09 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "C:\Windows\System32\shell32.dll" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm Windows-Explorer wurde wegen dieses Fehlers geschlossen.
Programm: Windows-Explorer
Datei: C:\Windows\System32\shell32.dll
Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
- diese sich im Netzwerk befindet,
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
- diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.
Zusätzliche Daten
Fehlerwert: C0000185
Datenträgertyp: 3
Error: (10/28/2014 06:25:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18517, Zeitstempel: 0x53aa2e07
Ausnahmecode: 0xc0000006
Fehleroffset: 0x0000000000411164
ID des fehlerhaften Prozesses: 0x6e8
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (10/28/2014 06:23:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (10/28/2014 03:37:33 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort4 gefunden.
Error: (10/28/2014 03:37:33 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort4 gefunden.
Error: (10/28/2014 03:35:45 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort4 gefunden.
Error: (10/28/2014 03:35:45 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort4 gefunden.
Error: (10/28/2014 03:35:45 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort4 gefunden.
Error: (10/28/2014 03:20:52 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort4 gefunden.
Error: (10/28/2014 03:20:52 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort4 gefunden.
Error: (10/28/2014 03:20:52 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort4 gefunden.
Error: (10/28/2014 03:20:52 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort4 gefunden.
Error: (10/28/2014 03:20:52 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort4 gefunden.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 37%
Total physical RAM: 4094.48 MB
Available physical RAM: 2539 MB
Total Pagefile: 8187.15 MB
Available Pagefile: 6137.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:708.52 GB) NTFS
Drive e: (Daten) (Fixed) (Total:298.09 GB) (Free:83.29 GB) NTFS
Drive f: (COD4MW) (CDROM) (Total:6.35 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 56E357B4)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 20B5A0B9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-28 16:50:35
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-6 WDC_WD10EARS-00MVWB0 rev.51.0AB51 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Martin\AppData\Local\Temp\pxdiypow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031b9000 52 bytes [FF, FF, FF, FF, FF, FF, FF, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 582 fffff800031b9036 27 bytes [FF, FF, FF, FF, FF, FF, FF, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\PnkBstrA.exe[2264] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000725217fa 2 bytes CALL 754611a9 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2264] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000072521860 2 bytes CALL 754611a9 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2264] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000072521942 2 bytes JMP 757f7089 C:\Windows\syswow64\WS2_32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2264] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007252194d 2 bytes JMP 757fcba6 C:\Windows\syswow64\WS2_32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000755d1401 2 bytes JMP 7548b21b C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2264] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000755d1419 2 bytes JMP 7548b346 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000755d1431 2 bytes JMP 75508ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000755d144a 2 bytes CALL 754648ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Windows\SysWOW64\PnkBstrA.exe[2264] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755d14dd 2 bytes JMP 755087a2 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755d14f5 2 bytes JMP 75508978 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2264] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000755d150d 2 bytes JMP 75508698 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000755d1525 2 bytes JMP 75508a62 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000755d153d 2 bytes JMP 7547fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2264] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000755d1555 2 bytes JMP 754868ef C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000755d156d 2 bytes JMP 75508f61 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000755d1585 2 bytes JMP 75508ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2264] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000755d159d 2 bytes JMP 7550865c C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755d15b5 2 bytes JMP 7547fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755d15cd 2 bytes JMP 7548b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755d16b2 2 bytes JMP 75508e24 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755d16bd 2 bytes JMP 755085f1 C:\Windows\syswow64\kernel32.dll
? C:\Windows\system32\mssprxy.dll [2352] entry point in ".rdata" section 00000000718b71e6
.text C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe[3384] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000755d1401 2 bytes JMP 7548b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe[3384] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000755d1419 2 bytes JMP 7548b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe[3384] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000755d1431 2 bytes JMP 75508ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe[3384] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000755d144a 2 bytes CALL 754648ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe[3384] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000755d14dd 2 bytes JMP 755087a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe[3384] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000755d14f5 2 bytes JMP 75508978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe[3384] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000755d150d 2 bytes JMP 75508698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe[3384] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000755d1525 2 bytes JMP 75508a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe[3384] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000755d153d 2 bytes JMP 7547fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe[3384] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000755d1555 2 bytes JMP 754868ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe[3384] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000755d156d 2 bytes JMP 75508f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe[3384] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000755d1585 2 bytes JMP 75508ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe[3384] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000755d159d 2 bytes JMP 7550865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe[3384] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000755d15b5 2 bytes JMP 7547fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe[3384] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000755d15cd 2 bytes JMP 7548b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe[3384] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000755d16b2 2 bytes JMP 75508e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe[3384] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000755d16bd 2 bytes JMP 755085f1 C:\Windows\syswow64\kernel32.dll
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{D83E731A-CDA1-42E1-AD9A-0CD8D58C6D3B}@LeaseObtainedTime 1414510451
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{D83E731A-CDA1-42E1-AD9A-0CD8D58C6D3B}@T1 1414510578
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{D83E731A-CDA1-42E1-AD9A-0CD8D58C6D3B}@T2 1414510674
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{D83E731A-CDA1-42E1-AD9A-0CD8D58C6D3B}@LeaseTerminatesTime 1414510706
---- EOF - GMER 2.1 ----
|
|
28.10.2014, 17:19
| #2 |
| /// the machine /// TB-Ausbilder    |  WIN7:CI.A - sehr langsam/diverse abstürze von programmen/explorer.exe absturz hi,
__________________Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ |
|
28.10.2014, 23:27
| #3 |
| | WIN7:CI.A - sehr langsam/diverse abstürze von programmen/explorer.exe absturz Danke für die Antwort.
__________________Code:
ATTFilter ComboFix 14-10-27.01 - Martin 28.10.2014 22:22:10.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4094.2667 [GMT 1:00]
ausgeführt von:: c:\users\Martin\Desktop\ComboFix.exe
AV: Panda Endpoint Protection *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Panda Endpoint Protection Firewall *Enabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Panda Endpoint Protection *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-09-28 bis 2014-10-28 ))))))))))))))))))))))))))))))
.
.
2014-10-28 21:51 . 2014-10-28 21:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-28 21:04 . 2014-10-28 21:04 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-10-28 20:51 . 2014-10-28 20:51 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-10-28 15:51 . 2012-11-07 07:00 58360 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2014-10-28 15:29 . 2014-10-28 15:30 -------- d-----w- C:\FRST
2014-10-28 14:17 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E7FD74C8-1335-49E8-AB85-00C7A9A4D461}\mpengine.dll
2014-10-27 19:49 . 2014-10-28 21:02 -------- d-----w- c:\users\Martin\AppData\Roaming\UpdaterEX
2014-10-27 19:46 . 2014-10-27 19:46 -------- d-----w- c:\users\Martin\AppData\Roaming\rmi
2014-10-22 18:59 . 2014-10-22 19:00 -------- d-----w- c:\users\Martin\AppData\Local\Adobe
2014-10-17 14:40 . 2014-10-17 14:40 -------- d-----w- c:\programdata\Codemasters
2014-10-15 03:42 . 2014-10-15 03:42 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET
2014-10-15 03:28 . 2014-09-29 00:58 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-10-15 03:28 . 2014-06-18 22:23 73880 ----a-w- c:\windows\system32\mscories.dll
2014-10-15 03:28 . 2014-06-18 22:23 1943696 ----a-w- c:\windows\system32\dfshim.dll
2014-10-15 03:28 . 2014-06-18 22:23 156312 ----a-w- c:\windows\system32\mscorier.dll
2014-10-15 03:28 . 2014-06-18 22:23 156824 ----a-w- c:\windows\SysWow64\mscorier.dll
2014-10-15 03:28 . 2014-06-18 22:23 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll
2014-10-15 03:28 . 2014-06-18 22:23 81560 ----a-w- c:\windows\SysWow64\mscories.dll
2014-10-15 03:26 . 2014-10-07 02:04 812736 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
2014-10-15 03:25 . 2014-09-18 02:00 3241472 ----a-w- c:\windows\system32\msi.dll
2014-10-15 03:24 . 2014-09-05 02:11 6584320 ----a-w- c:\windows\system32\mstscax.dll
2014-10-15 03:24 . 2014-09-05 01:52 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-10-15 03:24 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll
2014-10-15 03:24 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-05 16:53 . 2014-10-09 17:10 175136 ----a-w- c:\windows\SysWow64\EasyAntiCheat.exe
2014-10-04 02:12 . 2014-10-04 02:12 -------- d-----w- c:\program files (x86)\Origin Games
2014-10-04 02:10 . 2014-10-04 02:17 -------- d-----w- c:\users\Martin\AppData\Roaming\Origin
2014-10-04 02:10 . 2014-10-04 02:12 -------- d-----w- c:\users\Martin\AppData\Local\Origin
