| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Extreme Laggs (+1000ms), was ist schuld?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.12.2014, 00:10
| #1 |
 |  Extreme Laggs (+1000ms), was ist schuld? Servus, seit ein paar Wochen habe ich folgendes Problem: Mein Ping steigt unregelmäßig auf über +1000 ms an, ohne ersichtlichen Grund. Laut Telekom kommen bei mir trotzdem stabil ~6500 kbits an, was ich zwar nicht glaube, aber die Problemsuche vielleicht ein wenig eingrenzt. Hinzu kommt das sich keiner außer mir im Netzwerk befindet & das Wlan außgeschaltet ist. Desweiteren: - Netzwerkauslastung ist immer unter 1% - Alle Treiber, Win sind auf dem aktuellsten Stand - Es laufen nur die Win Prozesse, Steam, CS:GO - Firmware am Router ist auch aktuell - Zum Zeitpunkt des Highpings, gibt ein Ping in der CMD auch ein sehr hohes Ergebis aus (~600-1000 ms) Mein PC: CPU: AMD FX-8150 (8x4,1 Ghz) Graphic: Sapphire HD 7870 OC Mainboard: AsRock 970 Extreme 4 Monitor: BenQ XL2411Z Internet: - Telekom 6000 DSL - Speedport W 723V - Firmware 1.36.000 Hoffe jemand kann mir helfen |
|
17.12.2014, 18:37
| #2 |
| /// the machine /// TB-Ausbilder    | Extreme Laggs (+1000ms), was ist schuld? hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
17.12.2014, 21:02
| #3 |
| | Extreme Laggs (+1000ms), was ist schuld? FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014 Ran by Chruso (administrator) on CHRUSO-PC on 17-12-2014 20:59:36 Running from C:\Users\Chruso\Downloads Loaded Profiles: Chruso (Available profiles: Chruso) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe () C:\Program Files\EslWire\service\WireHelperSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe (Valve Corporation) E:\Steam\Steam.exe (Spotify Ltd) C:\Users\Chruso\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) C:\Users\Chruso\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Turtle Entertainment GmbH) C:\Program Files\EslWire\wire.exe () C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (Apple Inc.) D:\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe () C:\Users\Chruso\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Chruso\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Chruso\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe () C:\Users\Chruso\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Chruso\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Valve Corporation) E:\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) E:\Steam\bin\steamwebhelper.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (TeamSpeak Systems GmbH) E:\Spiele\ts3client_win64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [2009952 2013-05-31] (cFos Software GmbH) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [iTunesHelper] => D:\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation) HKU\S-1-5-21-1859405021-3660317821-3220195125-1000\...\Run: [Steam] => E:\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation) HKU\S-1-5-21-1859405021-3660317821-3220195125-1000\...\Run: [Spotify] => C:\Users\Chruso\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-14] (Spotify Ltd) HKU\S-1-5-21-1859405021-3660317821-3220195125-1000\...\Run: [Spotify Web Helper] => C:\Users\Chruso\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-14] (Spotify Ltd) HKU\S-1-5-21-1859405021-3660317821-3220195125-1000\...\Run: [ESL Wire] => C:\Program Files\EslWire\wire.exe [3771904 2014-12-09] (Turtle Entertainment GmbH) HKU\S-1-5-21-1859405021-3660317821-3220195125-1000\...\Run: [NetLimiter] => C:\Program Files\NetLimiter 3\NLClientApp.exe /tray Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-1859405021-3660317821-3220195125-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1859405021-3660317821-3220195125-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll No File BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Chruso\AppData\Roaming\Mozilla\Firefox\Profiles\G0PEXTeJ.default FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Extension: Avira Browser Safety - C:\Users\Chruso\AppData\Roaming\Mozilla\Firefox\Profiles\G0PEXTeJ.default\Extensions\abs@avira.com [2014-12-14] Chrome: ======= CHR Profile: C:\Users\Chruso\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\Chruso\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-05] CHR Extension: (Google Docs) - C:\Users\Chruso\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-05] CHR Extension: (Google Drive) - C:\Users\Chruso\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-05] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Chruso\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-05] CHR Extension: (YouTube) - C:\Users\Chruso\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-05] CHR Extension: (Google-Suche) - C:\Users\Chruso\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-05] CHR Extension: (Google Tabellen) - C:\Users\Chruso\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-05] CHR Extension: (AdBlock) - C:\Users\Chruso\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-05] CHR Extension: (Google Wallet) - C:\Users\Chruso\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-05] CHR Extension: (Marc Ecko) - C:\Users\Chruso\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjonmehjfmkejjifhhknofdnacklmjk [2014-11-05] CHR Extension: (Google Mail) - C:\Users\Chruso\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-05] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed] R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [652640 2013-05-31] (cFos Software GmbH) R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2014-01-28] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 Themes; C:\Windows\system32\themeservice.dll [44544 2014-11-05] (Microsoft Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-17] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [38912 2014-10-30] (SteelSeries ApS) U0 yefdrre; C:\Windows\System32\drivers\uvyji.sys [79064 2014-12-17] (Malwarebytes Corporation) S3 ESEADriver2; \??\C:\Users\Chruso\AppData\Local\Temp\ESEADriver2.sys [X] S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X] S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-17 20:59 - 2014-12-17 21:00 - 00015174 _____ () C:\Users\Chruso\Downloads\FRST.txt 2014-12-17 20:59 - 2014-12-17 20:59 - 00000000 ____D () C:\FRST 2014-12-17 20:58 - 2014-12-17 20:58 - 02121216 _____ (Farbar) C:\Users\Chruso\Downloads\FRST64.exe 2014-12-17 20:51 - 2014-12-17 20:51 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\uvyji.sys 2014-12-17 18:30 - 2014-12-17 18:30 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-17 18:30 - 2014-12-17 18:30 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-17 18:30 - 2014-12-17 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-17 18:30 - 2014-12-17 18:30 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-17 18:30 - 2014-12-17 18:30 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-17 18:30 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-17 18:30 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-17 18:30 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-17 18:18 - 2014-12-17 18:19 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Chruso\Downloads\mbam-setup-2.0.4.1028.exe 2014-12-17 18:07 - 2014-12-17 18:17 - 302470552 _____ (AMD Inc.) C:\Users\Chruso\Downloads\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe 2014-12-16 20:34 - 2014-12-16 20:34 - 00485186 _____ () C:\Users\Chruso\Desktop\scripts.rar 2014-12-16 17:44 - 2014-12-16 17:44 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-12-14 21:51 - 2014-12-14 21:51 - 00000000 ____D () C:\Users\Chruso\AppData\Roaming\Mozilla 2014-12-14 21:51 - 2014-12-14 21:51 - 00000000 ____D () C:\Users\Chruso\AppData\Roaming\Avira 2014-12-14 21:50 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-12-14 21:50 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-12-14 21:50 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-12-14 21:44 - 2014-12-14 21:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-12-14 21:44 - 2014-12-14 21:50 - 00000000 ____D () C:\ProgramData\Avira 2014-12-14 21:44 - 2014-12-14 21:50 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-12-14 21:44 - 2014-12-14 21:44 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-12-14 21:41 - 2014-12-14 21:41 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Chruso\Downloads\avira_de_av_5713298085__ws.exe 2014-12-14 21:38 - 2014-12-14 21:44 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin 2014-12-14 21:36 - 2014-12-14 21:37 - 10190344 _____ (Locktime Software) C:\Users\Chruso\Downloads\netlimiter-3.0.0.11-x64.exe 2014-12-14 13:17 - 2014-12-16 21:23 - 00007583 _____ () C:\Users\Chruso\AppData\Local\Resmon.ResmonCfg 2014-12-11 19:58 - 2014-12-11 19:58 - 00000000 ____D () C:\Users\Chruso\Desktop\dsa 2014-12-11 19:58 - 2014-12-11 19:58 - 00000000 ____D () C:\Users\Chruso\AppData\Roaming\NetStat4Win 2014-12-11 19:57 - 2014-12-11 19:57 - 06461310 _____ () C:\Users\Chruso\Downloads\netstat4win_x64.zip 2014-12-11 19:32 - 2014-12-11 19:32 - 03855396 _____ () C:\Users\Chruso\Downloads\Firmware_Speedport_W723V_TypB_v1.36.000.bin 2014-12-11 19:31 - 2014-12-11 19:31 - 08194132 _____ () C:\Users\Chruso\Downloads\Firmware_Speedport_W723V_TypA_1.01.009.bin 2014-12-11 17:45 - 2014-12-11 17:45 - 00000000 ____D () C:\Windows\system32\appraiser 2014-12-10 21:35 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-10 21:35 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-10 21:35 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-12-10 21:35 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-12-10 21:35 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-12-10 21:35 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-12-10 21:35 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-12-10 21:35 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2014-12-10 21:35 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2014-12-10 21:35 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2014-12-10 18:29 - 2014-12-10 18:29 - 01912363 _____ () C:\Users\Chruso\Downloads\WinMTR-v092.zip 2014-12-10 18:09 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-10 18:09 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-10 18:09 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-10 18:09 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-10 18:09 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-10 18:09 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-10 18:09 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-10 18:09 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-10 18:09 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-10 18:09 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-10 18:09 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-10 18:09 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-10 18:09 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-10 18:09 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-10 18:09 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-10 18:09 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-10 18:09 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-10 18:09 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-10 18:09 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-12-10 18:09 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-10 18:09 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-10 18:09 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-10 18:09 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-12-10 18:09 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-12-10 18:09 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-10 18:09 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-10 18:09 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-10 18:09 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-12-10 18:09 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-12-10 18:09 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-12-10 18:09 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-10 18:09 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-12-10 18:09 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-10 18:09 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-10 18:09 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-10 18:09 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-10 