| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Hohe CPU Auslastung durch svchost.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.11.2014, 18:12
| #1 |
| |  Hohe CPU Auslastung durch svchost.exe Hallo, ich habe aktuell das Problem, dass die Internet/Wlan Verbindung dauernd abreisst, wenn ich dazu noch auf youtube etc Videos anschaue, in Foren nach Bildern guck oder FIFA etc spiele unterbricht die Verbindung komplett und bei dem Netzwerk Symbol unten erscheint ein gelbes dreieck mit schwarzem ausrufezeichen. Außerdem ist dann ausgelöst durch die svchost.exe die CPU Auslastung auf 100% und ich kann dann garnichts mehr machen. Auch normal runterfahren geht dann nicht mehr, er hängt sich dann beim Versuch auf und es passiert nichts mehr. mfg Butzi Logfiles laut Anweisung: FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by User (administrator) on USER-PC on 12-11-2014 18:01:05
Running from C:\Users\User\Downloads
Loaded Profile: User (Available profiles: User)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
() C:\Program Files (x86)\SupTab\HpUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\SupTab\Loader64.exe
() C:\Program Files (x86)\SupTab\Loader32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Valve Corporation) D:\Spiele\Steam\Steam.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHLE.EXE
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
() C:\Windows\FixCamera.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) D:\Spiele\Steam\bin\steamwebhelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1234064 2012-10-29] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1743648 2013-06-13] (Wondershare)
HKLM-x32\...\Run: [BrowserPlugInHelper] => C:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe
HKLM-x32\...\Run: [NeroFilterCheck] => C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM-x32\...\Run: [FixCamera] => C:\Windows\FixCamera.exe [20480 2007-02-12] ()
HKU\S-1-5-21-1007545215-1968196755-465143341-1000\...\Run: [Steam] => D:\Spiele\Steam\Steam.exe [1938624 2014-10-21] (Valve Corporation)
HKU\S-1-5-21-1007545215-1968196755-465143341-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE [283232 2014-06-13] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1007545215-1968196755-465143341-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-21-1007545215-1968196755-465143341-1000\...\MountPoints2: {44bffa61-eb1f-11e3-b364-00040eccff36} - G:\LGAutoRun.exe
HKU\S-1-5-21-1007545215-1968196755-465143341-1000\...\MountPoints2: {5430b435-77e6-11e3-aa03-806e6f6e6963} - E:\SETUP.EXE
HKU\S-1-5-21-1007545215-1968196755-465143341-1000\...\MountPoints2: {69ce3da3-0efd-11e4-b8a4-00040eccff36} - G:\LGAutoRun.exe
HKU\S-1-5-21-1007545215-1968196755-465143341-1000\...\MountPoints2: {7788bafd-792f-11e3-b822-74d435099ab9} - F:\pushinst.exe
AppInit_DLLs-x32: c:\progra~2\amazon\amazon~1\\amazon~3.dll => "c:\progra~2\amazon\amazon~1\\amazon~3.dll" File Not Found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1411724605&from=ild&uid=TOSHIBAXDT01ACA100_X3VM63JNSXXX3VM63JNSX
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1411724605&from=ild&uid=TOSHIBAXDT01ACA100_X3VM63JNSXXX3VM63JNSX&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1411724605&from=ild&uid=TOSHIBAXDT01ACA100_X3VM63JNSXXX3VM63JNSX
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1411724605&from=ild&uid=TOSHIBAXDT01ACA100_X3VM63JNSXXX3VM63JNSX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1411724605&from=ild&uid=TOSHIBAXDT01ACA100_X3VM63JNSXXX3VM63JNSX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1411724605&from=ild&uid=TOSHIBAXDT01ACA100_X3VM63JNSXXX3VM63JNSX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1411724605&from=ild&uid=TOSHIBAXDT01ACA100_X3VM63JNSXXX3VM63JNSX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1411724605&from=ild&uid=TOSHIBAXDT01ACA100_X3VM63JNSXXX3VM63JNSX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1411724605&from=ild&uid=TOSHIBAXDT01ACA100_X3VM63JNSXXX3VM63JNSX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1411724605&from=ild&uid=TOSHIBAXDT01ACA100_X3VM63JNSXXX3VM63JNSX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1411724605&from=ild&uid=TOSHIBAXDT01ACA100_X3VM63JNSXXX3VM63JNSX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1411724605&from=ild&uid=TOSHIBAXDT01ACA100_X3VM63JNSXXX3VM63JNSX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1411724605&from=ild&uid=TOSHIBAXDT01ACA100_X3VM63JNSXXX3VM63JNSX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1411724605&from=ild&uid=TOSHIBAXDT01ACA100_X3VM63JNSXXX3VM63JNSX&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1411724605&from=ild&uid=TOSHIBAXDT01ACA100_X3VM63JNSXXX3VM63JNSX&q={searchTerms}
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.110\npchrome_frame.dll (Google Inc.)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.110\npchrome_frame.dll (Google Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\338uba1x.default
FF NewTab: chrome://quick_start/content/index.html
FF Homepage: hxxp://www.istartsurf.com/?type=hp&ts=1411724605&from=ild&uid=TOSHIBAXDT01ACA100_X3VM63JNSXXX3VM63JNSX