2014-10-04 02:07 . 2014-10-16 17:59 -------- d-----w- c:\programdata\Origin
2014-10-04 02:07 . 2014-10-04 02:07 -------- d-----w- c:\programdata\Electronic Arts
2014-10-04 02:07 . 2014-10-16 16:54 -------- d-----w- c:\program files (x86)\Origin
2014-10-03 19:30 . 2014-10-03 19:30 -------- d-----w- c:\program files (x86)\Activision
2014-10-02 23:29 . 2014-10-02 23:29 -------- d-----w- c:\users\Martin\AppData\Roaming\Wargaming.net
2014-10-02 21:23 . 2014-10-02 21:23 -------- d-----w- C:\Games
2014-10-01 16:16 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-10-01 16:16 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-30 05:32 . 2014-09-30 05:32 901632 ----a-w- c:\windows\SysWow64\rzdevicedll.dll
2014-09-30 05:32 . 2014-09-30 05:32 419840 ----a-w- c:\windows\SysWow64\rzaudiodll.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-28 21:02 . 2013-09-10 05:57 25640 ----a-w- c:\windows\gdrv.sys
2014-10-22 19:00 . 2013-09-09 15:48 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-22 19:00 . 2013-09-09 15:48 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-15 03:39 . 2013-09-09 12:23 103265616 ----a-w- c:\windows\system32\MRT.exe
2014-10-02 13:53 . 2010-11-21 03:27 278152 ------w- c:\windows\system32\MpSigStub.exe
2014-09-24 04:41 . 2014-09-24 04:41 3675824 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-09-11 06:57 . 2014-09-11 06:57 78848 ----a-w- c:\windows\SysWow64\rzvirtualdev.dll
2014-09-11 06:57 . 2014-09-11 06:57 155136 ----a-w- c:\windows\SysWow64\rztouchdll.dll
2014-09-11 06:57 . 2014-09-11 06:57 89088 ----a-w- c:\windows\SysWow64\rzdevinfo.dll
2014-09-11 06:57 . 2014-09-11 06:57 117248 ----a-w- c:\windows\SysWow64\rzdisplaydll.dll
2014-09-09 22:11 . 2014-09-24 04:13 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 04:13 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-05 03:28 . 2014-09-05 03:28 31912 ----a-w- c:\windows\system32\drivers\rzvmouse.sys
2014-09-05 03:27 . 2014-09-05 03:27 160424 ----a-w- c:\windows\system32\drivers\rzudd.sys
2014-08-30 17:40 . 2014-05-04 17:18 290776 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-08-30 17:40 . 2014-05-04 17:15 290776 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-08-30 17:37 . 2014-05-04 17:15 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-08-30 07:58 . 2014-05-04 17:15 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-08-23 02:07 . 2014-08-27 17:25 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-27 17:25 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-01 11:53 . 2014-09-11 04:20 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-11 04:20 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-10-29 23:09 277560 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\Martin\AppData\Roaming\uTorrent\uTorrent.exe" [2014-10-08 1385808]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-10-21 1938624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2014-09-29 585536]
"PSUAMain"="c:\program files (x86)\Panda Security\WAC\PSUAMain.exe" [2013-10-17 32736]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-10-27 3835728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfDHP2amd64.sys [x]
R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfSBVMamd64.sys [x]
R3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys;c:\windows\SYSNATIVE\drivers\Lycosa.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 PSINDvct;Device control Driver;c:\windows\system32\DRIVERS\PSINDvct.sys;c:\windows\SYSNATIVE\DRIVERS\PSINDvct.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSAlpc.sys [x]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttp.sys [x]
S1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttps.sys [x]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys;c:\windows\SYSNATIVE\DRIVERS\NNSIds.sys [x]
S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys;c:\windows\SYSNATIVE\DRIVERS\NNSNAHSL.sys [x]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPicc.sys [x]
S1 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPihsw.sys [x]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPop3.sys [x]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys;c:\windows\SYSNATIVE\DRIVERS\NNSProt.sys [x]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPrv.sys [x]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSSmtp.sys [x]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys;c:\windows\SYSNATIVE\DRIVERS\NNSStrm.sys [x]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSTlsc.sys [x]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys;c:\windows\SYSNATIVE\DRIVERS\psinknc.sys [x]
S2 dvctprov;dvctprov;c:\windows\system32\DRIVERS\dvctprov.sys;c:\windows\SYSNATIVE\DRIVERS\dvctprov.sys [x]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [x]
S2 GEST Service;GEST Service for program management.;c:\program files (x86)\GIGABYTE\EnergySaver\GSvr.exe;c:\program files (x86)\GIGABYTE\EnergySaver\GSvr.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NanoServiceMain;Panda Endpoint Protection Service;c:\program files (x86)\Panda Security\WAC\PSANHost.exe;c:\program files (x86)\Panda Security\WAC\PSANHost.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys;c:\windows\SYSNATIVE\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProt.sys [x]
S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\WAC\PSUAService.exe;c:\program files (x86)\Panda Security\WAC\PSUAService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 WAHost;Panda Endpoint Administration Agent;c:\program files (x86)\Panda Security\WaAgent\WAHost\WAHost.exe;c:\program files (x86)\Panda Security\WaAgent\WAHost\WAHost.exe [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver;c:\windows\system32\DRIVERS\LGSUsbFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSUsbFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rzp1endpt;Razer platform 1 end point;c:\windows\system32\DRIVERS\rzp1endpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzp1endpt.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
S3 rzvmouse;Razer Virtual Mouse;c:\windows\system32\DRIVERS\rzvmouse.sys;c:\windows\SYSNATIVE\DRIVERS\rzvmouse.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-09 19:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-10-29 23:09 336952 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-08-01 8290584]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://astromenda.com/?f=1&a=ast_dnldstr_14_44_ff&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzyyBzz0Azy0FtBtC0AyBzytN0D0Tzu0StCtDtAtCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StCtBzzzytByCtD0BtGyEtCyE0FtGzytA0CyBtG0CyEyD0DtGtA0E0Bzz0EyCyCtCtD0FtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtBtB0BtAzytD0EtGyCyC0E0EtGyEtDyD0AtG0AzzyE0FtG0E0DtA0D0BtByDtBtD0FtCtB2Q&cr=1162162568&ir=
mDefault_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=WDCXWD10EARS-00MVWB0_WD-WCAZA848631286312&ts=1380305572
mStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=WDCXWD10EARS-00MVWB0_WD-WCAZA848631286312&ts=1380305572
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default\
FF - user.js: extensions.zonealarm.hpOld0 - www.google.de
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=e91d1fc941b1408a906a2f6287317c3f&tu=11Jiy00EZ1D13P0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 94f51a79000000000000001d7d0300a6
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 16243
FF - user.js: extensions.zonealarm.vrsn - 1.8.29.17
FF - user.js: extensions.zonealarm.vrsni - 1.8.29.17
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.29.179:07
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 5066
FF - user.js: extensions.zonealarm.smplGrp - NewUSR
FF - user.js: extensions.zonealarm.tlbrId - HFA5
FF - user.js: extensions.zonealarm.instlRef - ZLN123632342342139-5066
FF - user.js: extensions.zonealarm.dfltLng - DE
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - false
FF - user.js: extensions.zonealarm.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=DE&gu=e91d1fc941b1408a906a2f6287317c3f&tu=11Jiy00EZ1D13P0&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.kw_url - hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=DE&gu=e91d1fc941b1408a906a2f6287317c3f&tu=11Jiy00EZ1D13P0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.dnsErr - true
FF - user.js: extensions.zonealarm.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=HFA5&Lan=DE&gu=e91d1fc941b1408a906a2f6287317c3f&tu=11Jiy00EZ1D13P0&sku=&tstsId=&ver=&
FF - user.js: extensions.astrmndasr.hmpg - true
FF - user.js: extensions.astrmndasr.hmpgUrl - hxxp://astromenda.com/?f=1&a=ast_dnldstr_14_44_ff&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzyyBzz0Azy0FtBtC0AyBzytN0D0Tzu0StCtDtAtCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StCtBzzzytByCtD0BtGyEtCyE0FtGzytA0CyBtG0CyEyD0DtGtA0E0Bzz0EyCyCtCtD0FtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtBtB0BtAzytD0EtGyCyC0E0EtGyEtDyD0AtG0AzzyE0FtG0E0DtA0D0BtByDtBtD0FtCtB2Q&cr=1162162568&ir=
FF - user.js: extensions.astrmndasr.dfltSrch - true
FF - user.js: extensions.astrmndasr.srchPrvdr - Astromenda
FF - user.js: extensions.astrmndasr.dnsErr - true
FF - user.js: extensions.astrmndasr_i.newTab - true
FF - user.js: extensions.astrmndasr.newTabUrl - hxxp://astromenda.com/?f=2&a=ast_dnldstr_14_44_ff&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzyyBzz0Azy0FtBtC0AyBzytN0D0Tzu0StCtDtAtCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StCtBzzzytByCtD0BtGyEtCyE0FtGzytA0CyBtG0CyEyD0DtGtA0E0Bzz0EyCyCtCtD0FtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtBtB0BtAzytD0EtGyCyC0E0EtGyEtDyD0AtG0AzzyE0FtG0E0DtA0D0BtByDtBtD0FtCtB2Q&cr=1162162568&ir=
FF - user.js: extensions.astrmndasr.tlbrSrchUrl - hxxp://astromenda.com/?f=3&a=ast_dnldstr_14_44_ff&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzyyBzz0Azy0FtBtC0AyBzytN0D0Tzu0StCtDtAtCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StCtBzzzytByCtD0BtGyEtCyE0FtGzytA0CyBtG0CyEyD0DtGtA0E0Bzz0EyCyCtCtD0FtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtBtB0BtAzytD0EtGyCyC0E0EtGyEtDyD0AtG0AzzyE0FtG0E0DtA0D0BtByDtBtD0FtCtB2Q&cr=1162162568&ir=&q=
FF - user.js: extensions.astrmndasr.id - 7A791978A9F21A79
FF - user.js: extensions.astrmndasr.instlDay - 16370
FF - user.js: extensions.astrmndasr.vrsn -
FF - user.js: extensions.astrmndasr.vrsni -
FF - user.js: extensions.astrmndasr_i.vrsnTs - 20:48
FF - user.js: extensions.astrmndasr.prtnrId - WSE_Astromenda
FF - user.js: extensions.astrmndasr.prdct - astrmndasr
FF - user.js: extensions.astrmndasr.aflt - ast_dnldstr_14_44_ff
FF - user.js: extensions.astrmndasr_i.smplGrp - none
FF - user.js: extensions.astrmndasr.tlbrId -
FF - user.js: extensions.astrmndasr.instlRef - 142905_f
FF - user.js: extensions.astrmndasr.dfltLng -
FF - user.js: extensions.astrmndasr.appId - {9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
FF - user.js: extensions.astrmndasr.excTlbr - false
FF - user.js: extensions.astrmndasr.cr - 1162162568
FF - user.js: extensions.astrmndasr.cd - 2XzuyEtN2Y1L1QzuyB0AyBzytCzyyBzz0Azy0FtBtC0AyBzytN0D0Tzu0StCtDtAtCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StCtBzzzytByCtD0BtGyEtCyE0FtGzytA0CyBtG0CyEyD0DtGtA0E0Bzz0EyCyCtCtD0FtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtBtB0BtAzytD0EtGyCyC0E0EtGyEtDyD0AtG0AzzyE0FtG0E0DtA0D0BtByDtBtD0FtCtB2Q
FF - user.js: extensions.astrmndasr.AL - 4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-10-28 23:02:09
ComboFix-quarantined-files.txt 2014-10-28 22:02
.