18:09 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-12-10 18:09 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-10 18:09 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-10 18:09 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-12-10 18:09 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-10 18:09 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-10 18:09 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-10 18:09 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-10 18:09 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-10 18:09 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-10 18:09 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-12-10 18:09 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-10 18:09 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-10 18:09 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-10 18:09 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-10 18:09 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-10 18:09 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-10 18:08 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-10 18:08 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-10 18:08 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-10 17:59 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2014-12-10 17:59 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2014-12-10 17:59 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-12-10 17:59 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-12-10 17:59 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-12-10 17:59 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-12-10 17:59 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-12-10 17:59 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2014-12-10 17:55 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-10 17:55 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-10 17:55 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-10 17:50 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-10 17:50 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-12-10 17:50 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-10 17:50 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2014-12-10 17:50 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-10 17:50 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-10 17:50 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-10 17:50 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-10 17:50 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-10 17:50 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-12-10 17:50 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-10 17:50 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-10 17:50 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-12-10 17:50 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2014-12-09 20:11 - 2014-12-09 20:11 - 00082181 _____ () C:\Users\Chruso\Downloads\cports.zip 2014-12-08 18:40 - 2014-12-08 19:47 - 00000000 ____D () C:\Users\Chruso\AppData\Roaming\TeamViewer 2014-12-08 18:40 - 2014-12-08 18:41 - 07694560 _____ (TeamViewer GmbH) C:\Users\Chruso\Downloads\TeamViewer_Setup_de.exe 2014-12-08 18:37 - 2014-12-08 18:38 - 05325936 _____ (TeamViewer) C:\Users\Chruso\Downloads\TeamViewerQS_de.exe 2014-12-08 18:32 - 2014-12-09 18:11 - 00000986 _____ () C:\Users\Chruso\Desktop\ESEA Client.lnk 2014-12-08 18:32 - 2014-12-08 18:32 - 00000000 ____D () C:\Users\Chruso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESEA 2014-12-08 18:32 - 2014-12-08 18:32 - 00000000 ____D () C:\Program Files\ESEA 2014-12-08 18:31 - 2014-12-08 18:32 - 15168661 _____ () C:\Users\Chruso\Downloads\ESEAClientInstall.exe 2014-12-07 19:40 - 2014-12-07 19:40 - 00002029 _____ () C:\Users\Chruso\Desktop\XFast LAN.lnk 2014-12-07 19:40 - 2014-12-07 19:40 - 00000000 ____D () C:\Users\Chruso\AppData\Local\cFos 2014-12-07 19:40 - 2014-12-07 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XFast LAN 2014-12-07 19:40 - 2014-12-07 19:40 - 00000000 ____D () C:\ProgramData\cFos 2014-12-07 19:40 - 2014-12-07 19:40 - 00000000 ____D () C:\Program Files\ASRock 2014-12-07 19:40 - 2013-05-31 16:23 - 01814880 _____ (cFos Software GmbH) C:\Windows\system32\Drivers\cfosspeed6.sys 2014-12-07 19:37 - 2014-12-07 19:38 - 04498303 _____ () C:\Users\Chruso\Downloads\XFastLAN(v9.05).zip 2014-12-07 19:32 - 2014-12-07 19:34 - 06166500 _____ () C:\Users\Chruso\Downloads\Install_Win7_7090_11252014.zip 2014-12-07 19:24 - 2014-12-07 19:24 - 00000000 ____D () C:\Users\Chruso\AppData\Local\PackageAware 2014-12-07 19:24 - 2014-12-07 19:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft WSE 2014-12-07 19:23 - 2014-12-07 19:23 - 10995296 _____ (Deutsche Telekom AG, Marmiko IT-Solutions GmbH ) C:\Users\Chruso\Downloads\netzmanager_setup.exe 2014-12-06 17:55 - 2014-12-17 17:36 - 00000000 ____D () C:\Users\Chruso\AppData\Local\ESL Wire Game Client 2014-12-06 17:55 - 2014-12-11 17:53 - 00000779 _____ () C:\Users\Public\Desktop\ESL Wire.lnk 2014-12-06 17:55 - 2014-12-11 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire 2014-12-06 17:55 - 2014-12-11 17:53 - 00000000 ____D () C:\Program Files\EslWire 2014-12-06 17:55 - 2014-12-06 17:55 - 00000000 ____D () C:\ProgramData\ESL Wire 2014-12-06 17:52 - 2014-12-06 17:52 - 00939656 _____ (Turtle Entertainment GmbH) C:\Users\Chruso\Downloads\ESLWireSetup-1.18.0.8085.exe 2014-12-06 11:31 - 2011-05-03 13:40 - 00000000 ____D () C:\Users\Chruso\Desktop\Unpark-CPU-App 2014-12-06 11:30 - 2014-12-06 11:30 - 00546199 _____ () C:\Users\Chruso\Downloads\Unpark-CPU-App.zip 2014-12-04 21:48 - 2014-12-04 21:48 - 00000000 ____D () C:\Users\Chruso\AppData\Roaming\WindSolutions 2014-12-04 21:46 - 2014-12-04 21:46 - 113191850 _____ () C:\Users\Chruso\Desktop\WhatsApp2.11.12.ipa 2014-12-04 21:42 - 2014-12-04 21:42 - 44006973 _____ () C:\Users\Chruso\Desktop\Dumb Ways3.0.0.ipa 2014-12-04 21:42 - 2014-12-04 21:42 - 41182326 _____ () C:\Users\Chruso\Desktop\Dumb Ways 21.0.0.ipa 2014-12-04 21:42 - 2014-12-04 21:42 - 12139545 _____ () C:\Users\Chruso\Desktop\Spikes1.8.ipa 2014-12-04 21:42 - 2014-12-04 21:42 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2014-12-04 21:40 - 2014-12-04 21:40 - 00000000 ____D () C:\ProgramData\WindSolutions 2014-12-04 21:29 - 2014-12-04 21:32 - 07158166 _____ () C:\Users\Chruso\Downloads\CopyTransAppsDEv1.027.zip 2014-11-28 19:24 - 2014-11-28 19:25 - 00000000 ____D () C:\Users\Chruso\Documents\Snagit 2014-11-28 19:23 - 2014-12-07 19:39 - 00000000 ____D () C:\ProgramData\TechSmith 2014-11-28 19:20 - 2014-11-28 19:20 - 01174352 _____ () C:\Users\Chruso\Downloads\Snagit - CHIP-Installer.exe 2014-11-27 17:31 - 2014-11-27 17:31 - 00000199 _____ () C:\Users\Chruso\Desktop\Counter-Strike Global Offensive.url 2014-11-25 20:51 - 2014-11-25 20:51 - 00000199 _____ () C:\Users\Chruso\Desktop\Counter-Strike Source.url 2014-11-25 20:50 - 2014-11-25 20:50 - 00001387 _____ () C:\Users\Chruso\Desktop\Counter-Strike Source.lnk 2014-11-25 20:50 - 2014-11-25 20:50 - 00000000 ____D () C:\Users\Chruso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-11-22 12:00 - 2014-11-22 12:00 - 00000000 __SHD () C:\Users\Chruso\AppData\Local\EmieUserList 2014-11-22 12:00 - 2014-11-22 12:00 - 00000000 __SHD () C:\Users\Chruso\AppData\Local\EmieSiteList 2014-11-22 12:00 - 2014-11-22 12:00 - 00000000 __SHD () C:\Users\Chruso\AppData\Local\EmieBrowserModeList 2014-11-19 17:49 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 17:49 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 17:49 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 17:49 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-17 20:51 - 2014-11-04 16:08 - 00000000 ____D () C:\ProgramData\IePluginServices 2014-12-17 20:51 - 2009-07-14 05:45 - 00000000 ____D () C:\Windows\Setup 2014-12-17 20:50 - 2014-11-16 17:33 - 00000000 ____D () C:\Users\Chruso\AppData\Roaming\TS3Client 2014-12-17 20:21 - 2014-11-06 15:37 - 00000000 ____D () C:\Users\Chruso\AppData\Roaming\Spotify 2014-12-17 20:19 - 2014-11-05 21:08 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-17 18:23 - 2014-11-04 15:56 - 01117435 _____ () C:\Windows\WindowsUpdate.log 2014-12-17 18:19 - 2014-11-05 21:08 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-17 17:43 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-17 17:43 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-17 17:36 - 2014-11-06 15:48 - 00000000 ____D () C:\Users\Chruso\AppData\Local\Spotify 2014-12-17 17:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-17 17:35 - 2009-07-14 05:51 - 00028901 _____ () C:\Windows\setupact.log 2014-12-16 18:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-12-14 21:53 - 2010-11-21 04:47 - 00142248 _____ () C:\Windows\PFRO.log 2014-12-14 21:44 - 2014-11-04 16:25 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-14 21:42 - 2014-11-07 16:37 - 00000000 ____D () C:\Users\admin 2014-12-14 21:42 - 2014-11-04 16:33 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-12-13 15:21 - 2014-11-05 21:16 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-12-11 17:45 - 2014-11-06 15:19 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-11 17:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-11 17:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat 2014-12-10 21:39 - 2014-11-05 17:38 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-10 21:37 - 2014-11-05 17:38 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-09 18:08 - 2014-11-07 16:37 - 00000000 ____D () C:\Users\Chruso\AppData\Local\SteelSeries Engine 3 Client 2014-12-04 21:18 - 2014-11-06 15:32 - 00000000 ____D () C:\Users\Chruso\AppData\Roaming\Apple Computer 2014-11-27 22:05 - 2014-11-07 14:00 - 00235165 _____ () C:\Windows\DirectX.log 2014-11-23 19:47 - 2011-04-12 08:43 - 00699088 _____ () C:\Windows\system32\perfh007.dat 2014-11-23 19:47 - 2011-04-12 08:43 - 00149228 _____ () C:\Windows\system32\perfc007.dat 2014-11-23 19:47 - 2009-07-14 06:13 - 01619264 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-17 18:14 - 2014-11-05 21:08 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-17 18:14 - 2014-11-05 21:08 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore Some content of TEMP: ==================== C:\Users\Chruso\AppData\Local\Temp\avgnt.exe C:\Users\Chruso\AppData\Local\Temp\EslWireSetup-1.18.0.8085-x64.exe C:\Users\Chruso\AppData\Local\Temp\EslWireSetup-1.18.0.8101-x64.exe C:\Users\Chruso\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-16 18:08 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014
Ran by Chruso at 2014-12-17 21:00:24
Running from C:\Users\Chruso\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Advanced Warfare - Multiplayer (HKLM-x32\...\Steam App 209660) (Version: - Sledgehammer Games)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\{9580813D-94B1-4C28-9426-A441E2BB29A5}) (Version: 1.0.0.0 - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
ESEA Client (HKU\S-1-5-21-1859405021-3660317821-3220195125-1000\...\ESEA) (Version: 5.0.0.0 - E-Sports Entertainment LLC)
ESL Wire 1.18.0 (HKLM\...\ESL Wire_is1) (Version: - Turtle Entertainment GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Spotify (HKU\S-1-5-21-1859405021-3660317821-3220195125-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.3.0 (HKLM\...\SteelSeries Engine 3) (Version: 3.3.0 - SteelSeries ApS)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
WindowsMangerProtect20.0.0.1064 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.1064 - WindowsProtect LIMITED) <==== ATTENTION
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XFast LAN v9.05 (HKLM\...\XFast LAN) (Version: 9.05 - cFos Software GmbH, Bonn)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1859405021-3660317821-3220195125-1000_Classes\CLSID\{33C169DA-833A-456A-9059-F3D6D429ED42}\InprocServer32 -> C:\Windows\system32\timedate.cpl (Microsoft Corporation)
==================== Restore Points =========================
09-12-2014 17:30:04 Windows Update
10-12-2014 21:35:14 Windows Update
14-12-2014 12:40:10 Windows Update
14-12-2014 21:37:18 Installed NetLimiter 3
14-12-2014 21:43:36 Removed NetLimiter 3
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {657F6EB1-27DB-47B7-9195-C5DD5478CB79} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-05] (Google Inc.)
Task: {C1ED87C8-471D-47EC-B661-3F8C3702D77C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-05] (Google Inc.)
