|
Log-Analyse und Auswertung: Tabs öffnet sich automatisch bei google chromeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.02.2015, 19:17 | #1 |
| Tabs öffnet sich automatisch bei google chrome Hallo liebe community Ich bin selber nicht gerade auf den kopf gefallen was malware angeht und so ander kram da. Ich habe adwcleaner und Malwarebytes Anti-Malware durch meinen Pc laufen lassen beide programme haben nichts gefunden. Dennoch öffnet sich bei Google Chrome neue Tabs wie z.B. diese seite: hxxp://ilead.itrack.it/clients/DEYoufit/c19157/expiredpage.asp?campaignid=19157&websiteid=14073&scriptid=128149&subwebsiteid=&trackid=&viralref=0&leadwebsiteid=14073 oder Postbank.de oder https://www.tarifcheck24.com/kfz-versicherung/vergleich/ oder sonst so ein käse.. Ich weiss nicht mehr weiter wie ich das problemm beheben kann Ich bitte um Hilfe |
03.02.2015, 19:26 | #2 |
/// the machine /// TB-Ausbilder | Tabs öffnet sich automatisch bei google chrome hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
04.02.2015, 17:23 | #3 |
| Tabs öffnet sich automatisch bei google chrome FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015 Ran by Nuclear (administrator) on NUCLEAR-PC on 03-02-2015 19:57:35 Running from D:\Übersicht\Programme Loaded Profiles: Nuclear (Available profiles: Nuclear) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Electronic Arts) D:\Übersicht\Programme\Origin\Origin.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Akamai Technologies, Inc.) C:\Users\Nuclear\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Nuclear\AppData\Local\Akamai\netsession_win.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Users\Nuclear\AppData\Local\winengine\rkr1.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\ProgramData\SecurityUtility\SecurityUtilitySrv.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (TeamSpeak Systems GmbH) D:\Übersicht\Programme\ts3client_win64.exe (Microsoft Corporation) C:\Windows\System32\SndVol.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_296_ActiveX.exe (Farbar) D:\Übersicht\Programme\FRST64 (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [EADM] => D:\Übersicht\Programme\Origin\Origin.exe [3619160 2015-01-27] (Electronic Arts) HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Nuclear\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [uTorrent] => C:\Users\Nuclear\AppData\Roaming\uTorrent\uTorrent.exe [1736784 2015-02-01] (BitTorrent Inc.) HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [DAEMON Tools Lite] => D:\Übersicht\Programme\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [winengine] => C:\Users\Nuclear\AppData\Local\winengine\rkr0.exe [511416 2014-12-12] () HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [winengine2] => C:\Users\Nuclear\AppData\Local\winengine\rkr1.exe [511416 2014-12-12] () HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\MountPoints2: {bed726d4-3be8-11e4-94c6-0025226b1f74} - H:\HTC_Sync_Manager_PC.exe HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-08-03] (Microsoft Corporation) Startup: C:\Users\Nuclear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OPTISetup.lnk ShortcutTarget: OPTISetup.lnk -> C:\ProgramData\{bc9a1b3f-dfaa-dce7-bc9a-a1b3fdfa6cff}\OPTISetup.exe (No File) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-3236316847-1076086714-31016914-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-3236316847-1076086714-31016914-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Übersicht\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Übersicht\Programme\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-3236316847-1076086714-31016914-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Übersicht\Programme\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Firefox\Extensions: [{562F1FE6-9763-FF7B-444A-FE5DD2884927}] - C:\Program Files (x86)\ver3BetterMarkIt\186.xpi Chrome: ======= CHR HomePage: Default -> hxxp://www.google.ch/ CHR StartupUrls: Default -> "https://www.google.ch/?gws_rd=ssl" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-02] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-30] CHR