Vor Suchlauf: 13 Verzeichnis(se), 760.696.971.264 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 762.893.582.336 Bytes frei
.
- - End Of File - - 1F84AD8F689C7DC30A902E07ACD8699B
A36C5E4F47E84449FF07ED3517B43A31
|
|
29.10.2014, 19:35
| #4 |
| /// the machine /// TB-Ausbilder | WIN7:CI.A - sehr langsam/diverse abstürze von programmen/explorer.exe absturz Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.10.2014, 21:45
| #5 |
| | WIN7:CI.A - sehr langsam/diverse abstürze von programmen/explorer.exe absturz MbAM Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 29.10.2014 Suchlauf-Zeit: 20:19:52 Logdatei: MbAM.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.10.29.07 Rootkit Datenbank: v2014.10.22.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Martin Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 363197 Verstrichene Zeit: 11 Min, 31 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 15 PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, In Quarantäne, [3249a67485f7cb6b5be6df04e81a1be5], PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, In Quarantäne, [3249a67485f7cb6b5be6df04e81a1be5], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1109166967-4130222996-3088973447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [89f257c38eee89ad32f8525753af37c9], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, In Quarantäne, [6318cd4dfc804bebbfefa63c768cf907], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, In Quarantäne, [512a37e3710b93a349661fc39969dd23], PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [05767e9ca0dc1224a316f08fd133d729], PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\BonanzaDealsLive, In Quarantäne, [8af10713b8c4e74fd05d186415ef48b8], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, In Quarantäne, [7dfe0e0c58240036a03035290af9fc04], PUP.Optional.qvo6.A, HKLM\SOFTWARE\WOW6432NODE\qvo6Software, In Quarantäne, [205b31e97c00280ed29a7402d82c8c74], PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [fa81f624d8a456e0b405ff8044c0eb15], PUP.Optional.BonanzaDeals.A, HKU\S-1-5-21-1109166967-4130222996-3088973447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BonanzaDealsLive, In Quarantäne, [cbb0b961dd9f52e465c65329e321b947], PUP.Optional.Iminent.A, HKU\S-1-5-21-1109166967-4130222996-3088973447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, In Quarantäne, [a4d761b985f79f973e93ff5f0cf77e82], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1109166967-4130222996-3088973447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [5a2171a93c40191d25ba293453b005fb], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1109166967-4130222996-3088973447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [0c6fbf5bd5a76bcb091a690b2dd72dd3], PUP.Optional.Qone8, HKU\S-1-5-21-1109166967-4130222996-3088973447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [116ada40b4c84aecdedaf98643c17987], Registrierungswerte: 1 PUP.Optional.InstallCore.A, HKU\S-1-5-21-1109166967-4130222996-3088973447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0H1K1J1N2U0R1O1F, In Quarantäne, [0c6fbf5bd5a76bcb091a690b2dd72dd3] Registrierungsdaten: 6 Hijack.StartPage, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=WDCXWD10EARS-00MVWB0_WD-WCAZA848631286312&ts=1380305572, Gut: (www.google.com), Schlecht: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=WDCXWD10EARS-00MVWB0_WD-WCAZA848631286312&ts=1380305572),Ersetzt,[69122bef91eb2115c97be74b8283837d] PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[86f579a115670e28c8d9a290e322867a] Hijack.StartPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=WDCXWD10EARS-00MVWB0_WD-WCAZA848631286312&ts=1380305572, Gut: (www.google.com), Schlecht: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=WDCXWD10EARS-00MVWB0_WD-WCAZA848631286312&ts=1380305572),Ersetzt,[55269b7fe19be3536adc959de223df21] Hijack.StartPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=WDCXWD10EARS-00MVWB0_WD-WCAZA848631286312&ts=1380305572, Gut: (www.google.com), Schlecht: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=WDCXWD10EARS-00MVWB0_WD-WCAZA848631286312&ts=1380305572),Ersetzt,[6b106dada0dcec4a62e2141ef015d12f] PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[2655c555b0cccf67bbe6171bf114cb35] PUP.Optional.Astromenda.A, HKU\S-1-5-21-1109166967-4130222996-3088973447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://astromenda.com/?f=1&a=ast_dnldstr_14_44_ff&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzyyBzz0Azy0FtBtC0AyBzytN0D0Tzu0StCtDtAtCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StCtBzzzytByCtD0BtGyEtCyE0FtGzytA0CyBtG0CyEyD0DtGtA0E0Bzz0EyCyCtCtD0FtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtBtB0BtAzytD0EtGyCyC0E0EtGyEtDyD0AtG0AzzyE0FtG0E0DtA0D0BtByDtBtD0FtCtB2Q&cr=1162162568&ir=, Gut: (www.google.com), Schlecht: (hxxp://astromenda.com/?f=1&a=ast_dnldstr_14_44_ff&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzyyBzz0Azy0FtBtC0AyBzytN0D0Tzu0StCtDtAtCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StCtBzzzytByCtD0BtGyEtCyE0FtGzytA0CyBtG0CyEyD0DtGtA0E0Bzz0EyCyCtCtD0FtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtBtB0BtAzytD0EtGyCyC0E0EtGyEtDyD0AtG0AzzyE0FtG0E0DtA0D0BtByDtBtD0FtCtB2Q&cr=1162162568&ir=),Ersetzt,[2b503ddd91eb43f3a77bca6a0104b749] Ordner: 12 PUP.Optional.OpenCandy, C:\Users\Martin\AppData\Roaming\OpenCandy, In Quarantäne, [780365b5daa2d0664bad63920cf6a15f], PUP.Optional.OpenCandy, C:\Users\Martin\AppData\Roaming\OpenCandy\AA12D7FCAFDB403AB0F7E2BFCFC55052, In Quarantäne, [780365b5daa2d0664bad63920cf6a15f], PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive, In Quarantäne, [7605001a0b711323fae9ca2c000205fb], PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update, In Quarantäne, [7605001a0b711323fae9ca2c000205fb], PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update\Log, In Quarantäne, [7605001a0b711323fae9ca2c000205fb], PUP.Optional.BonanzaDeals.A, C:\Users\Martin\AppData\Local\BonanzaDealsLive, In Quarantäne, [502bbd5dacd0bd79cd1753a3cf3354ac], PUP.Optional.BonanzaDeals.A, C:\Users\Martin\AppData\Local\BonanzaDealsLive\CrashReports, In Quarantäne, [502bbd5dacd0bd79cd1753a3cf3354ac], PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDealsLive, In Quarantäne, [bcbf0911e6963ff7a64054a254aed22e], PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDealsLive\CrashReports, In Quarantäne, [bcbf0911e6963ff7a64054a254aed22e], PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDeals, In Quarantäne, [b5c6eb2fc2ba4beb6a67d14cba490000], PUP.Optional.Astromenda.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default\astrmndant, In Quarantäne, [37445ebc77057eb84ef7ee32dd261de3], PUP.Optional.Astromenda.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default\astrmndant\fav_thumbs, In Quarantäne, [37445ebc77057eb84ef7ee32dd261de3], Dateien: 25 PUP.Optional.OpenCandy.A, C:\Users\Martin\AppData\Roaming\OpenCandy\AA12D7FCAFDB403AB0F7E2BFCFC55052\ZADlm_1.exe, In Quarantäne, [dba070aa4438d363c1461b1bfc0522de], PUP.Optional.OpenCandy, C:\Users\Martin\Downloads\DTLite4491-0356.exe, In Quarantäne, [4833bd5dc6b6ce68a8c0fe5ab74e9e62], PUP.Optional.OpenCandy, C:\Users\Martin\Downloads\ubcd528.exe, In Quarantäne, [afcc73a773090d29d395aaae55b053ad], PUP.Optional.Conduit.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default\searchplugins\conduit-search.xml, In Quarantäne, [f6856ab03f3dc175418f78b1ac57718f], PUP.Optional.Astromenda, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default\searchplugins\Astromenda.xml, In Quarantäne, [7308d8428eeeec4ab23a5dd18e75c53b], PUP.Optional.OpenCandy, C:\Users\Martin\AppData\Roaming\OpenCandy\AA12D7FCAFDB403AB0F7E2BFCFC55052\7862.ico, In Quarantäne, [780365b5daa2d0664bad63920cf6a15f], PUP.Optional.OpenCandy, C:\Users\Martin\AppData\Roaming\OpenCandy\AA12D7FCAFDB403AB0F7E2BFCFC55052\zafwSetupWeb_131_211_000.exe, In Quarantäne, [780365b5daa2d0664bad63920cf6a15f], PUP.Optional.OpenCandy, C:\Users\Martin\AppData\Roaming\OpenCandy\AA12D7FCAFDB403AB0F7E2BFCFC55052\ZoneAlarm_p1v5.exe, In Quarantäne, [780365b5daa2d0664bad63920cf6a15f], PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update\Log\BonanzaDealsLive.log, In Quarantäne, [7605001a0b711323fae9ca2c000205fb], PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDeals\uninst.exe, In Quarantäne, [b5c6eb2fc2ba4beb6a67d14cba490000], PUP.Optional.Astromenda.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default\astrmndant\fav-groups, In Quarantäne, [37445ebc77057eb84ef7ee32dd261de3], PUP.Optional.Astromenda.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default\astrmndant\favs##432faa420e601019a5be66b08202e65b, In Quarantäne, [37445ebc77057eb84ef7ee32dd261de3], PUP.Optional.Astromenda.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default\astrmndant\fav_thumbs\05eb1ec7f2c3f912ddc18d5b7be9c531, In Quarantäne, [37445ebc77057eb84ef7ee32dd261de3], PUP.Optional.Astromenda.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default\astrmndant\fav_thumbs\1f6fde5b581228c0eed5c9ba6b120763, In Quarantäne, [37445ebc77057eb84ef7ee32dd261de3], PUP.Optional.Astromenda.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default\astrmndant\fav_thumbs\2655eb8c511d233f5eef48a91f2ed43e, In Quarantäne, [37445ebc77057eb84ef7ee32dd261de3], PUP.Optional.Astromenda.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default\astrmndant\fav_thumbs\295bd75d0058e05e23779ec8678dadda, In Quarantäne, [37445ebc77057eb84ef7ee32dd261de3], PUP.Optional.Astromenda.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default\astrmndant\fav_thumbs\2cb599b38e59e198f2aef22d67d251c5, In Quarantäne, [37445ebc77057eb84ef7ee32dd261de3], PUP.Optional.Astromenda.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default\astrmndant\fav_thumbs\42728f8754463300cd3ca5d7682fd336, In Quarantäne, [37445ebc77057eb84ef7ee32dd261de3], PUP.Optional.Astromenda.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default\astrmndant\fav_thumbs\66d5cf970387098438df157796713695, In Quarantäne, [37445ebc77057eb84ef7ee32dd261de3], PUP.Optional.Astromenda.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default\astrmndant\fav_thumbs\8723a22f4fa4a6ac29ac4f57f387dbbf, In Quarantäne, [37445ebc77057eb84ef7ee32dd261de3], PUP.Optional.Astromenda.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default\astrmndant\fav_thumbs\b59def42accad5efe51ef6653a5f2763, In Quarantäne, [37445ebc77057eb84ef7ee32dd261de3], PUP.Optional.Astromenda.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default\astrmndant\fav_thumbs\baefa134f12dfdd77786ddbfd88fc93a, In Quarantäne, [37445ebc77057eb84ef7ee32dd261de3], PUP.Optional.Astromenda.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default\astrmndant\fav_thumbs\df0b8485266f71c16e4757157176b6d5, In Quarantäne, [37445ebc77057eb84ef7ee32dd261de3], PUP.Optional.Astromenda.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default\astrmndant\fav_thumbs\f559d4841b4e5279b8038c741d7774ca, In Quarantäne, [37445ebc77057eb84ef7ee32dd261de3], PUP.Optional.Astromenda.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default\astrmndant\fav_thumbs\fd3a6ccd12b9251fe7f0323a03e88a4f, In Quarantäne, [37445ebc77057eb84ef7ee32dd261de3], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.002 - Bericht erstellt am 29/10/2014 um 20:58:12