Task: {F77033E0-500C-46CB-B181-4793BE9F7C2E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-09-15 18:13 - 2014-09-15 18:13 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-12-06 17:55 - 2014-01-28 11:40 - 00663056 _____ () C:\Program Files\EslWire\service\WireHelperSvc.exe
2014-12-06 17:55 - 2014-10-09 15:22 - 00214016 _____ () C:\Program Files\EslWire\service\NocIPC64.dll
2014-12-06 17:55 - 2014-12-09 11:24 - 08871424 _____ () C:\Program Files\EslWire\WireCore.dll
2014-12-06 17:55 - 2014-10-09 15:22 - 00214016 _____ () C:\Program Files\EslWire\NocIPC64.dll
2014-12-06 17:55 - 2014-12-09 11:22 - 00454656 _____ () C:\Program Files\EslWire\Linesman.dll
2014-12-06 17:55 - 2014-10-09 15:23 - 00310272 _____ () C:\Program Files\EslWire\laginspect\laginspect.dll
2014-10-30 22:45 - 2014-10-30 22:45 - 17542656 _____ () C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
2014-10-14 15:10 - 2014-10-14 15:10 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine 3\x2api.dll
2014-11-06 15:47 - 2014-12-14 20:50 - 00374840 _____ () C:\Users\Chruso\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-09-15 18:13 - 2014-09-15 18:13 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-02-28 10:14 - 2014-02-28 10:14 - 00173568 _____ () E:\Spiele\quazip.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 01080832 _____ () E:\Spiele\platforms\qwindows.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 00833024 _____ () E:\Spiele\sqldrivers\qsqlite.dll
2014-08-04 14:43 - 2014-08-04 14:43 - 00102344 _____ () E:\Spiele\soundbackends\directsound_win64.dll
2014-08-04 14:43 - 2014-08-04 14:43 - 00108488 _____ () E:\Spiele\soundbackends\windowsaudiosession_win64.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 00030208 _____ () E:\Spiele\imageformats\qgif.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 00233984 _____ () E:\Spiele\imageformats\qjpeg.dll
2014-08-04 14:46 - 2014-08-04 14:46 - 00563656 _____ () E:\Spiele\plugins\clientquery_plugin.dll
2014-08-04 14:46 - 2014-08-04 14:46 - 00579016 _____ () E:\Spiele\plugins\teamspeak_control_plugin.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 00159232 _____ () E:\Spiele\accessible\qtaccessiblewidgets.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-05 21:39 - 2014-11-11 19:48 - 01171456 _____ () E:\Steam\libavcodec-56.dll
2014-11-05 21:39 - 2014-11-11 19:48 - 00442368 _____ () E:\Steam\libavutil-54.dll
2014-11-05 21:39 - 2014-11-11 19:48 - 00332800 _____ () E:\Steam\libavresample-2.dll
2014-11-05 21:39 - 2014-11-11 19:47 - 00774656 _____ () E:\Steam\SDL2.dll
2014-11-05 21:39 - 2014-11-18 21:23 - 02227904 _____ () E:\Steam\video.dll
2014-11-05 21:39 - 2014-11-11 19:48 - 00403968 _____ () E:\Steam\libavformat-56.dll
2014-11-05 21:39 - 2014-11-11 19:48 - 00485888 _____ () E:\Steam\libswscale-3.dll
2014-11-05 21:39 - 2014-11-18 21:23 - 00690880 _____ () E:\Steam\bin\chromehtml.DLL
2014-11-06 15:47 - 2014-12-14 20:50 - 36966968 _____ () C:\Users\Chruso\AppData\Roaming\Spotify\Data\libcef.dll
2014-11-06 15:47 - 2014-12-14 20:50 - 00867896 _____ () C:\Users\Chruso\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-11-06 15:47 - 2014-12-14 20:50 - 00886840 _____ () C:\Users\Chruso\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-11-06 15:47 - 2014-12-14 20:50 - 00108600 _____ () C:\Users\Chruso\AppData\Roaming\Spotify\Data\libegl.dll
2014-11-05 21:39 - 2014-11-11 19:48 - 34589888 _____ () E:\Steam\bin\libcef.dll
2014-11-05 21:39 - 2014-11-11 19:48 - 00837824 _____ () E:\Steam\bin\ffmpegsumo.dll
2014-12-13 15:21 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-13 15:21 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-13 15:21 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 15:21 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-13 15:21 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1859405021-3660317821-3220195125-500 - Administrator - Disabled)
Chruso (S-1-5-21-1859405021-3660317821-3220195125-1000 - Administrator - Enabled) => C:\Users\Chruso
Gast (S-1-5-21-1859405021-3660317821-3220195125-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1859405021-3660317821-3220195125-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/17/2014 05:37:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/16/2014 05:40:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/15/2014 06:20:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/14/2014 09:55:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/14/2014 08:51:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/14/2014 08:50:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -1305.
Error: (12/14/2014 00:37:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/13/2014 02:26:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/11/2014 09:21:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/11/2014 05:48:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (12/16/2014 07:56:12 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ELENA",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{30B101AE-29A4-4215-B7FB-6A843B17808A}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (12/14/2014 10:01:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "WindowsMangerProtect Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/14/2014 09:40:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "NetLimiter 3 Service" wurde mit folgendem Fehler beendet:
%%-2147467259
Error: (12/14/2014 09:40:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "NetLimiter 3 Service" wurde mit folgendem Fehler beendet:
%%-2147467259
Error: (12/14/2014 09:39:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "NetLimiter 3 Service" wurde mit folgendem Fehler beendet:
%%-2147467259
Error: (12/14/2014 09:39:51 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {A82148C5-8D12-4028-AA81-ACB8355E7994}
Error: (12/14/2014 09:39:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "NetLimiter 3 Service" wurde mit folgendem Fehler beendet:
%%-2147467259
Error: (12/14/2014 08:56:08 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (12/14/2014 00:39:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%-2147023113
Error: (12/14/2014 00:36:07 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 13.12.2014 um 18:40:46 unerwartet heruntergefahren.
Microsoft Office Sessions:
=========================
Error: (12/17/2014 05:37:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/16/2014 05:40:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/15/2014 06:20:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/14/2014 09:55:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/14/2014 08:51:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/14/2014 08:50:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -1305
Error: (12/14/2014 00:37:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/13/2014 02:26:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/11/2014 09:21:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/11/2014 05:48:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2014-12-13 14:35:49.753
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-13 14:33:38.726
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-14 17:28:39.467
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-14 17:28:39.466
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-14 17:27:11.658
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-12 17:05:21.465
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-12 17:05:21.464
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-12 17:05:21.463
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-10 18:29:20.186
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-10 18:29:20.185
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: AMD FX(tm)-8150 Eight-Core Processor
Percentage of memory in use: 45%
Total physical RAM: 8149.7 MB
Available physical RAM: 4444.98 MB
Total Pagefile: 64370.88 MB
Available Pagefile: 59529.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:195.21 GB) (Free:143.61 GB) NTFS
Drive d: () (Fixed) (Total:390.62 GB) (Free:368.35 GB) NTFS
Drive e: () (Fixed) (Total:345.57 GB) (Free:262.4 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D0502C3C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=345.6 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
18.12.2014, 20:29
| #4 |
| /// the machine /// TB-Ausbilder | Extreme Laggs (+1000ms), was ist schuld? Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.12.2014, 22:02
| #5 |
| | Extreme Laggs (+1000ms), was ist schuld?Code:
ATTFilter ComboFix 14-12-14.01 - Chruso 18.12.2014 21:50:10.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8150.5154 [GMT 1:00]
ausgeführt von:: c:\users\Chruso\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Chruso\AppData\Local\assembly\tmp
c:\users\Chruso\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
Infizierte Kopie von c:\windows\SysWow64\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-11-18 bis 2014-12-18 ))))))))))))))))))))))))))))))
.
.
2014-12-18 20:45 . 2014-12-18 20:45 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-12-17 22:28 . 2014-12-17 22:28 -------- d-----w- c:\program files (x86)\ESET
2014-12-17 19:59 . 2014-12-17 20:01 -------- d-----w- C:\FRST
2014-12-17 17:30 . 2014-12-18 20:58 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-17 17:30 . 2014-12-17 17:30 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2014-12-17 17:30 . 2014-12-17 17:30 -------- d-----w- c:\programdata\Malwarebytes
2014-12-17 17:30 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-12-17 17:30 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-17 17:30 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-12-16 16:44 . 2014-12-16 16:44 43064 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-12-14 20:51 . 2014-12-14 20:51 -------- d-----w- c:\users\Chruso\AppData\Roaming\Avira
2014-12-14 20:50 . 2014-11-24 09:23 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-12-14 20:50 . 2014-11-24 09:23 131608 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-12-14 20:50 . 2014-11-24 09:23 119272 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-12-14 20:44 . 2014-12-14 20:50 -------- d-----w- c:\programdata\Avira
2014-12-14 20:44 . 2014-12-14 20:50 -------- d-----w- c:\program files (x86)\Avira
2014-12-14 20:38 . 2014-12-14 20:44 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2014-12-11 18:58 . 2014-12-11 18:58 -------- d-----w- c:\users\Chruso\AppData\Roaming\NetStat4Win
2014-12-11 16:45 . 2014-12-11 16:45 -------- d-----w- c:\windows\system32\appraiser
2014-12-10 20:35 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2014-12-10 20:35 . 2014-07-07 02:06 206848 ----a-w- c:\windows\system32\mfps.dll
2014-12-10 20:35 . 2014-07-07 02:06 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2014-12-10 20:35 . 2014-07-07 02:06 24576 ----a-w- c:\windows\system32\mfpmp.exe
2014-12-10 20:35 . 2014-07-07 02:02 2048 ----a-w- c:\windows\system32\mferror.dll
2014-12-10 20:35 . 2014-07-07 01:40 103424 ----a-w- c:\windows\SysWow64\mfps.dll
2014-12-10 20:35 . 2014-07-07 01:39 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
2014-12-10 20:35 . 2014-07-07 01:39 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe
2014-12-10 20:35 . 2014-07-07 01:37 2048 ----a-w- c:\windows\SysWow64\mferror.dll
2014-12-10 20:35 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll
2014-12-10 17:08 . 2014-11-27 01:43 293040 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2014-12-10 17:08 . 2014-11-22 03:13 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-12-10 17:08 . 2014-11-22 02:48 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-12-10 17:08 . 2014-11-22 02:09 199680 ----a-w- c:\windows\system32\msrating.dll
2014-12-10 17:08 . 2014-11-22 02:08 1016832 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-12-10 17:08 . 2014-11-22 01:09 382976 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2014-12-10 17:08 . 2014-11-22 03:00 10949120 ----a-w- c:\program files\Internet Explorer\F12Resources.dll
2014-12-10 16:59 . 2014-12-04 02:50 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-10 16:59 . 2014-12-04 02:44 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-10 16:59 . 2014-12-01 23:28 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-12-10 16:59 . 2014-12-04 02:50 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-10 16:59 . 2014-12-04 02:50 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-10 16:59 . 2014-12-04 02:50 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-10 16:59 . 2014-12-04 02:50 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-10 16:55 . 2014-11-11 03:09 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-12-10 16:55 . 2014-11-11 02:44 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-12-10 16:55 . 2014-11-11 01:46 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-12-09 16:30 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E679DB05-1793-4DAC-A3DC-3AEAF548AF74}\mpengine.dll