Extension: (YouTube) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-02] CHR Extension: (Google-Suche) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-02] CHR Extension: (AdBlock) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-11] CHR Extension: (New Tab Page by Speed Dial Team) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgeoanibcknhniccgaoaiolihidecjn [2014-08-02] CHR Extension: (Google Wallet) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-02] CHR Extension: (Google Mail) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-02] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 4ef60154; c:\Program Files (x86)\Optimizer Pro 3.38\OptProMon.dll [1633848 2015-02-01] () R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103424 2013-02-14] (Creative Technology Ltd) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) S3 Origin Client Service; D:\Übersicht\Programme\Origin\OriginClientService.exe [1910128 2015-01-27] (Electronic Arts) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-04] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-03] () R2 SecurityUtility Service; C:\ProgramData\SecurityUtility\SecurityUtilitySrv.exe [567808 2015-02-01] () [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 cthda; C:\Windows\System32\drivers\cthda.sys [1044760 2013-02-14] (Creative Technology Ltd) R3 cthdb; C:\Windows\System32\DRIVERS\cthdb.sys [28440 2013-02-14] (Creative Technology Ltd) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-18] (Disc Soft Ltd) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) R3 SaiK0728; C:\Windows\System32\DRIVERS\SaiK0728.sys [129024 2008-01-21] (Saitek) S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-03 11:50 - 2015-02-03 11:52 - 00000000 ____D () C:\Users\Nuclear\Documents\BFH Beta 2 2015-02-03 11:49 - 2015-02-03 11:49 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\ESN 2015-02-03 01:59 - 2015-02-03 19:57 - 00000000 ____D () C:\FRST 2015-02-03 01:26 - 2015-02-03 01:26 - 00002247 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-03 01:26 - 2015-02-03 01:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-02-03 01:25 - 2015-02-03 19:30 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-03 01:25 - 2015-02-03 17:04 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-03 01:25 - 2015-02-03 01:25 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-03 01:25 - 2015-02-03 01:25 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-03 01:05 - 2015-02-03 01:05 - 00000834 _____ () C:\Users\Public\Desktop\Battlefield Hardline Beta.lnk 2015-02-03 01:05 - 2015-02-03 01:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield Hardline Beta 2015-02-02 22:42 - 2015-02-02 22:42 - 01533584 _____ () C:\Users\Nuclear\Downloads\battlelog-web-plugins_2.6.2_157.exe 2015-02-02 17:02 - 2015-02-02 17:02 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\SKIDROW 2015-02-02 16:58 - 2015-02-02 16:58 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\Steam 2015-02-02 16:57 - 2015-02-02 16:57 - 00000000 ____D () C:\Program Files (x86)\The Evil Within 2015-02-02 16:50 - 2015-02-02 16:55 - 159477620 _____ () C:\Users\Nuclear\Downloads\The.Evil.Within.Update.1-CODEX.rar 2015-02-02 16:38 - 2015-02-02 16:38 - 00000866 _____ () C:\Users\Public\Desktop\NFS Rivals x86.lnk 2015-02-02 16:38 - 2015-02-02 16:38 - 00000842 _____ () C:\Users\Public\Desktop\NFS Rivals.lnk 2015-02-02 16:38 - 2015-02-02 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NFS Rivals 2015-02-02 16:28 - 2015-02-02 16:28 - 00001156 _____ () C:\Users\Nuclear\Downloads\9jcd2enskfu3 (1).dlc 2015-02-02 16:25 - 2015-02-02 16:25 - 31419822 _____ () C:\Users\Nuclear\Downloads\JDownloader.zip 2015-02-02 16:25 - 2015-02-02 16:25 - 00001156 _____ () C:\Users\Nuclear\Downloads\9jcd2enskfu3.dlc 2015-02-02 16:22 - 2015-02-02 16:23 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-02 16:19 - 2015-02-02 16:22 - 00000849 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-02 16:19 - 2015-02-02 