# DB v2014-10-26.6
# Aktualisiert 27/10/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Martin - MARTIN-PC
# Gestartet von : C:\Users\Martin\Desktop\AdwCleaner_4.002.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\UpdaterEX
Ordner Gelöscht : C:\Users\Martin\AppData\Local\CrashRpt
Datei Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default\searchplugins\zonealarm.xml
Datei Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default\user.js
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v32.0.3 (x86 de)
-\\ Google Chrome v
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Home Premium x64
Ran by Martin on 29.10.2014 at 21:34:55,62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ FireFox
Successfully deleted the following from C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\9dsc0osl.default\prefs.js
user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_dnldstr_14_44_ff&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzyyBzz0Azy0FtBtC0AyBzytN0D0Tzu0StCtDtAtCtN1L2XzutAtF
user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_dnldstr_14_44_ff&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzyyBzz0Azy0FtBtC0AyBzytN0D0Tzu0StCtDtAtCtN1L2XzutA
user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_dnldstr_14_44_ff&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzyyBzz0Azy0FtBtC0AyBzytN0D0Tzu0StCtDtAtCtN1L2Xzu
user_pref("extensions.zonealarm.hmpgUrl", "hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=DE&gu=e91d1fc941b1408a906a2f6287317c3f&tu=11Jiy00EZ1D13P0&sku=&tstsId=&ver=&");
user_pref("extensions.zonealarm.kw_url", "hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=DE&gu=e91d1fc941b1408a906a2f6287317c3f&tu=11Jiy00EZ1D13P0&sku=&tstsId=&ver=&&
user_pref("extensions.zonealarm.newTabUrl", "hxxp://search.zonealarm.com/?src=nt&tbid=HFA5&Lan=DE&gu=e91d1fc941b1408a906a2f6287317c3f&tu=11Jiy00EZ1D13P0&sku=&tstsId=&ver=&");
user_pref("extensions.zonealarm.tlbrSrchUrl", "hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=e91d1fc941b1408a906a2f6287317c3f&tu=11Jiy00EZ1D13P0&sku=&ts
user_pref("iminent.LayoutId", "1");
user_pref("iminent.version", "7.36.1.1");
user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.36.1.1\",\"InstallEventCTime\":1380308485023,\"InstallEvent\":\"True\"}");
Emptied folder: C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\9dsc0osl.default\minidumps [117 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.10.2014 at 21:39:09,72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-10-2014 01 Ran by Martin (administrator) on MARTIN-PC on 29-10-2014 21:41:27 Running from C:\Users\Martin\Desktop Loaded Profile: Martin (Available profiles: Martin) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe () C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\WAC\PSANHost.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\WAC\PSUAService.exe (Panda Security International) C:\Program Files (x86)\Panda Security\WaAgent\WAHost\WAHost.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\WAC\PSUAMain.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-09-29] (Razer Inc.) HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\WAC\PSUAMain.exe [32736 2013-10-17] (Panda Security, S.L.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-10-27] (LogMeIn Inc.) HKU\S-1-5-21-1109166967-4130222996-3088973447-1000\...\Run: [uTorrent] => C:\Users\Martin\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-29] (BitTorrent Inc.) HKU\S-1-5-21-1109166967-4130222996-3088973447-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1938624 2014-10-21] (Valve Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x620F02B56AADCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab FireFox: ======== FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Astro New Tab - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default\Extensions\{f2548724-373f-45fe-be6a-3a85e87b7711}.xpi [2014-10-27] Chrome: ======= CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-10-09] (EasyAntiCheat Ltd) R2 FoxitCloudUpdateService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation) R2 GEST Service; C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [68136 2009-12-02] () R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-10-21] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\WAC\PSANHost.exe [140768 2013-12-20] (Panda Security, S.L.) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3191392 2014-05-15] (INCA Internet Co., Ltd.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-30] () R2 PSUAService; C:\Program Files (x86)\Panda Security\WAC\PSUAService.exe [37344 2013-10-17] (Panda Security, S.L.) R2 WAHost; C:\Program Files (x86)\Panda Security\WaAgent\WAHost\WAHost.exe [558840 2014-06-25] (Panda Security International) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-22] (Disc Soft Ltd) R2 dvctprov; C:\Windows\System32\DRIVERS\dvctprov.sys [105704 2013-08-30] (Panda Security, S.L.) S3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech) S3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech) R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.) S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-29] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93440 2014-01-22] (Panda Security, S.L.) R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [124160 2014-01-16] (Panda Security, S.L.) R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110624 2014-02-26] (Panda Security, S.L.) R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116480 2014-01-16] (Panda Security, S.L.) R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [43752 2013-12-22] (Panda Security, S.L.) R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [97024 2014-01-16] (Panda Security, S.L.) R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [71424 2014-01-16] (Panda Security, S.L.) R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [127744 2014-01-22] (Panda Security, S.L.) R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [307456 2014-02-24] (Panda Security, S.L.) R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [123648 2014-01-16] (Panda Security, S.L.) R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [116992 2014-01-16] (Panda Security, S.L.) R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [259328 2014-02-24] (Panda Security, S.L.) R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109824 2014-01-22] (Panda Security, S.L.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [170752 2014-01-17] (Panda Security, S.L.) R0 PSINDvct; C:\Windows\System32\DRIVERS\PSINDvct.sys [53480 2013-08-30] (Panda Security, S.L.) R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [124160 2014-01-17] (Panda Security, S.L.) R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [207616 2014-01-26] (Panda Security, S.L.) R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [126208 2014-01-17] (Panda Security, S.L.) R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [139520 2014-01-17] (Panda Security, S.L.) R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [58360 2012-11-07] (Panda Security, S.L.) R3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [39080 2014-05-19] (Razer Inc) R3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [31912 2014-09-05] (Razer Inc) S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-29 21:41 - 2014-10-29 21:41 - 00000000 ____D () C:\Users\Martin\Desktop\FRST-OlderVersion 2014-10-29 21:39 - 2014-10-29 21:39 - 00002528 _____ () C:\Users\Martin\Desktop\JRT.txt 2014-10-29 21:34 - 2014-10-29 21:34 - 00000000 ____D () C:\Windows\ERUNT 2014-10-29 21:01 - 2014-10-29 21:01 - 00014450 _____ () C:\Users\Martin\Desktop\AdwCleaner[S0].txt 2014-10-29 20:56 - 2014-10-29 20:58 - 00000000 ____D () C:\AdwCleaner 2014-10-29 20:56 - 2014-10-29 20:56 - 00013208 _____ () C:\Users\Martin\Desktop\MbAM.txt 2014-10-29 20:22 - 2014-10-29 20:22 - 01706144 _____ (Thisisu) C:\Users\Martin\Desktop\JRT.exe 2014-10-29 20:21 - 2014-10-29 20:21 - 01998336 _____ () C:\Users\Martin\Desktop\AdwCleaner_4.002.exe 2014-10-29 20:18 - 2014-10-29 21:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-29 20:18 - 2014-10-29 20:18 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-10-29 20:18 - 2014-10-29 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-10-29 20:17 - 2014-10-29 20:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-10-29 20:17 - 2014-10-29 20:17 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam-setup-2.0.3.1025.exe 2014-10-29 20:17 - 2014-10-29 20:17 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-29 20:17 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-29 20:17 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-29 20:17 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-28 23:03 - 2014-10-28 23:03 - 00025686 _____ () C:\Users\Martin\Desktop\combofix.txt 2014-10-28 23:02 - 2014-10-28 23:02 - 00025686 _____ () C:\ComboFix.txt 2014-10-28 22:18 - 2014-10-28 23:02 - 00000000 ____D () C:\ComboFix 2014-10-28 22:18 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-10-28 22:18 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-10-28 22:18 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-10-28 22:18 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-10-28 22:18 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-10-28 22:18 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-10-28 22:18 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-10-28 22:18 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-10-28 22:17 - 2014-10-28 23:02 - 00000000 ____D () C:\Qoobox 2014-10-28 22:16 - 2014-10-28 23:00 - 00000000 ____D () C:\Windows\erdnt 2014-10-28 22:04 - 2014-10-28 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-10-28 22:04 - 2014-10-28 22:04 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-10-28 22:00 - 2014-10-28 22:00 - 05591695 ____R (Swearware) C:\Users\Martin\Desktop\ComboFix.exe 2014-10-28 21:51 - 2014-10-28 21:51 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Martin\Downloads\revosetup95.exe 2014-10-28 21:51 - 2014-10-28 21:51 - 00001268 _____ () C:\Users\Martin\Desktop\Revo Uninstaller.lnk 2014-10-28 21:51 - 2014-10-28 21:51 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-10-28 16:51 - 2012-11-07 08:00 - 00058360 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys 2014-10-28 16:50 - 2014-10-28 16:50 - 00009819 _____ () C:\Users\Martin\Desktop\Gmer.txt 2014-10-28 16:30 - 2014-10-28 16:30 - 00032051 _____ () C:\Users\Martin\Desktop\Addition.txt 2014-10-28 16:29 - 2014-10-29 21:41 - 00013625 _____ () C:\Users\Martin\Desktop\FRST.txt 2014-10-28 16:29 - 2014-10-29 21:41 - 00000000 ____D () C:\FRST 2014-10-28 16:29 - 2014-10-28 16:29 - 00000544 _____ () C:\Users\Martin\Desktop\defogger_disable.log 2014-10-28 16:29 - 2014-10-28 16:29 - 00000168 _____ () C:\Users\Martin\defogger_reenable 2014-10-28 16:28 - 2014-10-28 16:28 - 00380416 _____ () C:\Users\Martin\Desktop\Gmer-19357.exe 2014-10-28 16:27 - 2014-10-29 21:41 - 02113536 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe 2014-10-28 16:26 - 2014-10-28 16:26 - 00050477 _____ () C:\Users\Martin\Desktop\Defogger.exe 2014-10-27 23:24 - 2014-10-27 23:24 - 00001286 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk 2014-10-27 23:24 - 2014-10-27 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security 2014-10-27 23:23 - 2014-10-27 23:23 - 32515240 _____ (Panda Security ) C:\Users\Martin\Downloads\PandaCloudCleaner.exe 2014-10-27 21:48 - 2014-10-28 21:48 - 00000065 _____ () C:\Users\Martin\AppData\Roaming\WB.CFG 2014-10-27 20:48 - 2014-10-27 20:48 - 24489269 _____ () C:\Users\Martin\Downloads\setup_free.exe 2014-10-27 20:47 - 2014-10-27 20:47 - 00796616 _____ ( ) C:\Users\Martin\Downloads\Free_Download_Setup.exe 2014-10-27 20:46 - 2014-10-27 20:46 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\rmi 2014-10-27 20:42 - 2014-10-27 20:42 - 00610769 _____ () C:\Users\Martin\Downloads\depends22_x86.zip 2014-10-27 20:30 - 2014-10-27 20:30 - 01125200 _____ () C:\Users\Martin\Downloads\Process Viewer - CHIP-Installer.exe 2014-10-25 22:56 - 2014-10-25 22:56 - 00298576 _____ () C:\Windows\Minidump\102514-25209-01.dmp 2014-10-22 19:59 - 2014-10-22 20:00 - 00000000 ____D () C:\Users\Martin\AppData\Local\Adobe 2014-10-17 15:40 - 2014-10-17 15:40 - 00000000 ____D () C:\ProgramData\Codemasters 2014-10-16 21:03 - 2014-10-16 21:03 - 00000221 _____ () C:\Users\Martin\Desktop\GRID 2.url 2014-10-15 18:11 - 2014-10-15 18:11 - 01467128 _____ () C:\Users\Martin\Downloads\SystemCheck_deDE.exe 2014-10-15 04:42 - 2014-10-15 04:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET 2014-10-15 04:28 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-15 04:28 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-15 04:28 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-15 04:28 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-15 04:28 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-15 04:28 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-15 04:28 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-15 04:27 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-10-15 04:27 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-10-15 04:27 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-10-15 04:27 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-15 04:27 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-15 04:27 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-15 04:27 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-15 04:27 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-15 04:27 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-15 04:27 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-15 04:27 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-15 04:27 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-15 04:27 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-15 04:27 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-15 04:27 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-15 04:27 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-15 04:27 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-15 04:27 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-15 04:27 - 2014-08-19 04:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2014-10-15 04:27 - 2014-08-19 04:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2014-10-15 04:27 - 2014-08-19 04:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2014-10-15 04:27 - 2014-08-19 04:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2014-10-15 04:27 - 2014-08-19 04:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2014-10-15 04:27 - 2014-08-19 04:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2014-10-15 04:27 - 2014-08-19 04:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2014-10-15 04:27 - 2014-08-19 04:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2014-10-15 04:27 - 2014-08-19 04:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2014-10-15 04:27 - 2014-08-19 04:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2014-10-15 04:27 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2014-10-15 04:27 - 2014-08-19 03:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2014-10-15 04:27 - 2014-08-19 03:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2014-10-15 04:27 - 2014-07-07 03:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-10-15 04:27 - 2014-07-07 03:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2014-10-15 04:27 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-10-15 04:27 - 2014-07-07 03:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-10-15 04:27 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-10-15 04:27 - 2014-07-07 03:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2014-10-15 04:27 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2014-10-15 04:27 - 2014-07-07 03:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-10-15 04:27 - 2014-07-07 03:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2014-10-15 04:27 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-10-15 04:27 - 2014-07-07 02:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2014-10-15 04:27 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2014-10-15 04:27 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2014-10-15 04:27 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2014-10-15 04:27 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-10-15 04:27 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-10-15 04:27 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2014-10-15 04:27 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2014-10-15 04:27 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2014-10-15 04:27 - 2014-06-28 01:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2014-10-15 04:27 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2014-10-15 04:27 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2014-10-15 04:26 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-15 04:26 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-15 04:26 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-15 04:26 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-15 04:26 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-15 04:26 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-15 04:26 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-15 04:26 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-15 04:26 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-15 04:26 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-15 04:26 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-15 04:26 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-15 04:26 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-15 04:26 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-15 04:26 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-15 04:26 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-15 04:26 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-15 04:26 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-15 04:26 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-15 04:26 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-15 04:26 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-15 04:26 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-15 04:26 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-15 04:26 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-15 04:26 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-15 04:26 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-15 04:26 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-15 04:26 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-15 04:26 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-15 04:26 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-15 04:26 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-15 04:26 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-15 04:26 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-15 04:26 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-15 04:26 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-15 04:26 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-15 04:26 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-15 04:26 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-15 04:26 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-15 04:26 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-15 04:26 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-15 04:25 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-15 04:25 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-15 04:25 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-15 04:25 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-15 04:25 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-10-15 04:25 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-15 04:25 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-15 04:25 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-15 04:25 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-15 04:25 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-15 04:25 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-15 04:25 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-15 04:25 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-15 04:25 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-15 04:25 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-15 04:25 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-15 04:24 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-15 04:24 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-15 04:24 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-15 04:24 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-09 18:04 - 2014-10-09 18:04 - 00000222 _____ () C:\Users\Martin\Desktop\7 Days to Die.url 2014-10-05 17:53 - 2014-10-09 18:10 - 00175136 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe 2014-10-04 03:12 - 2014-10-04 03:12 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2014-10-04 03:10 - 2014-10-04 03:17 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Origin 2014-10-04 03:10 - 2014-10-04 03:12 - 00000000 ____D () C:\Users\Martin\AppData\Local\Origin 2014-10-04 03:07 - 2014-10-16 18:59 - 00000000 ____D () C:\ProgramData\Origin 2014-10-04 03:07 - 2014-10-16 17:54 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-10-04 03:07 - 2014-10-04 03:07 - 00000983 _____ () C:\Users\Public\Desktop\Origin.lnk 2014-10-04 03:07 - 2014-10-04 03:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2014-10-04 03:07 - 2014-10-04 03:07 - 00000000 ____D () C:\ProgramData\Electronic Arts 2014-10-04 03:06 - 2014-10-04 03:06 - 