2014-12-08 17:40 . 2014-12-08 18:47 -------- d-----w- c:\users\Chruso\AppData\Roaming\TeamViewer
2014-12-08 17:32 . 2014-12-08 17:32 -------- d-----w- c:\program files\ESEA
2014-12-07 18:40 . 2014-12-07 18:40 -------- d-----w- c:\program files\ASRock
2014-12-07 18:40 . 2013-05-31 15:23 1814880 ----a-w- c:\windows\system32\drivers\cfosspeed6.sys
2014-12-07 18:40 . 2014-12-07 18:40 -------- d-----w- c:\users\Chruso\AppData\Local\cFos
2014-12-07 18:40 . 2014-12-07 18:40 -------- d-----w- c:\programdata\cFos
2014-12-07 18:24 . 2014-12-07 18:24 -------- d-----w- c:\program files (x86)\Microsoft WSE
2014-12-07 18:24 . 2014-12-07 18:24 -------- d-----w- c:\users\Chruso\AppData\Local\PackageAware
2014-12-06 16:55 . 2014-12-18 20:55 -------- d-----w- c:\users\Chruso\AppData\Local\ESL Wire Game Client
2014-12-06 16:55 . 2014-12-11 16:53 -------- d-----w- c:\program files\EslWire
2014-12-06 16:55 . 2014-12-06 16:55 -------- d-----w- c:\programdata\ESL Wire
2014-12-06 16:55 . 2014-12-06 16:55 -------- d-----w- c:\users\Chruso\AppData\Local\Programs
2014-12-04 20:48 . 2014-12-04 20:48 -------- d-----w- c:\users\Chruso\AppData\Roaming\WindSolutions
2014-12-04 20:40 . 2014-12-04 20:40 -------- d-----w- c:\programdata\WindSolutions
2014-11-28 18:24 . 2014-12-18 20:54 -------- d-----w- c:\users\Chruso\AppData\Local\assembly
2014-11-28 18:23 . 2014-12-07 18:39 -------- d-----w- c:\programdata\TechSmith
2014-11-22 11:00 . 2014-11-22 11:00 -------- d-sh--w- c:\users\Chruso\AppData\Local\EmieUserList
2014-11-22 11:00 . 2014-11-22 11:00 -------- d-sh--w- c:\users\Chruso\AppData\Local\EmieSiteList
2014-11-22 11:00 . 2014-11-22 11:00 -------- d-sh--w- c:\users\Chruso\AppData\Local\EmieBrowserModeList
2014-11-19 16:49 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-19 16:49 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-19 16:49 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-19 16:49 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-10 20:37 . 2014-11-05 16:38 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-11-10 16:12 . 2014-11-10 16:12 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-11-07 03:05 . 2014-11-07 03:05 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-11-07 03:05 . 2014-11-07 03:05 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-11-07 03:05 . 2014-11-07 03:05 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-11-07 03:05 . 2014-11-07 03:05 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-11-07 03:05 . 2014-11-07 03:05 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-11-07 03:05 . 2014-11-07 03:05 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-11-07 03:05 . 2014-11-07 03:05 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-11-07 03:05 . 2014-11-07 03:05 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-11-07 03:05 . 2014-11-07 03:05 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-11-07 03:05 . 2014-11-07 03:05 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-11-07 03:05 . 2014-11-07 03:05 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-11-07 03:05 . 2014-11-07 03:05 81408 ----a-w- c:\windows\system32\icardie.dll
2014-11-07 03:05 . 2014-11-07 03:05 774144 ----a-w- c:\windows\system32\jscript.dll
2014-11-07 03:05 . 2014-11-07 03:05 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-11-07 03:05 . 2014-11-07 03:05 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-11-07 03:05 . 2014-11-07 03:05 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-11-07 03:05 . 2014-11-07 03:05 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-11-07 03:05 . 2014-11-07 03:05 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-11-07 03:05 . 2014-11-07 03:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-11-07 03:05 . 2014-11-07 03:05 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-11-07 03:05 . 2014-11-07 03:05 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-11-07 03:05 . 2014-11-07 03:05 413696 ----a-w- c:\windows\system32\html.iec
2014-11-07 03:05 . 2014-11-07 03:05 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-11-07 03:05 . 2014-11-07 03:05 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-11-07 03:05 . 2014-11-07 03:05 247808 ----a-w- c:\windows\system32\msls31.dll
2014-11-07 03:05 . 2014-11-07 03:05 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-11-07 03:05 . 2014-11-07 03:05 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-11-07 03:05 . 2014-11-07 03:05 235520 ----a-w- c:\windows\system32\url.dll
2014-11-07 03:05 . 2014-11-07 03:05 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-11-07 03:05 . 2014-11-07 03:05 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-11-07 03:05 . 2014-11-07 03:05 147968 ----a-w- c:\windows\system32\occache.dll
2014-11-07 03:05 . 2014-11-07 03:05 143872 ----a-w- c:\windows\system32\wextract.exe
2014-11-07 03:05 . 2014-11-07 03:05 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-11-07 03:05 . 2014-11-07 03:05 13824 ----a-w- c:\windows\system32\mshta.exe
2014-11-07 03:05 . 2014-11-07 03:05 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-11-07 03:05 . 2014-11-07 03:05 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-11-07 03:05 . 2014-11-07 03:05 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-11-07 03:05 . 2014-11-07 03:05 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-11-07 03:05 . 2014-11-07 03:05 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-11-07 03:05 . 2014-11-07 03:05 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-11-07 03:05 . 2014-11-07 03:05 101376 ----a-w- c:\windows\system32\inseng.dll
2014-11-07 03:03 . 2014-11-07 03:03 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-11-07 03:03 . 2014-11-07 03:03 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-11-07 03:03 . 2014-11-07 03:03 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2014-11-07 03:03 . 2014-11-07 03:03 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2014-11-07 03:03 . 2014-11-07 03:03 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-11-07 03:03 . 2014-11-07 03:03 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-11-07 03:03 . 2014-11-07 03:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-11-07 03:03 . 2014-11-07 03:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-11-07 03:03 . 2014-11-07 03:03 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-11-07 03:03 . 2014-11-07 03:03 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-11-07 03:03 . 2014-11-07 03:03 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-11-07 03:03 . 2014-11-07 03:03 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2014-11-07 03:03 . 2014-11-07 03:03 363008 ----a-w- c:\windows\system32\dxgi.dll
2014-11-07 03:03 . 2014-11-07 03:03 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-11-07 03:03 . 2014-11-07 03:03 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-11-07 03:03 . 2014-11-07 03:03 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-11-07 03:03 . 2014-11-07 03:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-11-07 03:03 . 2014-11-07 03:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-11-07 03:03 . 2014-11-07 03:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-11-07 03:03 . 2014-11-07 03:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-11-07 03:03 . 2014-11-07 03:03 296960 ----a-w- c:\windows\system32\d3d10core.dll
2014-11-07 03:03 . 2014-11-07 03:03 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2014-11-07 03:03 . 2014-11-07 03:03 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-11-07 03:03 . 2014-11-07 03:03 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-11-07 03:03 . 2014-11-07 03:03 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2014-11-07 03:03 . 2014-11-07 03:03 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-11-07 03:03 . 2014-11-07 03:03 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2014-11-07 03:03 . 2014-11-07 03:03 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2014-11-07 03:03 . 2014-11-07 03:03 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2014-11-07 03:03 . 2014-11-07 03:03 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2014-11-07 03:03 . 2014-11-07 03:03 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2014-11-07 03:03 . 2014-11-07 03:03 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2014-11-07 03:03 . 2014-11-07 03:03 1643520 ----a-w- c:\windows\system32\DWrite.dll
2014-11-07 03:03 . 2014-11-07 03:03 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2014-11-07 03:03 . 2014-11-07 03:03 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2014-11-07 03:03 . 2014-11-07 03:03 1238528 ----a-w- c:\windows\system32\d3d10.dll
2014-11-07 03:03 . 2014-11-07 03:03 1175552 ----a-w- c:\windows\system32\FntCache.dll
2014-11-07 03:03 . 2014-11-07 03:03 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2014-11-07 03:03 . 2014-11-07 03:03 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2014-11-07 03:03 . 2014-11-07 03:03 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-11-07 03:03 . 2014-11-07 03:03 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-11-05 20:20 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2014-11-05 20:20 . 2010-11-21 03:23 2851840 ----a-w- c:\windows\system32\themeui.dll
2014-11-05 20:20 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2014-11-04 15:15 . 2014-11-04 15:15 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-04 15:15 . 2014-11-04 15:15 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-04 13:30 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-30 21:47 . 2014-10-30 21:47 8704 ----a-w- c:\windows\system32\drivers\hidkmdf.sys
2014-10-30 21:47 . 2014-10-30 21:47 38912 ----a-w- c:\windows\system32\drivers\sshid.sys
2014-10-30 21:47 . 2014-10-30 21:47 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2014-10-25 01:57 . 2014-11-12 14:17 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 14:17 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-12 14:17 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-12 14:17 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16 . 2014-11-12 14:22 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 14:22 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-12 14:17 3241984 ----a-w- c:\windows\system32\msi.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="e:\steam\steam.exe" [2014-11-18 1940160]
"Spotify"="c:\users\Chruso\AppData\Roaming\Spotify\Spotify.exe" [2014-12-14 6737976]
"Spotify Web Helper"="c:\users\Chruso\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-12-14 1676344]
"ESL Wire"="c:\program files\EslWire\wire.exe" [2014-12-09 3771904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-09-15 767200]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2014-10-15 157480]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-11-20 126200]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-11-24 702768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SteelSeries Engine 3.lnk - c:\program files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe -dataPath="c:\programdata\SteelSeries\SteelSeries Engine 3" -dbEnv=production -auto=true [2014-10-30 17542656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 ESEADriver2;ESEADriver2;c:\users\Chruso\AppData\Local\Temp\ESEADriver2.sys;c:\users\Chruso\AppData\Local\Temp\ESEADriver2.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe;c:\program files\EslWire\service\WireHelperSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 hidkmdf;Filter Driver Service for HID-KMDF Interface layer;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 sshid;SteelSeries HID Service;c:\windows\system32\DRIVERS\sshid.sys;c:\windows\SYSNATIVE\DRIVERS\sshid.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-13 14:20 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-05 20:08]
.
2014-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-05 20:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2013-05-31 2009952]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mDefault_Search_URL = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-NetLimiter - c:\program files\NetLimiter 3\NLClientApp.exe
AddRemove-{43B74FAB-FB58-447D-8D3A-5F638AF36FD1} - c:\programdata\{BA58D0EE-89D1-4191-9F19-B6AD920B04F7}\Netzmanager1.081.0201_140124a.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ Malwarebytes Anti-Malware \mbam.exe
c:\program files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-12-18 22:01:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-12-18 21:01
.
Vor Suchlauf: 8 Verzeichnis(se), 154.462.744.576 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 154.336.636.928 Bytes frei
.