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-1007545215-1968196755-465143341-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1007545215-1968196755-465143341-1000: bebomedia.com/OfferMosquitoIEHelper -> C:\Users\User\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\338uba1x.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\338uba1x.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\istartsurf.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\338uba1x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-09]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\338uba1x.default\extensions\faststartff@gmail.com
Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\acejcmjneohmiacdapacdfemdkhnnglj [2014-06-02]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\amldmipnjnhkjjngbfdjcmjfealgfcgi [2014-06-02]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2014-06-02]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljefoakgfhcoeobgicjgejglnpfpemgb [2014-09-26]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mechgkelogghhgmpmbpofjijifdppppl [2014-10-03]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mknacbfjdjpfdbnlbecabncnadihjoib [2014-06-02]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnaelnkmidnndgikjbiifihgklnocljd [2014-10-02]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-09-26] (Cherished Technololgy LIMITED)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2014-03-28] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2014-03-28] (LG Electronics Inc.)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 SaiHFF32; C:\Windows\System32\DRIVERS\SaiHFF32.sys [177536 2007-08-16] (Saitek)
S3 SaiIFF32; C:\Windows\System32\DRIVERS\SaiIFF32.sys [20864 2007-08-16] (Saitek)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [60416 2013-03-02] (Microsoft Corporation)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-12 18:01 - 2014-11-12 18:01 - 00017085 _____ () C:\Users\User\Downloads\FRST.txt
2014-11-12 18:01 - 2014-11-12 18:01 - 00000000 ____D () C:\FRST
2014-11-12 17:55 - 2014-11-12 17:55 - 00380416 _____ () C:\Users\User\Downloads\Gmer-19357.exe
2014-11-12 17:54 - 2014-11-12 17:54 - 02116096 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-11-11 09:15 - 2014-11-11 09:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-05 14:28 - 2014-11-05 14:29 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-05 14:28 - 2014-11-05 14:28 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-05 14:28 - 2014-11-05 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-11-05 14:28 - 2014-11-05 14:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-05 14:28 - 2014-11-05 14:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-11-05 14:28 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-05 14:28 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-05 14:28 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-05 14:24 - 2014-11-05 14:25 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-28 03:14 - 2014-10-28 03:15 - 00292328 _____ () C:\Users\User\Downloads\MediaPlayerClassic_RocketFuelInstaller.exe
2014-10-23 11:13 - 2014-10-23 11:13 - 00000000 ____D () C:\ProgramData\Codemasters
2014-10-23 11:05 - 2014-10-23 11:05 - 00000209 _____ () C:\Users\User\Desktop\F1 2014.url
2014-10-18 06:27 - 2014-10-18 06:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-10-17 07:17 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-17 07:17 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-17 07:17 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-17 07:17 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-17 07:17 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-17 07:17 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-17 07:17 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-17 07:17 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-17 07:17 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-17 07:17 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-17 07:17 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-17 07:17 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-17 07:17 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-17 07:17 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-17 07:17 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-17 07:17 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-17 07:17 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-17 07:17 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-17 07:17 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-17 07:17 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-17 07:17 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-17 07:17 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-17 07:17 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-17 07:17 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-17 07:17 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-17 07:17 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-17 07:17 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-17 07:17 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-17 07:17 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-17 07:17 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-17 07:17 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-17 07:17 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-17 07:17 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-17 07:17 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-17 07:17 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-17 07:17 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-17 07:17 