17088592 _____ (Electronic Arts, Inc.) C:\Users\Martin\Downloads\OriginThinSetup.exe 2014-10-04 03:03 - 2014-10-04 03:04 - 01101648 _____ () C:\Users\Martin\Downloads\Origin EA Download Manager - CHIP-Installer.exe 2014-10-03 20:57 - 2014-10-03 20:57 - 00001298 _____ () C:\Users\Martin\Desktop\iw3mp - Verknüpfung.lnk 2014-10-03 20:35 - 2014-10-03 20:35 - 00000331 _____ () C:\Windows\game.ini 2014-10-03 20:35 - 2014-10-03 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision 2014-10-03 20:30 - 2014-10-03 20:30 - 00000000 ____D () C:\Program Files (x86)\Activision 2014-10-03 00:29 - 2014-10-03 00:29 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Wargaming.net 2014-10-02 22:23 - 2014-10-02 22:23 - 00000769 _____ () C:\Users\Public\Desktop\World of Tanks.lnk 2014-10-02 22:23 - 2014-10-02 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks 2014-10-02 22:23 - 2014-10-02 22:23 - 00000000 ____D () C:\Games 2014-10-02 22:22 - 2014-10-02 22:22 - 05965584 _____ (Wargaming.net ) C:\Users\Martin\Downloads\WoT_internet_install_eu(1).exe 2014-10-01 17:16 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-10-01 17:16 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-09-30 06:32 - 2014-09-30 06:32 - 00901632 _____ (Razer Inc) C:\Windows\SysWOW64\rzdevicedll.dll 2014-09-30 06:32 - 2014-09-30 06:32 - 00419840 _____ (Razer Inc) C:\Windows\SysWOW64\rzaudiodll.dll 2014-09-29 18:22 - 2014-09-29 18:22 - 00000222 _____ () C:\Users\Martin\Desktop\The Room.url ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-29 21:41 - 2013-09-09 16:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-29 21:35 - 2013-09-27 19:58 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\uTorrent 2014-10-29 21:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-29 21:34 - 2013-10-12 18:52 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-10-29 21:33 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-29 21:30 - 2013-09-08 20:22 - 01924189 _____ () C:\Windows\WindowsUpdate.log 2014-10-29 21:20 - 2014-06-09 16:13 - 00000000 ____D () C:\Users\Martin\AppData\Local\LogMeIn Hamachi 2014-10-29 21:19 - 2013-09-10 06:58 - 00000239 _____ () C:\service.log 2014-10-29 21:18 - 2013-09-10 06:57 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys 2014-10-29 21:18 - 2009-07-14 05:51 - 00175829 _____ () C:\Windows\setupact.log 2014-10-29 21:17 - 2013-09-09 13:17 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-10-29 20:59 - 2010-11-21 04:47 - 00202758 _____ () C:\Windows\PFRO.log 2014-10-29 20:58 - 2013-09-08 21:30 - 00000997 _____ () C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-10-29 20:32 - 2013-09-27 20:59 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\TS3Client 2014-10-28 22:52 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-10-28 16:29 - 2013-09-08 21:30 - 00000000 ____D () C:\Users\Martin 2014-10-28 07:10 - 2009-07-14 05:45 - 00027920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-28 07:10 - 2009-07-14 05:45 - 00027920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-28 06:27 - 2011-04-12 08:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat 2014-10-28 06:27 - 2011-04-12 08:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat 2014-10-28 06:27 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-27 23:24 - 2013-09-10 08:30 - 00000000 ____D () C:\Program Files (x86)\Panda Security 2014-10-26 22:54 - 2013-09-27 21:31 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\vlc 2014-10-25 22:56 - 2013-09-29 18:33 - 377677778 _____ () C:\Windows\MEMORY.DMP 2014-10-25 22:56 - 2013-09-29 18:33 - 00000000 ____D () C:\Windows\Minidump 2014-10-25 22:43 - 2014-08-27 18:49 - 00000000 ____D () C:\Users\Martin\AppData\Local\Battle.net 2014-10-25 19:03 - 2014-08-27 18:49 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-10-22 20:00 - 2013-09-09 16:48 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-10-22 20:00 - 2013-09-09 16:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-10-22 20:00 - 2013-09-09 16:48 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-10-20 16:40 - 2014-06-22 14:22 - 00122060 _____ () C:\Windows\DPINST.LOG 2014-10-18 11:27 - 2013-11-17 17:17 - 00000000 ____D () C:\Users\Martin\Documents\My Games 2014-10-18 01:43 - 2014-03-26 13:18 - 00000000 ____D () C:\Program Files\Warcraft III 2014-10-16 17:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-10-15 14:21 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-10-15 14:17 - 2009-07-14 05:45 - 00462400 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-15 14:15 - 2014-05-06 22:08 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-15 14:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-10-15 14:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-10-15 04:45 - 2013-10-19 13:15 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-15 04:41 - 2013-09-09 13:23 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-15 04:39 - 2013-09-09 13:23 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-03 23:58 - 2014-03-31 21:21 - 00000000 ____D () C:\Users\Martin\AppData\Local\Arma 3 2014-10-03 20:43 - 2013-09-09 17:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-10-03 20:35 - 2013-11-17 17:16 - 00376004 _____ () C:\Windows\DirectX.log 2014-10-02 22:23 - 2014-06-04 19:15 - 00000000 ____D () C:\Windows\SysWOW64\directx 2014-10-02 14:53 - 2010-11-21 04:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-09-29 18:26 - 2014-03-27 02:28 - 00000000 ____D () C:\ProgramData\Package Cache Some content of TEMP: ==================== C:\Users\Martin\AppData\Local\Temp\Quarantine.exe C:\Users\Martin\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-27 19:36 ==================== End Of Log ============================ |
|
30.10.2014, 17:08
| #6 |
| /// the machine /// TB-Ausbilder | WIN7:CI.A - sehr langsam/diverse abstürze von programmen/explorer.exe absturzESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> WIN7:CI.A - sehr langsam/diverse abstürze von programmen/explorer.exe absturz |
|
30.10.2014, 21:44
| #7 |
| | WIN7:CI.A - sehr langsam/diverse abstürze von programmen/explorer.exe absturz Beim Starten wurde mir der Windows ladebildschirm im Martix style angzeigt und ist dann eingefrohren. Beim 2ten Versuch hat es dann 7 min gedauert bis man etwas am PC machen konnte. Sobald Windows hochgefahren ist stürzt die explorer.exe ab. Der Download von SecurityCheck ist fehlgeschlagen da Panda gleich anzeigt Virus gefunden in der Datei. Ich würde gerne mal wissen ob wir gerade den CI.A Trojaner bekämpfen oder was wir generell da anstellen? Wenn die Frage erlaubt ist. ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8720711c82a2c64e83b6a9a05b3d4ca7
# engine=20855
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-30 07:25:19
# local_time=2014-10-30 08:25:19 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Panda Cloud Antivirus'
# compatibility_mode=1552 16777213 75 93 7115134 200896693 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 88237 166326969 0 0
# scanned=114598
# found=0
# cleaned=0
# scan_time=7847
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-10-2014 01 Ran by Martin (administrator) on MARTIN-PC on 30-10-2014 20:58:25 Running from C:\Users\Martin\Desktop Loaded Profile: Martin (Available profiles: Martin) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe () C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\WAC\PSANHost.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\WAC\PSUAService.exe (Panda Security International) C:\Program Files (x86)\Panda Security\WaAgent\WAHost\WAHost.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\WAC\PSUAMain.exe (TeamSpeak Systems GmbH) C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-09-29] (Razer Inc.) HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\WAC\PSUAMain.exe [32736 2013-10-17] (Panda Security, S.L.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-10-27] (LogMeIn Inc.) HKU\S-1-5-21-1109166967-4130222996-3088973447-1000\...\Run: [uTorrent] => C:\Users\Martin\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-29] (BitTorrent Inc.) HKU\S-1-5-21-1109166967-4130222996-3088973447-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1938624 2014-10-21] (Valve Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x620F02B56AADCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab FireFox: ======== FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Astro New Tab - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9dsc0osl.default\Extensions\{f2548724-373f-45fe-be6a-3a85e87b7711}.xpi [2014-10-27] Chrome: ======= CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2010-11-21] (Microsoft Corporation) [File not signed] S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-10-09] (EasyAntiCheat Ltd) R2 FoxitCloudUpdateService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation) R2 GEST Service; C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [68136 2009-12-02] () R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-10-21] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\WAC\PSANHost.exe [140768 2013-12-20] (Panda Security, S.L.) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3191392 2014-05-15] (INCA Internet Co., Ltd.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-30] () R2 PSUAService; C:\Program Files (x86)\Panda Security\WAC\PSUAService.exe [37344 2013-10-17] (Panda Security, S.L.) R2 WAHost; C:\Program Files (x86)\Panda Security\WaAgent\WAHost\WAHost.exe [558840 2014-06-25] (Panda Security International) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-22] (Disc Soft Ltd) R2 dvctprov; C:\Windows\System32\DRIVERS\dvctprov.sys [105704 2013-08-30] (Panda Security, S.L.) S3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech) S3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech) R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.) S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-30] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93440 2014-01-22] (Panda Security, S.L.) R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [124160 2014-01-16] (Panda Security, S.L.) R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110624 2014-02-26] (Panda Security, S.L.) R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116480 2014-01-16] (Panda Security, S.L.) R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [43752 2013-12-22] (Panda Security, S.L.) R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [97024 2014-01-16] (Panda Security, S.L.) R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [71424 2014-01-16] (Panda Security, S.L.) R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [127744 2014-01-22] (Panda Security, S.L.) R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [307456 2014-02-24] (Panda Security, S.L.) R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [123648 2014-01-16] (Panda Security, S.L.) R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [116992 2014-01-16] (Panda Security, S.L.) R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [259328 2014-02-24] (Panda Security, S.L.) R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109824 2014-01-22] (Panda Security, S.L.