- - End Of File - - 922CE63EE1D1E25B9AF5343FADDF3CA4
A36C5E4F47E84449FF07ED3517B43A31
|
|
19.12.2014, 21:09
| #6 |
| /// the machine /// TB-Ausbilder | Extreme Laggs (+1000ms), was ist schuld? Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Extreme Laggs (+1000ms), was ist schuld? |
|
22.12.2014, 03:22
| #7 |
| | Extreme Laggs (+1000ms), was ist schuld?Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 22.12.2014 Scan Time: 03:01:52 Logfile: dere.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2014.12.22.01 Rootkit Database: v2014.12.14.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Chruso Scan Type: Threat Scan Result: Completed Objects Scanned: 353774 Time Elapsed: 12 min, 2 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Chruso on 22.12.2014 at 2:57:40,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.12.2014 at 3:00:48,94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v4.106 - Bericht erstellt am 21/12/2014 um 22:06:42
# Aktualisiert 21/12/2014 von Xplode
# Database : 2014-12-21.4 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Chruso - CHRUSO-PC
# Gestartet von : C:\Users\Chruso\Downloads\AdwCleaner_4.106.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Chruso\AppData\Local\PackageAware
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKCU\Software\OCS
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v
-\\ Google Chrome v39.0.2171.95
*************************
AdwCleaner[R0].txt - [1805 octets] - [21/12/2014 22:04:15]
AdwCleaner[S0].txt - [1668 octets] - [21/12/2014 22:06:42]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1728 octets] ##########
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-12-2014 01 Ran by Chruso (administrator) on CHRUSO-PC on 22-12-2014 03:22:41 Running from C:\Users\Chruso\Downloads Loaded Profiles: Chruso (Available profiles: Chruso) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe () C:\Program Files\EslWire\service\WireHelperSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Valve Corporation) E:\Steam\Steam.exe (Spotify Ltd) C:\Users\Chruso\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (Apple Inc.) D:\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Valve Corporation) E:\Steam\bin\steamwebhelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (TeamSpeak Systems GmbH) E:\Spiele\ts3client_win64.exe (Valve Corporation) E:\Steam\bin\steamwebhelper.exe (Valve Corporation) E:\Steam\bin\steamwebhelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [2009952 2013-05-31] (cFos Software GmbH) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [iTunesHelper] => D:\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-1859405021-3660317821-3220195125-1000\...\Run: [Steam] => E:\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation) HKU\S-1-5-21-1859405021-3660317821-3220195125-1000\...\Run: [Spotify] => C:\Users\Chruso\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-14] (Spotify Ltd) HKU\S-1-5-21-1859405021-3660317821-3220195125-1000\...\Run: [Spotify Web Helper] => C:\Users\Chruso\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-14] (Spotify Ltd) HKU\S-1-5-21-1859405021-3660317821-3220195125-1000\...\Run: [ESL Wire] => C:\Program Files\EslWire\wire.exe [3771904 2014-12-09] (Turtle Entertainment GmbH) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1859405021-3660317821-3220195125-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1859405021-3660317821-3220195125-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1859405021-3660317821-3220195125-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll No File BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Chruso\AppData\Roaming\Mozilla\Firefox\Profiles\G0PEXTeJ.default FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Extension: Avira Browser Safety - C:\Users\Chruso\AppData\Roaming\Mozilla\Firefox\Profiles\G0PEXTeJ.default\Extensions\abs@avira.com [2014-12-14] Chrome: ======= CHR Profile: C:\Users\Chruso\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Chruso\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-05] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Chruso\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-05] CHR Extension: (YouTube) - C:\Users\Chruso\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-05] CHR Extension: (Google-Suche) - C:\Users\Chruso\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-05] CHR Extension: (AdBlock) - C:\Users\Chruso\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-05] CHR Extension: (Google Wallet) - C:\Users\Chruso\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-05] CHR Extension: (Marc Ecko) - C:\Users\Chruso\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjonmehjfmkejjifhhknofdnacklmjk [2014-11-05] CHR Extension: (Google Mail) - C:\Users\Chruso\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-05] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed] R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [652640 2013-05-31] (cFos Software GmbH) R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2014-01-28] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 Themes; C:\Windows\system32\themeservice.dll [44544 2014-11-05] (Microsoft Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-22] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [38912 2014-10-30] (SteelSeries ApS) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 ESEADriver2; \??\C:\Users\Chruso\AppData\Local\Temp\ESEADriver2.sys [X] S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X] S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-22 03:22 - 2014-12-22 03:22 - 00000000 ____D () C:\Users\Chruso\Downloads\FRST-OlderVersion 2014-12-22 03:21 - 2014-12-22 03:21 - 00001055 _____ () C:\Users\Chruso\Desktop\dere.txt 2014-12-22 03:00 - 2014-12-22 03:00 - 00001288 _____ () C:\Users\Chruso\Desktop\JRT.txt 2014-12-22 02:57 - 2014-12-22 02:57 - 00000000 ____D () C:\Windows\ERUNT 2014-12-22 02:56 - 2014-12-22 02:57 - 01707646 _____ (Thisisu) C:\Users\Chruso\Downloads\JRT (1).exe 2014-12-21 22:20 - 2014-12-21 22:20 - 01707646 _____ (Thisisu) C:\Users\Chruso\Downloads\JRT.exe 2014-12-21 22:11 - 2014-12-21 22:11 - 00001820 _____ () C:\Users\Chruso\Downloads\AdwCleaner[S0].txt 2014-12-21 22:04 - 2014-12-21 22:06 - 00000000 ____D () C:\AdwCleaner 2014-12-21 21:57 - 2014-12-21 21:57 - 02173952 _____ () C:\Users\Chruso\Downloads\AdwCleaner_4.106.exe 2014-12-18 22:01 - 2014-12-18 22:01 - 00028818 _____ () C:\ComboFix.txt 2014-12-18 21:48 - 2014-12-18 22:01 - 00000000 ____D () C:\Qoobox 2014-12-18 21:48 - 2014-12-18 21:59 - 00000000 ____D () C:\Windows\erdnt 2014-12-18 21:48 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-12-18 21:48 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-12-18 21:48 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-12-18 21:48 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-12-18 21:48 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-12-18 21:48 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-12-18 21:48 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-12-18 21:48 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-12-18 21:47 - 2014-12-18 21:48 - 05601641 ____R (Swearware) C:\Users\Chruso\Downloads\ComboFix.exe 2014-12-18 21:45 - 2014-12-18 21:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Chruso\Downloads\revosetup95.exe 2014-12-18 21:45 - 2014-12-18 21:45 - 00001268 _____ () C:\Users\Chruso\Desktop\Revo Uninstaller.lnk 2014-12-18 21:45 - 2014-12-18 21:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-12-18 21:20 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-18 21:20 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-17 23:28 - 2014-12-17 23:28 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-12-17 23:26 - 2014-12-17 23:26 - 02347384 _____ (ESET) C:\Users\Chruso\Downloads\esetsmartinstaller_deu.exe 2014-12-17 23:21 - 2014-12-17 23:22 - 04036200 _____ (Piriform Ltd) C:\Users\Chruso\Downloads\ccsetup500_slim.exe 2014-12-17 21:00 - 2014-12-17 21:01 - 00025245 _____ () C:\Users\Chruso\Downloads\Addition.txt 2014-12-17 20:59 - 2014-12-22 03:22 - 00014295 _____ () C:\Users\Chruso\Downloads\FRST.txt 2014-12-17 20:59 - 2014-12-22 03:22 - 00000000 ____D () C:\FRST 2014-12-17 20:58 - 2014-12-22 03:22 - 02122240 _____ (Farbar) C:\Users\Chruso\Downloads\FRST64.exe 2014-12-17 18:30 - 2014-12-22 03:01 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-17 18:30 - 2014-12-17 18:30 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-17 18:30 - 2014-12-17 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-17 18:30 - 2014-12-17 18:30 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-17 18:30 - 2014-12-17 18:30 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-17 18:30 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-17 18:30 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-17 18:30 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-17 18:18 - 2014-12-17 18:19 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Chruso\Downloads\mbam-setup-2.0.4.1028.exe 2014-12-17 18:07 - 2014-12-17 18:17 - 302470552 _____ (AMD Inc.) C:\Users\Chruso\Downloads\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe 2014-12-16 20:34 - 2014-12-16 20:34 - 00485186 _____ () C:\Users\Chruso\Desktop\scripts.rar 2014-12-16 17:44 - 2014-12-16 17:44 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-12-14 21:51 - 2014-12-14 21:51 - 00000000 ____D () C:\Users\Chruso\AppData\Roaming\Mozilla 2014-12-14 21:51 - 2014-12-14 21:51 - 00000000 ____D () C:\Users\Chruso\AppData\Roaming\Avira 2014-12-14 21:50 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-12-14 21:50 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-12-14 21:50 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-12-14 21:44 - 2014-12-14 21:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-12-14 21:44 - 2014-12-14 21:50 - 00000000 ____D () C:\ProgramData\Avira 2014-12-14 21:44 - 2014-12-14 21:50 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-12-14 21:44 - 2014-12-14 21:44 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-12-14 21:41 - 2014-12-14 21:41 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Chruso\Downloads\avira_de_av_5713298085__ws.exe 2014-12-14 21:36 - 2014-12-14 21:37 - 10190344 _____ (Locktime Software) C:\Users\Chruso\Downloads\netlimiter-3.0.0.11-x64.exe 2014-12-14 13:17 - 2014-12-21 21:55 - 00007584 _____ () C:\Users\Chruso\AppData\Local\Resmon.ResmonCfg 2014-12-11 19:58 - 2014-12-11 19:58 - 00000000 ____D () C:\Users\Chruso\Desktop\dsa 2014-12-11 19:58 - 2014-12-11 19:58 - 00000000 ____D () C:\Users\Chruso\AppData\Roaming\NetStat4Win 2014-12-11 19:57 - 2014-12-11 19:57 - 06461310 _____ () C:\Users\Chruso\Downloads\netstat4win_x64.zip 2014-12-11 19:32 - 2014-12-11 19:32 - 03855396 _____ () C:\Users\Chruso\Downloads\Firmware_Speedport_W723V_TypB_v1.36.000.bin 2014-12-11 19:31 - 2014-12-11 19:31 - 08194132 _____ () C:\Users\Chruso\Downloads\Firmware_Speedport_W723V_TypA_1.01.009.bin 2014-12-11 17:45 - 2014-12-11 17:45 - 00000000 ____D () C:\Windows\system32\appraiser 2014-12-10 21:35 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-10 21:35 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-10 21:35 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-12-10 21:35 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-12-10 21:35 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-12-10 21:35 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-12-10 21:35 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-12-10 21:35 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2014-12-10 21:35 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2014-12-10 21:35 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2014-12-10 18:29 - 2014-12-10 18:29 - 01912363 _____ () C:\Users\Chruso\Downloads\WinMTR-v092.zip 2014-12-10 18:09 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-10 18:09 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-10 18:09 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-10 18:09 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-10 18:09 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-10 18:09 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-10 18:09 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-10 18:09 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-10 18:09 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-10 