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-02 16:19 - 2015-02-02 16:19 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-02 16:19 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-02 16:19 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-02 16:19 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-02-02 15:12 - 2015-02-02 16:29 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\12891 2015-02-02 15:02 - 2015-02-02 15:09 - 478256047 _____ () C:\Users\Nuclear\Downloads\NFS_Language_DE_EN_Patch.rar 2015-02-02 14:54 - 2015-02-02 14:54 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\winengine 2015-02-02 14:54 - 2015-02-02 14:54 - 00000000 ____D () C:\ProgramData\SecurityUtilityData 2015-02-02 14:54 - 2015-02-02 14:54 - 00000000 ____D () C:\ProgramData\SecurityUtility 2015-02-02 14:54 - 2015-01-27 17:31 - 00344440 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll 2015-02-02 14:54 - 2015-01-27 17:31 - 00301168 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll 2015-02-02 14:52 - 2015-02-02 14:53 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\Opera Software 2015-02-02 14:52 - 2015-02-02 14:53 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\Opera Software 2015-02-02 14:06 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll 2015-02-02 12:07 - 2015-02-02 12:07 - 00000000 ____D () C:\Users\Nuclear\Documents\NFS Most Wanted 2015-02-02 11:38 - 2015-02-02 11:38 - 00000707 _____ () C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk 2015-02-02 11:37 - 2015-02-02 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES 2015-02-02 11:19 - 2015-02-02 12:02 - 04676570 _____ () C:\Users\Nuclear\Desktop\DIAG.LOG 2015-02-02 11:17 - 2015-02-02 11:17 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2015-02-01 21:06 - 2015-02-01 21:06 - 00023010 _____ () C:\Users\Nuclear\Downloads\[kickass.so]need.for.speed.most.wanted.torrent 2015-02-01 21:05 - 2015-02-01 21:05 - 00039930 _____ () C:\Users\Nuclear\Downloads\[kickass.so]need.for.speed.rivals.no.origin.crack.fix.anuj.torrent 2015-02-01 20:20 - 2015-02-01 20:20 - 00086134 _____ () C:\Users\Nuclear\Downloads\[kickass.so]the.evil.within.2014.reloaded.torrent 2015-02-01 17:13 - 2015-02-01 17:13 - 00032971 _____ () C:\Users\Nuclear\Downloads\[kickass.so]the.evil.within.update.1.2014.pc.repack.by.r.g.freedom.torrent 2015-02-01 16:39 - 2015-02-01 16:39 - 02194432 _____ () C:\Users\Nuclear\Downloads\adwcleaner_4.109.exe 2015-02-01 16:37 - 2015-02-02 16:29 - 00000000 ____D () C:\Program Files (x86)\f07463c0-8a09-4ef2-b7bb-faea7d91eefb 2015-02-01 16:35 - 2015-02-02 16:30 - 00000000 ____D () C:\ProgramData\{bc9a1b3f-dfaa-dce7-bc9a-a1b3fdfa6cff} 2015-02-01 16:35 - 2015-02-02 16:29 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.38 2015-02-01 16:31 - 2015-02-03 17:04 - 00001694 _____ () C:\Windows\Tasks\NQNSLJLG.job 2015-02-01 16:31 - 2015-02-01 16:51 - 00004728 _____ () C:\Windows\System32\Tasks\NQNSLJLG 2015-02-01 16:30 - 2015-02-01 16:30 - 00000815 _____ () C:\Users\Nuclear\Desktop\µTorrent.lnk 2015-02-01 16:30 - 2015-02-01 16:30 - 00000795 _____ () C:\Users\Nuclear\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2015-02-01 16:29 - 2015-02-03 18:27 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\uTorrent 2015-02-01 16:29 - 2015-02-01 16:29 - 01736784 _____ (BitTorrent Inc.) C:\Users\Nuclear\Downloads\uTorrent_3.4.2_Build_38397.exe 2015-01-29 12:42 - 2015-01-29 12:42 - 00000000 ____D () C:\Windows\rescache 2015-01-27 12:52 - 2015-01-27 12:52 - 10220477 _____ () C:\Users\Nuclear\Downloads\[0.9.5]WWIIHWA_TURRET_TRAVERSE_SOUND_v1.69.rar 2015-01-27 12:37 - 2015-01-27 12:39 - 179473579 _____ () C:\Users\Nuclear\Downloads\[0.9.5]WWIIHWA_Ambiente_v4.03_UNCUT_Addon.rar 2015-01-27 12:36 - 2015-01-27 12:39 - 179471096 _____ () C:\Users\Nuclear\Downloads\[0.9.5]WWIIHWA_Ambiente_v4.02_UNCUT_Addon.rar 2015-01-27 12:34 - 2015-01-27 12:34 - 06375513 _____ () C:\Users\Nuclear\Downloads\[0.9.1]WWIIHWA_Ingame_Voices_GERMAN.rar 2015-01-27 12:32 - 2015-01-27 12:32 - 01232054 _____ () C:\Users\Nuclear\Downloads\fontok_WOThoz.zip 