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [170752 2014-01-17] (Panda Security, S.L.) R0 PSINDvct; C:\Windows\System32\DRIVERS\PSINDvct.sys [53480 2013-08-30] (Panda Security, S.L.) R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [124160 2014-01-17] (Panda Security, S.L.) R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [207616 2014-01-26] (Panda Security, S.L.) R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [126208 2014-01-17] (Panda Security, S.L.) R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [139520 2014-01-17] (Panda Security, S.L.) U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [58360 2012-11-07] (Panda Security, S.L.) R3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [39080 2014-05-19] (Razer Inc) R3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [31912 2014-09-05] (Razer Inc) S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-30 18:12 - 2014-10-30 18:12 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-10-30 18:08 - 2014-10-30 18:08 - 02347384 _____ (ESET) C:\Users\Martin\Desktop\esetsmartinstaller_deu.exe 2014-10-30 17:34 - 2012-11-07 08:00 - 00058360 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys 2014-10-29 21:42 - 2014-10-29 21:42 - 00046447 _____ () C:\Users\Martin\Desktop\FRST2.txt 2014-10-29 21:41 - 2014-10-29 21:41 - 00000000 ____D () C:\Users\Martin\Desktop\FRST-OlderVersion 2014-10-29 21:39 - 2014-10-29 21:39 - 00002528 _____ () C:\Users\Martin\Desktop\JRT.txt 2014-10-29 21:34 - 2014-10-29 21:34 - 00000000 ____D () C:\Windows\ERUNT 2014-10-29 21:01 - 2014-10-29 21:01 - 00014450 _____ () C:\Users\Martin\Desktop\AdwCleaner[S0].txt 2014-10-29 20:56 - 2014-10-29 20:58 - 00000000 ____D () C:\AdwCleaner 2014-10-29 20:56 - 2014-10-29 20:56 - 00013208 _____ () C:\Users\Martin\Desktop\MbAM.txt 2014-10-29 20:22 - 2014-10-29 20:22 - 01706144 _____ (Thisisu) C:\Users\Martin\Desktop\JRT.exe 2014-10-29 20:21 - 2014-10-29 20:21 - 01998336 _____ () C:\Users\Martin\Desktop\AdwCleaner_4.002.exe 2014-10-29 20:18 - 2014-10-30 20:35 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-29 20:18 - 2014-10-29 20:18 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-10-29 20:18 - 2014-10-29 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-10-29 20:17 - 2014-10-29 20:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-10-29 20:17 - 2014-10-29 20:17 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam-setup-2.0.3.1025.exe 2014-10-29 20:17 - 2014-10-29 20:17 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-29 20:17 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-29 20:17 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-29 20:17 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-28 23:03 - 2014-10-28 23:03 - 00025686 _____ () C:\Users\Martin\Desktop\combofix.txt 2014-10-28 23:02 - 2014-10-28 23:02 - 00025686 _____ () C:\ComboFix.txt 2014-10-28 22:18 - 2014-10-28 23:02 - 00000000 ____D () C:\ComboFix 2014-10-28 22:18 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-10-28 22:18 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-10-28 22:18 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-10-28 22:18 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-10-28 22:18 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-10-28 22:18 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-10-28 22:18 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-10-28 22:18 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-10-28 22:17 - 2014-10-28 23:02 - 00000000 ____D () C:\Qoobox 2014-10-28 22:16 - 2014-10-28 23:00 - 00000000 ____D () C:\Windows\erdnt 2014-10-28 22:04 - 2014-10-28 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-10-28 22:04 - 2014-10-28 22:04 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-10-28 22:00 - 2014-10-28 22:00 - 05591695 ____R (Swearware) C:\Users\Martin\Desktop\ComboFix.exe 2014-10-28 21:51 - 2014-10-28 21:51 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Martin\Downloads\revosetup95.exe 2014-10-28 21:51 - 2014-10-28 21:51 - 00001268 _____ () C:\Users\Martin\Desktop\Revo Uninstaller.lnk 2014-10-28 21:51 - 2014-10-28 21:51 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-10-28 16:50 - 2014-10-28 16:50 - 00009819 _____ () C:\Users\Martin\Desktop\Gmer.txt 2014-10-28 16:30 - 2014-10-28 16:30 - 00032051 _____ () C:\Users\Martin\Desktop\Addition.txt 2014-10-28 16:29 - 2014-10-30 21:07 - 00013762 _____ () C:\Users\Martin\Desktop\FRST.txt 2014-10-28 16:29 - 2014-10-30 21:00 - 00000000 ____D () C:\FRST 2014-10-28 16:29 - 2014-10-28 16:29 - 00000544 _____ () C:\Users\Martin\Desktop\defogger_disable.log 2014-10-28 16:29 - 2014-10-28 16:29 - 00000168 _____ () C:\Users\Martin\defogger_reenable 2014-10-28 16:28 - 2014-10-28 16:28 - 00380416 _____ () C:\Users\Martin\Desktop\Gmer-19357.exe 2014-10-28 16:27 - 2014-10-29 21:41 - 02113536 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe 2014-10-28 16:26 - 2014-10-28 16:26 - 00050477 _____ () C:\Users\Martin\Desktop\Defogger.exe 2014-10-27 23:24 - 2014-10-27 23:24 - 00001286 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk 2014-10-27 23:24 - 2014-10-27 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security 2014-10-27 23:23 - 2014-10-27 23:23 - 32515240 _____ (Panda Security ) C:\Users\Martin\Downloads\PandaCloudCleaner.exe 2014-10-27 21:48 - 2014-10-28 21:48 - 00000065 _____ () C:\Users\Martin\AppData\Roaming\WB.CFG 2014-10-27 20:48 - 2014-10-27 20:48 - 24489269 _____ () C:\Users\Martin\Downloads\setup_free.exe 2014-10-27 20:47 - 2014-10-27 20:47 - 00796616 _____ ( ) C:\Users\Martin\Downloads\Free_Download_Setup.exe 2014-10-27 20:46 - 2014-10-27 20:46 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\rmi 2014-10-27 20:42 - 2014-10-27 20:42 - 00610769 _____ () C:\Users\Martin\Downloads\depends22_x86.zip 2014-10-27 20:30 - 2014-10-27 20:30 - 01125200 _____ () C:\Users\Martin\Downloads\Process Viewer - CHIP-Installer.exe 2014-10-25 22:56 - 2014-10-25 22:56 - 00298576 _____ () C:\Windows\Minidump\102514-25209-01.dmp 2014-10-22 19:59 - 2014-10-22 20:00 - 00000000 ____D () C:\Users\Martin\AppData\Local\Adobe 2014-10-17 15:40 - 2014-10-17 15:40 - 00000000 ____D () C:\ProgramData\Codemasters 2014-10-16 21:03 - 2014-10-16 21:03 - 00000221 _____ () C:\Users\Martin\Desktop\GRID 2.url 2014-10-15 18:11 - 2014-10-15 18:11 - 01467128 _____ () C:\Users\Martin\Downloads\SystemCheck_deDE.exe 2014-10-15 04:42 - 2014-10-15 04:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET 2014-10-15 04:28 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-15 04:28 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-15 04:28 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-15 04:28 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-15 04:28 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-15 04:28 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-15 04:28 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-15 04:27 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-10-15 04:27 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-10-15 04:27 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-10-15 04:27 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-15 04:27 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-15 04:27 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-15 04:27 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-15 04:27 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-15 04:27 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-15 04:27 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-15 04:27 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-15 04:27 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-15 04:27 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-15 04:27 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-15 04:27 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-15 04:27 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-15 04:27 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-15 04:27 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-15 04:27 - 2014-08-19 04:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2014-10-15 04:27 - 2014-08-19 04:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2014-10-15 04:27 - 2014-08-19 04:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2014-10-15 04:27 - 2014-08-19 04:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2014-10-15 04:27 - 2014-08-19 04:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2014-10-15 04:27 - 2014-08-19 04:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2014-10-15 04:27 - 2014-08-19 04:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2014-10-15 04:27 - 2014-08-19 04:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2014-10-15 04:27 - 2014-08-19 04:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2014-10-15 04:27 - 2014-08-19 04:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2014-10-15 04:27 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2014-10-15 04:27 - 2014-08-19 03:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2014-10-15 04:27 - 2014-08-19 03:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2014-10-15 04:27 - 2014-07-07 03:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-10-15 04:27 - 2014-07-07 03:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2014-10-15 04:27 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-10-15 04:27 - 2014-07-07 03:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-10-15 04:27 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-10-15 04:27 - 2014-07-07 03:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2014-10-15 04:27 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2014-10-15 04:27 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2014-10-15 04:27 - 2014-07-07 03:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-10-15 04:27 - 2014-07-07 03:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2014-10-15 04:27 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-10-15 04:27 - 2014-07-07 02:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2014-10-15 04:27 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2014-10-15 04:27 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2014-10-15 04:27 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2014-10-15 04:27 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2014-10-15 04:27 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-10-15 04:27 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-10-15 04:27 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2014-10-15 04:27 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2014-10-15 04:27 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2014-10-15 04:27 - 2014-06-28 01:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2014-10-15 04:27 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2014-10-15 