18:09 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-10 18:09 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-10 18:09 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-10 18:09 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-10 18:09 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-10 18:09 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-10 18:09 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-10 18:09 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-10 18:09 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-12-10 18:09 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-10 18:09 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-10 18:09 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-10 18:09 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-12-10 18:09 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-12-10 18:09 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-10 18:09 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-10 18:09 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-10 18:09 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-12-10 18:09 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-12-10 18:09 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-12-10 18:09 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-12-10 18:09 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-10 18:09 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-10 18:09 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-10 18:09 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-10 18:09 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-12-10 18:09 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-10 18:09 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-10 18:09 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-12-10 18:09 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-10 18:09 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-10 18:09 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-10 18:09 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-10 18:09 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-10 18:09 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-10 18:09 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-12-10 18:09 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-10 18:09 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-10 18:09 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-10 18:09 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-10 18:09 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-10 18:09 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-10 18:08 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-10 18:08 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-10 18:08 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-10 17:59 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2014-12-10 17:59 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2014-12-10 17:59 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-12-10 17:59 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-12-10 17:59 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-12-10 17:59 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-12-10 17:59 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-12-10 17:59 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2014-12-10 17:55 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-10 17:55 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-10 17:55 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-10 17:50 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-10 17:50 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-12-10 17:50 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-10 17:50 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2014-12-10 17:50 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-10 17:50 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-10 17:50 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-10 17:50 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-10 17:50 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-10 17:50 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-12-10 17:50 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-10 17:50 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-10 17:50 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-12-10 17:50 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2014-12-09 20:11 - 2014-12-09 20:11 - 00082181 _____ () C:\Users\Chruso\Downloads\cports.zip 2014-12-08 18:40 - 2014-12-08 19:47 - 00000000 ____D () C:\Users\Chruso\AppData\Roaming\TeamViewer 2014-12-08 18:40 - 2014-12-08 18:41 - 07694560 _____ (TeamViewer GmbH) C:\Users\Chruso\Downloads\TeamViewer_Setup_de.exe 2014-12-08 18:37 - 2014-12-08 18:38 - 05325936 _____ (TeamViewer) C:\Users\Chruso\Downloads\TeamViewerQS_de.exe 2014-12-08 18:32 - 2014-12-09 18:11 - 00000986 _____ () C:\Users\Chruso\Desktop\ESEA Client.lnk 2014-12-08 18:32 - 2014-12-08 18:32 - 00000000 ____D () C:\Users\Chruso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESEA 2014-12-08 18:32 - 2014-12-08 18:32 - 00000000 ____D () C:\Program Files\ESEA 2014-12-08 18:31 - 2014-12-08 18:32 - 15168661 _____ () C:\Users\Chruso\Downloads\ESEAClientInstall.exe 2014-12-07 19:40 - 2014-12-07 19:40 - 00002029 _____ () C:\Users\Chruso\Desktop\XFast LAN.lnk 2014-12-07 19:40 - 2014-12-07 19:40 - 00000000 ____D () C:\Users\Chruso\AppData\Local\cFos 2014-12-07 19:40 - 2014-12-07 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XFast LAN 2014-12-07 19:40 - 2014-12-07 19:40 - 00000000 ____D () C:\ProgramData\cFos 2014-12-07 19:40 - 2014-12-07 19:40 - 00000000 ____D () C:\Program Files\ASRock 2014-12-07 19:40 - 2013-05-31 16:23 - 01814880 _____ (cFos Software GmbH) C:\Windows\system32\Drivers\cfosspeed6.sys 2014-12-07 19:37 - 2014-12-07 19:38 - 04498303 _____ () C:\Users\Chruso\Downloads\XFastLAN(v9.05).zip 2014-12-07 19:32 - 2014-12-07 19:34 - 06166500 _____ () C:\Users\Chruso\Downloads\Install_Win7_7090_11252014.zip 2014-12-07 19:24 - 2014-12-07 19:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft WSE 2014-12-07 19:23 - 2014-12-07 19:23 - 10995296 _____ (Deutsche Telekom AG, Marmiko IT-Solutions GmbH ) C:\Users\Chruso\Downloads\netzmanager_setup.exe 2014-12-06 17:55 - 2014-12-21 22:10 - 00000000 ____D () C:\Users\Chruso\AppData\Local\ESL Wire Game Client 2014-12-06 17:55 - 2014-12-11 17:53 - 00000779 _____ () C:\Users\Public\Desktop\ESL Wire.lnk 2014-12-06 17:55 - 2014-12-11 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire 2014-12-06 17:55 - 2014-12-11 17:53 - 00000000 ____D () C:\Program Files\EslWire 2014-12-06 17:55 - 2014-12-06 17:55 - 00000000 ____D () C:\ProgramData\ESL Wire 2014-12-06 17:52 - 2014-12-06 17:52 - 00939656 _____ (Turtle Entertainment GmbH) C:\Users\Chruso\Downloads\ESLWireSetup-1.18.0.8085.exe 2014-12-06 11:31 - 2011-05-03 13:40 - 00000000 ____D () C:\Users\Chruso\Desktop\Unpark-CPU-App 2014-12-06 11:30 - 2014-12-06 11:30 - 00546199 _____ () C:\Users\Chruso\Downloads\Unpark-CPU-App.zip 2014-12-04 21:48 - 2014-12-04 21:48 - 00000000 ____D () C:\Users\Chruso\AppData\Roaming\WindSolutions 2014-12-04 21:46 - 2014-12-04 21:46 - 113191850 _____ () C:\Users\Chruso\Desktop\WhatsApp2.11.12.ipa 2014-12-04 21:42 - 2014-12-04 21:42 - 44006973 _____ () C:\Users\Chruso\Desktop\Dumb Ways3.0.0.ipa 2014-12-04 21:42 - 2014-12-04 21:42 - 41182326 _____ () C:\Users\Chruso\Desktop\Dumb Ways 21.0.0.ipa 2014-12-04 21:42 - 2014-12-04 21:42 - 12139545 _____ () C:\Users\Chruso\Desktop\Spikes1.8.ipa 2014-12-04 21:42 - 2014-12-04 21:42 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2014-12-04 21:40 - 2014-12-04 21:40 - 00000000 ____D () C:\ProgramData\WindSolutions 2014-12-04 21:29 - 2014-12-04 21:32 - 07158166 _____ () C:\Users\Chruso\Downloads\CopyTransAppsDEv1.027.zip 2014-11-28 19:24 - 2014-11-28 19:25 - 00000000 ____D () C:\Users\Chruso\Documents\Snagit 2014-11-28 19:23 - 2014-12-07 19:39 - 00000000 ____D () C:\ProgramData\TechSmith 2014-11-28 19:20 - 2014-11-28 19:20 - 01174352 _____ () C:\Users\Chruso\Downloads\Snagit - CHIP-Installer.exe 2014-11-27 17:31 - 2014-11-27 17:31 - 00000199 _____ () C:\Users\Chruso\Desktop\Counter-Strike Global Offensive.url 2014-11-25 20:51 - 2014-11-25 20:51 - 00000199 _____ () C:\Users\Chruso\Desktop\Counter-Strike Source.url 2014-11-25 20:50 - 2014-11-25 20:50 - 00001387 _____ () C:\Users\Chruso\Desktop\Counter-Strike Source.lnk 2014-11-25 20:50 - 2014-11-25 20:50 - 00000000 ____D () C:\Users\Chruso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-11-22 12:00 - 2014-11-22 12:00 - 00000000 __SHD () C:\Users\Chruso\AppData\Local\EmieUserList 2014-11-22 12:00 - 2014-11-22 12:00 - 00000000 __SHD () C:\Users\Chruso\AppData\Local\EmieSiteList 2014-11-22 12:00 - 2014-11-22 12:00 - 00000000 __SHD () C:\Users\Chruso\AppData\Local\EmieBrowserModeList ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-22 03:19 - 2014-11-05 21:08 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-22 03:00 - 2014-11-04 15:56 - 01238292 _____ () C:\Windows\WindowsUpdate.log 2014-12-22 00:03 - 2014-11-16 17:33 - 00000000 ____D () C:\Users\Chruso\AppData\Roaming\TS3Client 2014-12-21 23:27 - 2014-11-06 15:37 - 00000000 ____D () C:\Users\Chruso\AppData\Roaming\Spotify 2014-12-21 22:16 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-21 22:16 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-21 22:08 - 2014-11-05 21:08 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-21 22:08 - 2010-11-21 04:47 - 00146344 _____ () C:\Windows\PFRO.log 2014-12-21 22:08 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-21 22:08 - 2009-07-14 05:51 - 00029349 _____ () C:\Windows\setupact.log 2014-12-21 19:04 - 2014-11-06 15:48 - 00000000 ____D () C:\Users\Chruso\AppData\Local\Spotify 2014-12-18 22:01 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2014-12-18 21:58 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-12-18 21:11 - 2009-07-14 05:45 - 00000000 ____D () C:\Windows\Setup 2014-12-16 18:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-12-14 21:44 - 2014-11-04 16:25 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-14 21:42 - 2014-11-07 16:37 - 00000000 ____D () C:\Users\admin 2014-12-14 21:42 - 2014-11-04 16:33 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-12-13 15:21 - 2014-11-05 21:16 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-12-11 17:45 - 2014-11-06 15:19 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-11 17:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-11 17:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat 2014-12-10 21:39 - 2014-11-05 17:38 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-10 21:37 - 2014-11-05 17:38 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-09 18:08 - 2014-11-07 16:37 - 00000000 ____D () C:\Users\Chruso\AppData\Local\SteelSeries Engine 3 Client 2014-12-04 21:18 - 2014-11-06 15:32 - 00000000 ____D () C:\Users\Chruso\AppData\Roaming\Apple Computer 2014-11-27 22:05 - 2014-11-07 14:00 - 00235165 _____ () C:\Windows\DirectX.log 2014-11-23 19:47 - 2011-04-12 08:43 - 00699088 _____ () C:\Windows\system32\perfh007.dat 2014-11-23 19:47 - 2011-04-12 08:43 - 00149228 _____ () C:\Windows\system32\perfc007.dat 2014-11-23 19:47 - 2009-07-14 06:13 - 01619264 _____ () C:\Windows\system32\PerfStringBackup.INI Some content of TEMP: ==================== C:\Users\Chruso\AppData\Local\Temp\avgnt.exe C:\Users\Chruso\AppData\Local\Temp\Quarantine.exe C:\Users\Chruso\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-16 18:08 ==================== End Of Log ============================ |
|
22.12.2014, 17:23
| #8 |
| /// the machine /// TB-Ausbilder | Extreme Laggs (+1000ms), was ist schuld?ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.12.2014, 21:00
| #9 |
| | Extreme Laggs (+1000ms), was ist schuld?Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4783f74e45b4ee4c81f123951e94c3c1
# engine=21602
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-12-17 10:56:50
# local_time=2014-12-17 11:56:50 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 26139 2039610 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 270328 170486860 0 0
# scanned=3664
# found=0
# cleaned=0
# scan_time=1464
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4783f74e45b4ee4c81f123951e94c3c1