2015-01-27 02:49 - 2015-01-27 02:59 - 338494938 _____ () C:\Users\Nuclear\Downloads\Gnomefather_s_Engines_0.583_for_Curse (1).zip 2015-01-27 02:44 - 2015-01-27 02:44 - 24075564 _____ (diclovit ) C:\Users\Nuclear\Downloads\dmp_9.5.2_setup.exe 2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\Nuclear\AppData\Roaming\NQNSLJLG 2015-01-14 16:49 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 16:49 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 16:49 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 16:49 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 16:49 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 16:49 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 16:49 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 16:49 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 16:49 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-14 16:49 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 16:49 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 16:49 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 16:49 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-12 19:13 - 2015-01-12 19:13 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Nuclear\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-11 23:02 - 2015-01-11 23:02 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-01-11 23:02 - 2015-01-11 23:02 - 00000959 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk 2015-01-11 22:54 - 2015-01-11 22:54 - 07718224 _____ (TeamViewer GmbH) C:\Users\Nuclear\Downloads\TeamViewer_Setup_de.exe 2015-01-10 04:28 - 2015-01-10 04:28 - 24076445 _____ (diclovit ) C:\Users\Nuclear\Downloads\dmp_9.5.1_setup.exe 2015-01-10 04:18 - 2015-02-02 14:47 - 00000000 ____D () C:\ProgramData\WinZip 2015-01-10 04:16 - 2015-01-10 04:16 - 01174352 _____ () C:\Users\Nuclear\Downloads\WinZip 64 Bit - CHIP-Installer.exe 2015-01-10 04:11 - 2015-01-10 04:13 - 338494938 _____ () C:\Users\Nuclear\Downloads\Gnomefather_s_Engines_0.583_for_Curse.zip 2015-01-08 22:55 - 2015-02-03 01:36 - 00000000 ____D () C:\AdwCleaner 2015-01-08 22:54 - 2015-01-08 22:55 - 02191360 _____ () C:\Users\Nuclear\Downloads\adwcleaner_4.107.exe 2015-01-04 18:27 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-01-04 18:27 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-03 19:22 - 2014-08-03 00:02 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\TS3Client 2015-02-03 19:12 - 2014-10-15 13:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-03 19:12 - 2009-07-14 05:51 - 00047138 _____ () C:\Windows\setupact.log 2015-02-03 17:16 - 2014-08-02 23:20 - 01490715 _____ () C:\Windows\WindowsUpdate.log 2015-02-03 17:11 - 2009-07-14 05:45 - 00023072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-03 17:11 - 2009-07-14 05:45 - 00023072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-03 17:10 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat 2015-02-03 17:10 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat 2015-02-03 17:10 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-03 17:07 - 2014-08-03 18:42 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2015-02-03 17:04 - 2014-10-31 10:36 - 00000000 ____D () C:\Program Files\KMSpico 2015-02-03 17:04 - 2014-08-03 18:43 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins 2015-02-03 17:04 - 2014-08-03 00:17 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-02-03 17:04 - 2014-08-03 00:09 - 00199784 _____ () C:\Windows\PFRO.log 2015-02-03 17:04 - 2014-08-03 00:04 - 00000000 ____D () C:\ProgramData\Origin 2015-02-03 17:04 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-03 11:52 - 2014-08-03 19:08 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\PunkBuster 2015-02-03 11:52 - 2014-08-03 18:42 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2015-02-03 01:26 - 2014-08-02 23:30 - 00000000 ____D () C:\Program Files (x86)\Google 2015-02-03 01:25 - 2014-08-02 23:29 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\Deployment 2015-02-03 01:05 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-02-03 