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-17 07:17 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-17 07:17 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-17 07:17 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-17 07:17 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-17 07:17 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-17 07:17 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-17 07:17 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-17 07:17 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-17 07:17 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-17 07:17 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-17 07:17 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-17 07:17 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-17 07:17 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-17 07:17 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-17 07:17 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-17 07:17 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-17 07:17 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-17 07:17 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-17 07:17 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-17 07:16 - 2014-09-29 01:55 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-17 07:16 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-17 07:16 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-17 07:16 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-17 07:16 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-17 07:16 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-17 07:16 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-17 07:11 - 2014-09-11 05:35 - 01463808 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-10-17 07:11 - 2014-09-11 05:35 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-10-17 07:11 - 2014-09-11 05:06 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-10-17 07:11 - 2014-09-11 04:47 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-10-17 07:11 - 2014-09-04 11:23 - 00425472 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-17 07:11 - 2014-09-04 06:06 - 00373248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-17 07:11 - 2014-07-17 03:07 - 01113088 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-17 07:11 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-17 07:11 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-17 07:11 - 2014-07-16 04:23 - 03724800 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-17 07:11 - 2014-07-16 04:23 - 01121280 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-17 07:11 - 2014-07-16 04:23 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-17 07:11 - 2014-07-16 04:23 - 00455680 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-17 07:11 - 2014-07-16 04:23 - 00236032 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-17 07:11 - 2014-07-16 04:23 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-17 07:11 - 2014-07-16 04:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-17 07:11 - 2014-07-16 04:23 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-17 07:11 - 2014-07-16 04:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-17 07:11 - 2014-07-16 03:56 - 03223040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-17 07:11 - 2014-07-16 03:56 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-17 07:11 - 2014-07-16 03:56 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-17 07:11 - 2014-07-16 03:56 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-17 07:11 - 2014-07-16 03:56 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-17 07:11 - 2014-07-16 03:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-17 07:11 - 2014-07-16 03:55 - 01053696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-17 07:11 - 2014-07-16 03:38 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-17 07:09 - 2014-09-13 02:56 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-17 07:09 - 2014-09-13 02:47 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-12 17:57 - 2014-01-07 22:59 - 01758441 _____ () C:\Windows\WindowsUpdate.log
2014-11-12 17:51 - 2011-04-12 08:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-11-12 17:51 - 2011-04-12 08:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-11-12 17:51 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-12 17:45 - 2014-04-10 06:14 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-12 17:45 - 2014-01-08 15:14 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-12 17:45 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-12 17:45 - 2009-07-14 05:51 - 00259986 _____ () C:\Windows\setupact.log
2014-11-12 17:42 - 2014-04-10 06:14 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-12 17:24 - 2014-01-09 14:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-12 15:57 - 2009-07-14 05:45 - 00016832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-12 15:57 - 2009-07-14 05:45 - 00016832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-11 14:15 - 2014-01-09 11:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-10 05:52 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-08 23:45 - 2014-01-09 16:48 - 00000000 ____D () C:\ProgramData\Origin
2014-11-05 20:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-05 20:02 - 2010-11-21 04:47 - 00185008 _____ () C:\Windows\PFRO.log