# engine=21671
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-22 07:53:59
# local_time=2014-12-22 08:53:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 20505 2460639 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 687757 170907889 0 0
# scanned=138955
# found=2
# cleaned=2
# scan_time=1989
sh=FF930094B46A81F89F4EB31968214456249E4FC5 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Chruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KMAV0UQ5\blonde-girl[1].htm"
sh=0AA0DF6C692D483D67A95AF66304C2355F3BABF2 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Chruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WGATKLUI\rblighter[1].htm"
Code:
ATTFilter Results of screen317's Security Check version 0.99.93 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java version 32-bit out of Date! Google Chrome (39.0.2171.71) Google Chrome (39.0.2171.95) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-12-2014 01 Ran by Chruso (administrator) on CHRUSO-PC on 22-12-2014 20:59:05 Running from C:\Users\Chruso\Downloads Loaded Profile: Chruso (Available profiles: Chruso) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe () C:\Program Files\EslWire\service\WireHelperSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Valve Corporation) E:\Steam\Steam.exe (Spotify Ltd) C:\Users\Chruso\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) C:\Users\Chruso\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (Apple Inc.) D:\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Valve Corporation) E:\Steam\bin\steamwebhelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe () C:\Users\Chruso\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Chruso\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Chruso\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Chruso\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Chruso\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Valve Corporation) E:\Steam\bin\steamwebhelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () E:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corporation) E:\Steam\GameOverlayUI.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [2009952 2013-05-31] (cFos Software GmbH) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [iTunesHelper] => D:\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-1859405021-3660317821-3220195125-1000\...\Run: [Steam] => E:\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation) HKU\S-1-5-21-1859405021-3660317821-3220195125-1000\...\Run: [Spotify] => C:\Users\Chruso\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-14] (Spotify Ltd) HKU\S-1-5-21-1859405021-3660317821-3220195125-1000\...\Run: [Spotify Web Helper] => C:\Users\Chruso\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-14] (Spotify Ltd) HKU\S-1-5-21-1859405021-3660317821-3220195125-1000\...\Run: [ESL Wire] => C:\Program Files\EslWire\wire.exe [3771904 2014-12-09] (Turtle Entertainment GmbH) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1859405021-3660317821-3220195125-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1859405021-3660317821-3220195125-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1859405021-3660317821-3220195125-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll No File BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Chruso\AppData\Roaming\Mozilla\Firefox\Profiles\G0PEXTeJ.default FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Extension: Avira Browser Safety - C:\Users\Chruso\AppData\Roaming\Mozilla\Firefox\Profiles\G0PEXTeJ.default\Extensions\abs@avira.com [2014-12-14] Chrome: ======= CHR Profile: C:\Users\Chruso\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Chruso\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-05] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Chruso\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-05] CHR Extension: (YouTube) - C:\Users\Chruso\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-05] CHR Extension: (Google-Suche) - C:\Users\Chruso\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-05] CHR Extension: (AdBlock) - C:\Users\Chruso\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-05] CHR Extension: (Google Wallet) - C:\Users\Chruso\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-05] CHR Extension: (Marc Ecko) - C:\Users\Chruso\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjonmehjfmkejjifhhknofdnacklmjk [2014-11-05] CHR Extension: (Google Mail) - C:\Users\Chruso\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-05] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed] R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [652640 2013-05-31] (cFos Software GmbH) R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2014-01-28] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 Themes; C:\Windows\system32\themeservice.dll [44544 2014-11-05] (Microsoft Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-22] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [38912 2014-10-30] (SteelSeries ApS) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 ESEADriver2; \??\C:\Users\Chruso\AppData\Local\Temp\ESEADriver2.sys [X] S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X] S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-22 20:56 - 2014-12-22 20:56 - 00852505 _____ () C:\Users\Chruso\Downloads\SecurityCheck.exe 2014-12-22 20:18 - 2014-12-22 20:19 - 02347384 _____ (ESET) C:\Users\Chruso\Downloads\esetsmartinstaller_deu (1).exe 2014-12-22 03:22 - 2014-12-22 03:22 - 00000000 ____D () C:\Users\Chruso\Downloads\FRST-OlderVersion 2014-12-22 03:21 - 2014-12-22 03:21 - 00001055 _____ () C:\Users\Chruso\Desktop\dere.txt 2014-12-22 03:00 - 2014-12-22 03:00 - 00001288 _____ () C:\Users\Chruso\Desktop\JRT.txt 2014-12-22 02:57 - 2014-12-22 02:57 - 00000000 ____D () C:\Windows\ERUNT 2014-12-22 02:56 - 2014-12-22 02:57 - 01707646 _____ (Thisisu) C:\Users\Chruso\Downloads\JRT (1).exe 2014-12-21 22:20 - 2014-12-21 22:20 - 01707646 _____ (Thisisu) C:\Users\Chruso\Downloads\JRT.exe 2014-12-21 22:11 - 2014-12-21 22:11 - 00001820 _____ () C:\Users\Chruso\Downloads\AdwCleaner[S0].txt 2014-12-21 22:04 - 2014-12-21 22:06 - 00000000 ____D () C:\AdwCleaner 2014-12-21 21:57 - 2014-12-21 21:57 - 02173952 _____ () C:\Users\Chruso\Downloads\AdwCleaner_4.106.exe 2014-12-18 22:01 - 2014-12-18 22:01 - 00028818 _____ () C:\ComboFix.txt 2014-12-18 21:48 - 2014-12-18 22:01 - 00000000 ____D () C:\Qoobox 2014-12-18 21:48 - 2014-12-18 21:59 - 00000000 ____D () C:\Windows\erdnt 2014-12-18 21:48 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-12-18 21:48 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-12-18 21:48 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-12-18 21:48 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-12-18 21:48 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-12-18 21:48 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-12-18 21:48 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-12-18 21:48 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-12-18 21:47 - 2014-12-18 21:48 - 05601641 ____R (Swearware) C:\Users\Chruso\Downloads\ComboFix.exe 2014-12-18 21:45 - 2014-12-18 21:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Chruso\Downloads\revosetup95.exe 2014-12-18 21:45 - 2014-12-18 21:45 - 00001268 _____ () C:\Users\Chruso\Desktop\Revo Uninstaller.lnk 2014-12-18 21:45 - 2014-12-18 21:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-12-18 21:20 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-18 21:20 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-17 23:28 - 2014-12-17 23:28 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-12-17 23:26 - 2014-12-17 23:26 - 02347384 _____ (ESET) C:\Users\Chruso\Downloads\esetsmartinstaller_deu.exe 2014-12-17 23:21 - 2014-12-17 23:22 - 04036200 _____ (Piriform Ltd) C:\Users\Chruso\Downloads\ccsetup500_slim.exe 2014-12-17 21:00 - 2014-12-17 21:01 - 00025245 _____ () C:\Users\Chruso\Downloads\Addition.txt 2014-12-17 20:59 - 2014-12-22 20:59 - 00014466 _____ () C:\Users\Chruso\Downloads\FRST.txt 2014-12-17 20:59 - 2014-12-22 20:59 - 00000000 ____D () C:\FRST 2014-12-17 20:58 - 2014-12-22 03:22 - 02122240 _____ (Farbar) C:\Users\Chruso\Downloads\FRST64.exe 2014-12-17 18:30 - 2014-12-22 20:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-17 18:30 - 2014-12-17 18:30 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-17 18:30 - 2014-12-17 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-17 18:30 - 2014-12-17 18:30 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-17 18:30 - 2014-12-17 18:30 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-17 18:30 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-17 18:30 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-17 18:30 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-17 18:18 - 2014-12-17 18:19 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Chruso\Downloads\mbam-setup-2.0.4.1028.exe 2014-12-17 18:07 - 2014-12-17 18:17 - 302470552 _____ (AMD Inc.) C:\Users\Chruso\Downloads\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe 2014-12-16 20:34 - 2014-12-16 20:34 - 00485186 _____ () C:\Users\Chruso\Desktop\scripts.rar 2014-12-16 17:44 - 2014-12-16 17:44 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-12-14 21:51 - 2014-12-14 21:51 - 00000000 ____D () C:\Users\Chruso\AppData\Roaming\Mozilla 2014-12-14 21:51 - 2014-12-14 21:51 - 00000000 ____D () C:\Users\Chruso\AppData\Roaming\Avira 2014-12-14 21:50 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-12-14 21:50 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-12-14 21:50 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-12-14 21:44 - 2014-12-14 21:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-12-14 21:44 - 2014-12-14 21:50 - 00000000 ____D () C:\ProgramData\Avira 2014-12-14 21:44 - 2014-12-14 21:50 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-12-14 21:44 - 2014-12-14 21:44 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-12-14 21:41 - 2014-12-14 21:41 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Chruso\Downloads\avira_de_av_5713298085__ws.exe 2014-12-14 21:36 - 2014-12-14 21:37 - 10190344 _____ (Locktime Software) C:\Users\Chruso\Downloads\netlimiter-3.0.0.11-x64.exe 2014-12-14 13:17 - 2014-12-21 21:55 - 00007584 _____ () C:\Users\Chruso\AppData\Local\Resmon.ResmonCfg 2014-12-11 19:58 - 2014-12-11 19:58 - 00000000 ____D () C:\Users\Chruso\Desktop\dsa 2014-12-11 19:58 - 2014-12-11 19:58 - 00000000 ____D () C:\Users\Chruso\AppData\Roaming\NetStat4Win 2014-12-11 19:57 - 2014-12-11 19:57 - 06461310 _____ () C:\Users\Chruso\Downloads\netstat4win_x64.zip 2014-12-11 19:32 - 2014-12-11 19:32 - 03855396 _____ () C:\Users\Chruso\Downloads\Firmware_Speedport_W723V_TypB_v1.36.000.bin 2014-12-11 19:31 - 2014-12-11 19:31 - 08194132 _____ () C:\Users\Chruso\Downloads\Firmware_Speedport_W723V_TypA_1.01.009.bin 2014-12-11 17:45 - 2014-12-11 17:45 - 00000000 ____D () C:\Windows\system32\appraiser 2014-12-10 21:35 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-10 21:35 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-10 21:35 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-12-10 21:35 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-12-10 21:35 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-12-10 21:35 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-12-10 21:35 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-12-10 21:35 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2014-12-10 21:35 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2014-12-10 21:35 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2014-12-10 18:29 - 2014-12-10 18:29 - 01912363 _____ () C:\Users\Chruso\Downloads\WinMTR-v092.zip 2014-12-10 18:09 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-10 18:09 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-10 18:09 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-10 18:09 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-10 18:09 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-10 18:09 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-10 18:09 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-10 18:09 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-10 18:09 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-10 18:09 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-10 18:09 