04:27 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2014-10-15 04:26 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-15 04:26 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-15 04:26 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-15 04:26 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-15 04:26 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-15 04:26 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-15 04:26 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-15 04:26 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-15 04:26 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-15 04:26 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-15 04:26 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-15 04:26 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-15 04:26 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-15 04:26 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-15 04:26 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-15 04:26 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-15 04:26 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-15 04:26 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-15 04:26 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-15 04:26 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-15 04:26 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-15 04:26 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-15 04:26 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-15 04:26 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-15 04:26 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-15 04:26 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-15 04:26 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-15 04:26 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-15 04:26 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-15 04:26 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-15 04:26 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-15 04:26 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-15 04:26 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-15 04:26 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-15 04:26 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-15 04:26 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-15 04:26 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-15 04:26 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-15 04:26 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-15 04:26 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-15 04:26 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-15 04:25 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-15 04:25 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-15 04:25 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-15 04:25 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-15 04:25 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-10-15 04:25 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-15 04:25 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-15 04:25 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-15 04:25 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-15 04:25 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-15 04:25 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-15 04:25 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-15 04:25 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-15 04:25 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-15 04:25 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-15 04:25 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-15 04:24 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-15 04:24 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-15 04:24 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-15 04:24 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-09 18:04 - 2014-10-09 18:04 - 00000222 _____ () C:\Users\Martin\Desktop\7 Days to Die.url 2014-10-05 17:53 - 2014-10-09 18:10 - 00175136 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe 2014-10-04 03:12 - 2014-10-04 03:12 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2014-10-04 03:10 - 2014-10-04 03:17 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Origin 2014-10-04 03:10 - 2014-10-04 03:12 - 00000000 ____D () C:\Users\Martin\AppData\Local\Origin 2014-10-04 03:07 - 2014-10-16 18:59 - 00000000 ____D () C:\ProgramData\Origin 2014-10-04 03:07 - 2014-10-16 17:54 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-10-04 03:07 - 2014-10-04 03:07 - 00000983 _____ () C:\Users\Public\Desktop\Origin.lnk 2014-10-04 03:07 - 2014-10-04 03:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2014-10-04 03:07 - 2014-10-04 03:07 - 00000000 ____D () C:\ProgramData\Electronic Arts 2014-10-04 03:06 - 2014-10-04 03:06 - 17088592 _____ (Electronic Arts, Inc.) C:\Users\Martin\Downloads\OriginThinSetup.exe 2014-10-04 03:03 - 2014-10-04 03:04 - 01101648 _____ () C:\Users\Martin\Downloads\Origin EA Download Manager - CHIP-Installer.exe 2014-10-03 20:57 - 2014-10-03 20:57 - 00001298 _____ () C:\Users\Martin\Desktop\iw3mp - Verknüpfung.lnk 2014-10-03 20:35 - 2014-10-03 20:35 - 00000331 _____ () C:\Windows\game.ini 2014-10-03 20:35 - 2014-10-03 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision 2014-10-03 20:30 - 2014-10-03 20:30 - 00000000 ____D () C:\Program Files (x86)\Activision 2014-10-03 00:29 - 2014-10-03 00:29 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Wargaming.net 2014-10-02 22:23 - 2014-10-02 22:23 - 00000769 _____ () C:\Users\Public\Desktop\World of Tanks.lnk 2014-10-02 22:23 - 2014-10-02 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks 2014-10-02 22:23 - 2014-10-02 22:23 - 00000000 ____D () C:\Games 2014-10-02 22:22 - 2014-10-02 22:22 - 05965584 _____ (Wargaming.net ) C:\Users\Martin\Downloads\WoT_internet_install_eu(1).exe 2014-10-01 17:16 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-10-01 17:16 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-09-30 06:32 - 2014-09-30 06:32 - 00901632 _____ (Razer Inc) C:\Windows\SysWOW64\rzdevicedll.dll 2014-09-30 06:32 - 2014-09-30 06:32 - 00419840 _____ (Razer Inc) C:\Windows\SysWOW64\rzaudiodll.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-30 21:09 - 2013-09-27 20:59 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\TS3Client 2014-10-30 20:42 - 2014-06-09 16:13 - 00000000 ____D () C:\Users\Martin\AppData\Local\LogMeIn Hamachi 2014-10-30 20:41 - 2013-09-09 16:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-30 19:06 - 2013-10-12 18:52 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-10-30 18:04 - 2013-09-27 19:58 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\uTorrent 2014-10-30 17:49 - 2013-09-08 20:22 - 01943059 _____ () C:\Windows\WindowsUpdate.log 2014-10-30 17:34 - 2013-09-10 06:58 - 00000239 _____ () C:\service.log 2014-10-30 17:33 - 2009-07-14 05:51 - 00175997 _____ () C:\Windows\setupact.log 2014-10-30 17:32 - 2013-09-10 06:57 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys 2014-10-30 17:32 - 2013-09-09 13:17 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-10-30 17:32 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-29 21:33 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-29 20:59 - 2010-11-21 04:47 - 00202758 _____ () C:\Windows\PFRO.log 2014-10-29 20:58 - 2013-09-08 21:30 - 00000997 _____ () C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-10-28 22:52 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-10-28 16:29 - 2013-09-08 21:30 - 00000000 ____D () C:\Users\Martin 2014-10-28 07:10 - 2009-07-14 05:45 - 00027920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-28 07:10 - 2009-07-14 05:45 - 00027920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-28 06:27 - 2011-04-12 08:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat 2014-10-28 06:27 - 2011-04-12 08:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat 2014-10-28 06:27 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-27 23:24 - 2013-09-10 08:30 - 00000000 ____D () C:\Program Files (x86)\Panda Security 2014-10-26 22:54 - 2013-09-27 21:31 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\vlc 2014-10-25 22:56 - 2013-09-29 18:33 - 377677778 _____ () C:\Windows\MEMORY.DMP 2014-10-25 22:56 - 2013-09-29 18:33 - 00000000 ____D () C:\Windows\Minidump 2014-10-25 22:43 - 2014-08-27 18:49 - 00000000 ____D () C:\Users\Martin\AppData\Local\Battle.net 2014-10-25 19:03 - 2014-08-27 18:49 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-10-22 20:00 - 2013-09-09 16:48 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-10-22 20:00 - 2013-09-09 16:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-10-22 20:00 - 2013-09-09 16:48 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-10-20 16:40 - 2014-06-22 14:22 - 00122060 _____ () C:\Windows\DPINST.LOG 2014-10-18 11:27 - 2013-11-17 17:17 - 00000000 ____D () C:\Users\Martin\Documents\My Games 2014-10-18 01:43 - 2014-03-26 13:18 - 00000000 ____D () C:\Program Files\Warcraft III 2014-10-16 17:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-10-15 14:21 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-10-15 14:17 - 2009-07-14 05:45 - 00462400 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-15 14:15 - 2014-05-06 22:08 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-15 14:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-10-15 14:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-10-15 04:45 - 2013-10-19 13:15 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-15 04:41 - 2013-09-09 13:23 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-15 04:39 - 2013-09-09 13:23 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-03 23:58 - 2014-03-31 21:21 - 00000000 ____D () C:\Users\Martin\AppData\Local\Arma 3 2014-10-03 20:43 - 2013-09-09 17:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-10-03 20:35 - 2013-11-17 17:16 - 00376004 _____ () C:\Windows\DirectX.log 2014-10-02 22:23 - 2014-06-04 19:15 - 00000000 ____D () C:\Windows\SysWOW64\directx 2014-10-02 14:53 - 2010-11-21 04:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe Some content of TEMP: ==================== C:\Users\Martin\AppData\Local\Temp\Quarantine.exe C:\Users\Martin\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-27 19:36 ==================== End Of Log ============================ --- --- --- |
|
31.10.2014, 13:59
| #8 |
| /// the machine /// TB-Ausbilder | WIN7:CI.A - sehr langsam/diverse abstürze von programmen/explorer.exe absturz Wir haben jede menge Adware entfernt. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
31.10.2014, 17:08
| #9 |
| | WIN7:CI.A - sehr langsam/diverse abstürze von programmen/explorer.exe absturz Alles erledigt läuft wieder sauber. Danke |
|
01.11.2014, 12:22
| #10 |
| /// the machine /// TB-Ausbilder | WIN7:CI.A - sehr langsam/diverse abstürze von programmen/explorer.exe absturz Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