2014-11-03 16:54 - 2014-09-25 07:56 - 00000000 ____D () C:\Users\User\Documents\FIFA 15
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-26 12:03 - 2014-09-25 07:36 - 00000632 _____ () C:\Users\Public\Desktop\FIFA 15.lnk
2014-10-23 11:13 - 2014-03-28 21:20 - 00000000 ____D () C:\Users\User\Documents\My Games
2014-10-23 11:05 - 2014-01-16 18:52 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-10-23 06:02 - 2014-01-08 16:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-20 18:00 - 2014-02-02 08:57 - 00000049 _____ () C:\Windows\NeroDigital.ini
2014-10-17 18:58 - 2014-09-28 09:32 - 00000000 ____D () C:\Users\User\Desktop\Skylanders Poster
2014-10-17 09:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-17 08:34 - 2009-07-14 05:45 - 00348480 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 08:01 - 2014-01-08 17:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 07:59 - 2014-01-08 17:48 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-16 13:28 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-13 17:02 - 2014-10-12 12:20 - 267121160 _____ (Acresso Software Inc. ) C:\Users\User\Downloads\AS_OMSI-2-ADDON-DREI-GENERATIONEN_UPDATE_V110.exe
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\31566uninstall.exe
C:\Users\User\AppData\Local\Temp\BackupSetup.exe
C:\Users\User\AppData\Local\Temp\DownloadManager.exe
C:\Users\User\AppData\Local\Temp\FastDownload.exe
C:\Users\User\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\User\AppData\Local\Temp\htmlayout.dll
C:\Users\User\AppData\Local\Temp\IMsetup.exe
C:\Users\User\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\User\AppData\Local\Temp\nsc6E8C.exe
C:\Users\User\AppData\Local\Temp\nsd974C.exe
C:\Users\User\AppData\Local\Temp\nse5DDF.exe
C:\Users\User\AppData\Local\Temp\nsi44D7.exe
C:\Users\User\AppData\Local\Temp\nsj8B19.exe
C:\Users\User\AppData\Local\Temp\nso58A0.exe
C:\Users\User\AppData\Local\Temp\nss4256.exe
C:\Users\User\AppData\Local\Temp\nss949C.exe
C:\Users\User\AppData\Local\Temp\nsvFDA5.exe
C:\Users\User\AppData\Local\Temp\nsy8FBB.exe
C:\Users\User\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\User\AppData\Local\Temp\nvStInst.exe
C:\Users\User\AppData\Local\Temp\OptimizerPro.exe
C:\Users\User\AppData\Local\Temp\optprosetup.exe
C:\Users\User\AppData\Local\Temp\paint.net.4.0.install.exe
C:\Users\User\AppData\Local\Temp\plus-hd-7-6.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\RegClean2.exe
C:\Users\User\AppData\Local\Temp\SPSetup.exe
C:\Users\User\AppData\Local\Temp\Sqlite3.dll
C:\Users\User\AppData\Local\Temp\SSStub_Somo_SpeedyPC.exe
C:\Users\User\AppData\Local\Temp\tmd_34019546.exe
C:\Users\User\AppData\Local\Temp\toolbar5642821.exe
C:\Users\User\AppData\Local\Temp\toolbar5642836.exe
C:\Users\User\AppData\Local\Temp\toolbar5649295.exe
C:\Users\User\AppData\Local\Temp\toolbar5680058.exe
C:\Users\User\AppData\Local\Temp\toolbar5712007.exe
C:\Users\User\AppData\Local\Temp\uninstall6182491.exe
C:\Users\User\AppData\Local\Temp\uninstall6190930.exe
C:\Users\User\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\User\AppData\Local\Temp\vcredist9_x86.exe
C:\Users\User\AppData\Local\Temp\vcredist_x64.exe
C:\Users\User\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\User\AppData\Local\Temp\VuuPC.exe
C:\Users\User\AppData\Local\Temp\_is9189.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-05 17:12
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014
Ran by User at 2014-11-12 18:01:51
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4Videosoft DVD Creator 5.0.21 (HKLM-x32\...\{D839D338-F027-41a2-9EA9-D9E5830DBF55}_is1) (Version: 5.0.21 - 4Videosoft Studio)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.2.0.3 - Aerosoft)
aerosoft's - OMSI 2 - Drei Generationen (HKLM-x32\...\{C88376AA-BF64-40F4-9AD6-F8A18DA394F2}) (Version: 1.00 - aerosoft)
aerosoft's - OMSI 2 - Hamburg (HKLM-x32\...\{5BF6B590-F7F5-46B5-B5F4-B0CA93423AD6}) (Version: 2.01 - aerosoft)
AMD Catalyst Install Manager (HKLM\...\{120EC191-78F8-CA89-3511-7E90C23F5261}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Ashampoo Burning Studio FREE v.1.12.0 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.12.0 - Ashampoo GmbH & Co. KG)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: - AVM Berlin)
Blender (HKLM\...\Blender) (Version: 2.70a - Blender Foundation)
Creation Master 14.2 (HKLM-x32\...\Creation Master 14_is1) (Version: - FIFA MASTER)
DaViDeo 3 professional (HKLM-x32\...\InstallShield_{9848D9CC-3E60-47F1-86DF-47632DB61005}) (Version: 3.0 - G DATA Software AG)
DaViDeo 3 professional (x32 Version: 3.0 - G DATA Software AG) Hidden
Deluxe Ski Jump 4 (HKLM-x32\...\Deluxe Ski Jump 4_is1) (Version: 1.5.1 - Mediamond Tmi)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.3.0.0 - Electronic Arts)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.0.20140212 - Landesfinanzdirektion Thüringen)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON SX235 Series Printer Uninstall (HKLM\...\EPSON SX235 Series) (Version: - SEIKO EPSON Corporation)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
F1 2014 (HKLM-x32\...\Steam App 226580) (Version: - Codemasters)
FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.10.1213 - Foxit Corporation)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Free YouTube Download version 3.2.44.908 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.44.908 - DVDVideoSoft Ltd.)