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-10 18:09 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-10 18:09 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-10 18:09 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-10 18:09 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-10 18:09 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-10 18:09 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-10 18:09 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-12-10 18:09 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-10 18:09 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-10 18:09 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-10 18:09 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-12-10 18:09 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-12-10 18:09 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-10 18:09 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-10 18:09 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-10 18:09 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-12-10 18:09 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-12-10 18:09 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-12-10 18:09 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-12-10 18:09 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-10 18:09 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-10 18:09 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-10 18:09 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-10 18:09 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-12-10 18:09 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-10 18:09 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-10 18:09 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-12-10 18:09 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-10 18:09 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-10 18:09 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-10 18:09 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-10 18:09 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-10 18:09 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-10 18:09 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-12-10 18:09 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-10 18:09 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-10 18:09 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-10 18:09 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-10 18:09 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-10 18:09 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-10 18:08 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-10 18:08 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-10 18:08 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-10 17:59 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2014-12-10 17:59 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2014-12-10 17:59 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-12-10 17:59 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-12-10 17:59 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-12-10 17:59 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-12-10 17:59 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-12-10 17:59 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2014-12-10 17:55 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-10 17:55 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-10 17:55 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-10 17:50 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-10 17:50 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-12-10 17:50 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-10 17:50 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2014-12-10 17:50 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-10 17:50 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-10 17:50 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-10 17:50 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-10 17:50 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-10 17:50 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-12-10 17:50 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-10 17:50 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-10 17:50 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-12-10 17:50 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2014-12-09 20:11 - 2014-12-09 20:11 - 00082181 _____ () C:\Users\Chruso\Downloads\cports.zip 2014-12-08 18:40 - 2014-12-08 19:47 - 00000000 ____D () C:\Users\Chruso\AppData\Roaming\TeamViewer 2014-12-08 18:40 - 2014-12-08 18:41 - 07694560 _____ (TeamViewer GmbH) C:\Users\Chruso\Downloads\TeamViewer_Setup_de.exe 2014-12-08 18:37 - 2014-12-08 18:38 - 05325936 _____ (TeamViewer) C:\Users\Chruso\Downloads\TeamViewerQS_de.exe 2014-12-08 18:32 - 2014-12-09 18:11 - 00000986 _____ () C:\Users\Chruso\Desktop\ESEA Client.lnk 2014-12-08 18:32 - 2014-12-08 18:32 - 00000000 ____D () C:\Users\Chruso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESEA 2014-12-08 18:32 - 2014-12-08 18:32 - 00000000 ____D () C:\Program Files\ESEA 2014-12-08 18:31 - 2014-12-08 18:32 - 15168661 _____ () C:\Users\Chruso\Downloads\ESEAClientInstall.exe 2014-12-07 19:40 - 2014-12-07 19:40 - 00002029 _____ () C:\Users\Chruso\Desktop\XFast LAN.lnk 2014-12-07 19:40 - 2014-12-07 19:40 - 00000000 ____D () C:\Users\Chruso\AppData\Local\cFos 2014-12-07 19:40 - 2014-12-07 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XFast LAN 2014-12-07 19:40 - 2014-12-07 19:40 - 00000000 ____D () C:\ProgramData\cFos 2014-12-07 19:40 - 2014-12-07 19:40 - 00000000 ____D () C:\Program Files\ASRock 2014-12-07 19:40 - 2013-05-31 16:23 - 01814880 _____ (cFos Software GmbH) C:\Windows\system32\Drivers\cfosspeed6.sys 2014-12-07 19:37 - 2014-12-07 19:38 - 04498303 _____ () C:\Users\Chruso\Downloads\XFastLAN(v9.05).zip 2014-12-07 19:32 - 2014-12-07 19:34 - 06166500 _____ () C:\Users\Chruso\Downloads\Install_Win7_7090_11252014.zip 2014-12-07 19:24 - 2014-12-07 19:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft WSE 2014-12-07 19:23 - 2014-12-07 19:23 - 10995296 _____ (Deutsche Telekom AG, Marmiko IT-Solutions GmbH ) C:\Users\Chruso\Downloads\netzmanager_setup.exe 2014-12-06 17:55 - 2014-12-22 20:11 - 00000000 ____D () C:\Users\Chruso\AppData\Local\ESL Wire Game Client 2014-12-06 17:55 - 2014-12-11 17:53 - 00000779 _____ () C:\Users\Public\Desktop\ESL Wire.lnk 2014-12-06 17:55 - 2014-12-11 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire 2014-12-06 17:55 - 2014-12-11 17:53 - 00000000 ____D () C:\Program Files\EslWire 2014-12-06 17:55 - 2014-12-06 17:55 - 00000000 ____D () C:\ProgramData\ESL Wire 2014-12-06 17:52 - 2014-12-06 17:52 - 00939656 _____ (Turtle Entertainment GmbH) C:\Users\Chruso\Downloads\ESLWireSetup-1.18.0.8085.exe 2014-12-06 11:31 - 2011-05-03 13:40 - 00000000 ____D () C:\Users\Chruso\Desktop\Unpark-CPU-App 2014-12-06 11:30 - 2014-12-06 11:30 - 00546199 _____ () C:\Users\Chruso\Downloads\Unpark-CPU-App.zip 2014-12-04 21:48 - 2014-12-04 21:48 - 00000000 ____D () C:\Users\Chruso\AppData\Roaming\WindSolutions 2014-12-04 21:46 - 2014-12-04 21:46 - 113191850 _____ () C:\Users\Chruso\Desktop\WhatsApp2.11.12.ipa 2014-12-04 21:42 - 2014-12-04 21:42 - 44006973 _____ () C:\Users\Chruso\Desktop\Dumb Ways3.0.0.ipa 2014-12-04 21:42 - 2014-12-04 21:42 - 41182326 _____ () C:\Users\Chruso\Desktop\Dumb Ways 21.0.0.ipa 2014-12-04 21:42 - 2014-12-04 21:42 - 12139545 _____ () C:\Users\Chruso\Desktop\Spikes1.8.ipa 2014-12-04 21:42 - 2014-12-04 21:42 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2014-12-04 21:40 - 2014-12-04 21:40 - 00000000 ____D () C:\ProgramData\WindSolutions 2014-12-04 21:29 - 2014-12-04 21:32 - 07158166 _____ () C:\Users\Chruso\Downloads\CopyTransAppsDEv1.027.zip 2014-11-28 19:24 - 2014-11-28 19:25 - 00000000 ____D () C:\Users\Chruso\Documents\Snagit 2014-11-28 19:23 - 2014-12-07 19:39 - 00000000 ____D () C:\ProgramData\TechSmith 2014-11-28 19:20 - 2014-11-28 19:20 - 01174352 _____ () C:\Users\Chruso\Downloads\Snagit - CHIP-Installer.exe 2014-11-27 17:31 - 2014-11-27 17:31 - 00000199 _____ () C:\Users\Chruso\Desktop\Counter-Strike Global Offensive.url 2014-11-25 20:51 - 2014-11-25 20:51 - 00000199 _____ () C:\Users\Chruso\Desktop\Counter-Strike Source.url 2014-11-25 20:50 - 2014-11-25 20:50 - 00001387 _____ () C:\Users\Chruso\Desktop\Counter-Strike Source.lnk 2014-11-25 20:50 - 2014-11-25 20:50 - 00000000 ____D () C:\Users\Chruso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-11-22 12:00 - 2014-11-22 12:00 - 00000000 __SHD () C:\Users\Chruso\AppData\Local\EmieUserList 2014-11-22 12:00 - 2014-11-22 12:00 - 00000000 __SHD () C:\Users\Chruso\AppData\Local\EmieSiteList 2014-11-22 12:00 - 2014-11-22 12:00 - 00000000 __SHD () C:\Users\Chruso\AppData\Local\EmieBrowserModeList ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-22 20:19 - 2014-11-05 21:08 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-22 20:18 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-22 20:18 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-22 20:14 - 2009-07-14 05:51 - 00029517 _____ () C:\Windows\setupact.log 2014-12-22 20:13 - 2014-11-04 15:56 - 01259068 _____ () C:\Windows\WindowsUpdate.log 2014-12-22 20:12 - 2014-11-06 15:37 - 00000000 ____D () C:\Users\Chruso\AppData\Roaming\Spotify 2014-12-22 20:11 - 2014-11-05 21:08 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-22 20:10 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-22 19:11 - 2014-11-16 17:33 - 00000000 ____D () C:\Users\Chruso\AppData\Roaming\TS3Client 2014-12-22 15:09 - 2014-11-06 15:48 - 00000000 ____D () C:\Users\Chruso\AppData\Local\Spotify 2014-12-21 22:08 - 2010-11-21 04:47 - 00146344 _____ () C:\Windows\PFRO.log 2014-12-18 22:01 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2014-12-18 21:58 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-12-18 21:11 - 2009-07-14 05:45 - 00000000 ____D () C:\Windows\Setup 2014-12-16 18:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-12-14 21:44 - 2014-11-04 16:25 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-14 21:42 - 2014-11-07 16:37 - 00000000 ____D () C:\Users\admin 2014-12-14 21:42 - 2014-11-04 16:33 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-12-13 15:21 - 2014-11-05 21:16 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-12-11 17:45 - 2014-11-06 15:19 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-11 17:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-11 17:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat 2014-12-10 21:39 - 2014-11-05 17:38 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-10 21:37 - 2014-11-05 17:38 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-09 18:08 - 2014-11-07 16:37 - 00000000 ____D () C:\Users\Chruso\AppData\Local\SteelSeries Engine 3 Client 2014-12-04 21:18 - 2014-11-06 15:32 - 00000000 ____D () C:\Users\Chruso\AppData\Roaming\Apple Computer 2014-11-27 22:05 - 2014-11-07 14:00 - 00235165 _____ () C:\Windows\DirectX.log 2014-11-23 19:47 - 2011-04-12 08:43 - 00699088 _____ () C:\Windows\system32\perfh007.dat 2014-11-23 19:47 - 2011-04-12 08:43 - 00149228 _____ () C:\Windows\system32\perfc007.dat 2014-11-23 19:47 - 2009-07-14 06:13 - 01619264 _____ () C:\Windows\system32\PerfStringBackup.INI Some content of TEMP: ==================== C:\Users\Chruso\AppData\Local\Temp\avgnt.exe C:\Users\Chruso\AppData\Local\Temp\Quarantine.exe C:\Users\Chruso\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-16 18:08 ==================== End Of Log ============================ ja hab ich noch  |
|
23.12.2014, 17:59
| #10 |
| /// the machine /// TB-Ausbilder | Extreme Laggs (+1000ms), was ist schuld? Jetzt ist Malware und Adware runter. Gewusst wie: Durchführen eines sauberen Neustarts in Windows Bitte einen Clean Boot machen. Wenn das Problem dann weg ist, einzeln wieder Dienste aktivieren, dazwischen immer einen Reboot machen. Solange bis Du weißt welcher Dienst die Probleme macht. Diesen dann hier benennen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Extreme Laggs (+1000ms), was ist schuld? |
| aktuellsten, amd, befindet, board, cmd, folge, folgendes, laggs, laufen, netzwerk, problem, prozesse, router, sapphire, schuld, servus, steam, steigt, telekom, treiber, unregelmäßig, win, wlan, woche, wochen |
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