Google Chrome Frame (HKLM-x32\...\{4F2EAFFD-6D9A-3804-A77B-5A450D3201F6}) (Version: 65.107.16494 - Google, Inc.)
LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.17.20140521 - LG Electronics)
LG United Mobile Drivers (HKLM-x32\...\{73EAAF2F-9A69-409B-832F-2DCD0371CD44}) (Version: 3.11.3.0 - LG Electronics)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Man Lion's City 2.10 (HKLM-x32\...\Man Lion's City 2.10) (Version: - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nero 6 Ultra Edition (HKLM-x32\...\Nero - Burning Rom!UninstallKey) (Version: - )
NVIDIA 3D Vision Controller-Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OMSI - Der Omnibussimulator (HKLM-x32\...\{9AE850A4-B89D-4875-A159-B1B64D717EFB}) (Version: 1.06 - aerosoft)
OMSI 2 (HKLM-x32\...\Steam App 252530) (Version: - MR-Software GbR)
OMSI 2 FX Version 1.0 (HKLM-x32\...\{A74A4675-0C9B-49EA-AEFF-CB7D132E2D87}_is1) (Version: 1.0 - Thomas Schlichtinger/OmsiSoftware.de)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Solaris Urbino 12 III - Version 2.01 by CNB-Projekts - (HKU\S-1-5-21-1007545215-1968196755-465143341-1000\...\Solaris Urbino 12 III - Version 2.01 by CNB-Projekts -) (Version: - )
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version: - Obsidian Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Unity Web Player (HKU\S-1-5-21-1007545215-1968196755-465143341-1000\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VLC media player 2.0.2 (HKLM-x32\...\VLC media player) (Version: 2.0.2 - VideoLAN)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1007545215-1968196755-465143341-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
==================== Restore Points =========================
21-10-2014 10:38:27 Windows Update
25-10-2014 10:09:06 Windows Update
29-10-2014 14:22:53 Windows Update
01-11-2014 20:05:59 Windows Update
05-11-2014 14:11:09 Windows Update
09-11-2014 09:13:19 Windows Update
12-11-2014 14:06:29 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-01-08 15:21 - 00000921 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {10FE30F6-0953-4353-B437-3A94BD3102EA} - \OMESupervisor No Task File <==== ATTENTION
Task: {1FA93C95-55D7-479F-9744-A15744A3CC70} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-10] (Google Inc.)
Task: {7AE767E9-5CA9-4E5B-9676-27494A8FEF87} - \Fifth No Task File <==== ATTENTION
Task: {85CE4D1E-6F1E-46E7-A5E2-4D85762422E8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {8E848AED-C37B-4BF7-8796-A8DEB2B9D7E5} - \GoforFilesUpdate No Task File <==== ATTENTION
Task: {9996DF25-4365-4EF1-8C6E-8DAED6A83877} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-10] (Google Inc.)
Task: {9DB27EA6-2704-47EF-99B2-2341EE35A6BA} - \FoxTab No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-08-21 11:33 - 2014-09-26 10:43 - 00106376 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll
2014-01-08 15:13 - 2014-09-13 22:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-08-06 12:24 - 2012-08-06 12:24 - 00212480 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-03-05 16:03 - 2012-03-05 16:03 - 00677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-02-16 14:53 - 2012-02-16 14:53 - 03642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2012-08-06 12:24 - 2012-08-06 12:24 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-08-21 11:32 - 2014-09-26 10:43 - 00733576 _____ () C:\Program Files (x86)\SupTab\HpUI.exe
2014-07-16 10:55 - 2014-07-16 10:55 - 00073216 _____ () C:\Program Files (x86)\SupTab\Loader64.exe
2014-07-16 11:16 - 2014-07-16 11:16 - 00064000 _____ () C:\Program Files (x86)\SupTab\Loader32.exe
2014-03-20 16:28 - 2007-02-12 14:50 - 00020480 _____ () C:\Windows\FixCamera.exe
2014-08-21 11:33 - 2014-09-26 10:43 - 00023944 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll
2014-08-29 14:45 - 2014-08-21 19:15 - 01171456 _____ () D:\Spiele\Steam\libavcodec-56.dll
2014-08-29 14:45 - 2014-08-21 19:15 - 00442368 _____ () D:\Spiele\Steam\libavutil-54.dll
2014-08-29 14:45 - 2014-08-21 19:15 - 00332800 _____ () D:\Spiele\Steam\libavresample-2.dll
2013-12-12 14:04 - 2014-10-02 00:16 - 00774656 _____ () D:\Spiele\Steam\SDL2.dll
2014-05-22 05:28 - 2014-10-21 20:22 - 02226880 _____ () D:\Spiele\Steam\video.dll
2014-08-29 14:45 - 2014-08-21 19:15 - 00403968 _____ () D:\Spiele\Steam\libavformat-56.dll
2014-08-29 14:45 - 2014-08-21 19:15 - 00485888 _____ () D:\Spiele\Steam\libswscale-3.dll
2014-01-07 13:00 - 2014-10-21 20:22 - 00682176 _____ () D:\Spiele\Steam\bin\chromehtml.DLL
2014-11-11 09:15 - 2014-11-11 09:16 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-12 14:04 - 2014-09-05 00:29 - 34589376 _____ () D:\Spiele\Steam\bin\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1007545215-1968196755-465143341-500 - Administrator - Disabled)
Gast (S-1-5-21-1007545215-1968196755-465143341-501 - Limited - Disabled)
User (S-1-5-21-1007545215-1968196755-465143341-1000 - Administrator - Enabled) => C:\Users\User
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/12/2014 05:53:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="*",publicKeyToken="436865772d574741",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="*",publicKeyToken="436865772d574741",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (11/12/2014 05:46:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/12/2014 05:45:27 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
Error: (11/12/2014 05:45:27 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
0x800401F9
Error: (11/12/2014 04:48:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/12/2014 04:46:49 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
Error: (11/12/2014 04:46:49 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
0x800401F9
Error: (11/12/2014 03:57:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x501fefb5
Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000033c1
ID des fehlerhaften Prozesses: 0x8cc
Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0
Pfad der fehlerhaften Anwendung: Fuel.Service.exe1
Pfad des fehlerhaften Moduls: Fuel.Service.exe2
Berichtskennung: Fuel.Service.exe3
Error: (11/12/2014 02:55:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/12/2014 02:54:12 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
System errors:
=============
Error: (11/12/2014 05:45:14 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 12.11.2014 um 17:43:33 unerwartet heruntergefahren.
Error: (11/12/2014 03:57:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/12/2014 10:08:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/11/2014 09:16:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/11/2014 01:03:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/11/2014 09:57:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/10/2014 08:59:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/10/2014 06:18:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/10/2014 06:05:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/10/2014 05:52:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-11-12 18:00:52.377
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-12 17:45:27.160
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-12 17:00:10.092
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-12 16:46:48.371
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-12 15:08:22.545
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-12 14:54:11.546
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-12 09:09:57.680
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-12 08:46:02.951
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-11 14:58:03.935
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-11 14:15:59.230
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\user32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: AMD FX(tm)-8120 Eight-Core Processor
Percentage of memory in use: 23%
Total physical RAM: 8152.71 MB
Available physical RAM: 6230.13 MB
Total Pagefile: 16303.6 MB
Available Pagefile: 14135.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:244.04 GB) (Free:138.17 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:687.37 GB) (Free:556.04 GB) NTFS
Drive e: (F1_2014) (CDROM) (Total:4.36 GB) (Free:0 GB) CDFS
Drive f: (HDDRIVE2GO) (Fixed) (Total:931.28 GB) (Free:91.23 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9EF731BF)
Partition 1: (Active) - (Size=244 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=687.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: C2AC2C31)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C)
==================== End Of Log ============================
Gmer Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-12 18:09:32
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000067 TOSHIBA_ rev.MS2O 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys
---- User code sections - GMER 2.1 ----
.text C:\ProgramData\IePluginServices\PluginService.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076641465 2 bytes [64, 76]
.text C:\ProgramData\IePluginServices\PluginService.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766414bb 2 bytes [64, 76]
.text ... * 2
.text D:\Spiele\Steam\Steam.exe[2916] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076641465 2 bytes [64, 76]
.text D:\Spiele\Steam\Steam.exe[2916] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000766414bb 2 bytes [64, 76]
.text ... * 2
.text D:\Spiele\Steam\bin\steamwebhelper.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076641465 2 bytes [64, 76]
.text D:\Spiele\Steam\bin\steamwebhelper.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766414bb 2 bytes [64, 76]
.text ... * 2
---- Processes - GMER 2.1 ----
Library C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5E833629-4251-4C97-893A-3F481FAF5864}\offreg.dll (*** suspicious ***) @ c:\Program Files\Microsoft Security Client\MsMpEng.exe [136](2014-11-12 15:47:47) 000007fee7b40000
Process C:\ProgramData\IePluginServices\PluginService.exe (*** suspicious ***) @ C:\ProgramData\IePluginServices\PluginService.exe [1744] (IePlugin Service/Cherished Technololgy LIMITED)(2014-09-26 09:43:56) 0000000000cf0000
---- EOF - GMER 2.1 ----
|
|
12.11.2014, 18:27
| #2 |
| /// the machine /// TB-Ausbilder    | Hohe CPU Auslastung durch svchost.exe hi,
__________________ProcessExplorer als Ersatz für den Windows Taskmanager installieren Lade Dir den Process Explorer als Ersatz für den Taskmanager herunter und installiere ihn, hier findest Du eine Anleitung. Das ist ein wesentlich leistungsfähigerer Ersatz für den Windows-Taskmanager. Im Menü unter "Options" kannst Du den ProcessExplorer dauerhaft als Ersatz für den Taskmanager einrichten (Replace Taskmanager). Das ist sehr empfehlenswert, weil der ProcessExplorer erheblich mehr Funktionen als der Taskmanager hat. Wenn Du diese Einstellung gemacht hast, öffnet sich mit der Tastenkombination STRG + ALT + Entf. nicht mehr der Taskmanager, sondern der ProcessExplorer. Das kann jederzeit durch Abhaken dieser Einstellung wieder rückgängig gemacht werden. Was wir jetzt konkret brauchen: In jeder Zeile steht ein Prozess, ein paar der Zeilen sind keine richtigen Prozesse, sondern nur Pseudoprozesse für die Tätigkeit des Windos-Kernels. Im Menü View => Select Columns wird ein Dialog geöffnet, in dem Du auswählen kannst, welche Spalten mit Informationen zu den Prozessen angezeigt werden sollen. In dem gehe in das Register "Process Performance" und stelle sicher, dass dort "CPU Usage" angehakt ist, "CPU History" wäre ebenfalls sinnvoll. Unter "CPU Usage" wird der aktuelle Wert der Prozessorauslastung für jeden Prozess angezeigt (im Tabellentitel steht nur kurz "CPU"), "CPU History" blendet für jeden Prozess ein Diagramm ein, das eine Kurve mit der Prozessorauslastung für die letzte Zeit anzeigt. Damit sollte es Dir möglich sein, zu identifizieren, welcher Prozess Deine CPU in Trab hält. Mache einen Doppelklick auf den Prozess. Du kannst von dem ganzen auch einen Screenshot machen und ihn als Anhang mit Deiner Antwort hochladen (auf "Erweitert" unter dem Textfeld klicken und über "Anhänge verwalten" auf Deinem Rechner suchen lassen und über "Hochladen" anhängen).
__________________ |
|
| Themen zu Hohe CPU Auslastung durch svchost.exe |
| auslastung, converter, desktop, dvdvideosoft ltd., excel, fehler, firefox, firefox 33.1, flash player, google, helper, hohe cpu, home, homepage, hängt, iexplore.exe, mozilla, newtab, problem, programm, realtek, registry, scan, security, software, svchost.exe, system, usb, vcredist, windows |
Linear-Darstellung