01:04 - 2014-08-03 18:42 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2015-02-03 01:04 - 2014-08-03 18:40 - 00141419 _____ () C:\Windows\DirectX.log 2015-02-02 23:50 - 2014-10-10 20:21 - 00000000 ____D () C:\Users\Nuclear\Downloads\Gameforge Live 2015-02-02 16:30 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker 2015-02-02 16:29 - 2014-10-09 21:56 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2015-02-02 14:57 - 2014-08-02 23:20 - 00001182 _____ () C:\Users\Nuclear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-02-02 11:24 - 2014-08-18 13:01 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\DAEMON Tools Lite 2015-02-02 11:24 - 2014-08-18 13:00 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite 2015-02-01 20:16 - 2014-08-03 23:15 - 00000000 ____D () C:\Windows\SysWOW64\directx 2015-02-01 18:26 - 2014-10-24 12:03 - 00000968 _____ () C:\Users\Nuclear\Documents\aionmemo_f6e81e7f.dat 2015-01-29 15:45 - 2014-12-14 17:02 - 00000354 _____ () C:\Users\Nuclear\Documents\aionmemo_ 66aba67.dat 2015-01-27 12:01 - 2014-08-30 22:22 - 00000000 ____D () C:\ProgramData\Oracle 2015-01-27 12:00 - 2014-10-15 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-01-27 12:00 - 2014-10-15 13:01 - 00000000 ____D () C:\Program Files (x86)\Java 2015-01-27 11:59 - 2014-08-30 22:22 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2015-01-27 11:59 - 2014-08-30 22:22 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2015-01-27 11:59 - 2014-08-30 22:22 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2015-01-27 11:59 - 2014-08-30 22:22 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-01-27 02:46 - 2014-08-06 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\diclovit's mod pack 2015-01-25 19:12 - 2014-10-15 13:03 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-25 19:12 - 2014-10-15 13:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-25 19:12 - 2014-10-15 13:03 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-15 17:31 - 2014-08-02 23:57 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-15 17:29 - 2014-08-02 23:57 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-15 17:26 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-14 22:34 - 2014-08-30 21:54 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\Akamai 2015-01-13 22:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-01-12 16:50 - 2014-08-02 23:29 - 00072912 _____ () C:\Users\Nuclear\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-12 16:50 - 2009-07-14 05:45 - 00331704 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-11 23:02 - 2014-08-17 23:25 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2015-01-10 13:25 - 2014-10-26 22:14 - 00000000 ____D () C:\Users\Nuclear\Desktop\Bilder 2015-01-08 22:58 - 2014-10-31 11:03 - 00000000 ____D () C:\Users\Nuclear\Desktop\Neuer Ordner 2015-01-07 21:45 - 2014-10-15 13:03 - 00000000 ____D () C:\Program Files\Google 2015-01-07 20:40 - 2014-10-15 13:03 - 00000000 ____D () C:\ProgramData\Google 2015-01-07 20:40 - 2014-08-02 23:30 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\Google 2015-01-04 18:43 - 2014-08-18 13:02 - 00000000 ____D () C:\Program Files\Microsoft Office 15 ==================== Files in the root of some directories ======= 2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Nuclear\AppData\Roaming\NQNSLJLG Some content of TEMP: ==================== C:\Users\Nuclear\AppData\Local\Temp\10B19BC3-BDA6-A256-60AC-241D2FCA44D4.dll C:\Users\Nuclear\AppData\Local\Temp\10B19BC3-BDA6-A256-60AC-241D2FCA44D4.exe C:\Users\Nuclear\AppData\Local\Temp\AutoRun.exe C:\Users\Nuclear\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Nuclear\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe C:\Users\Nuclear\AppData\Local\Temp\D308ED95-DAD2-9C66-D5EE-F755A61EA1DF.exe C:\Users\Nuclear\AppData\Local\Temp\dxwebsetup.exe C:\Users\Nuclear\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\Nuclear\AppData\Local\Temp\jre-8u31-windows-au.exe C:\Users\Nuclear\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Nuclear\AppData\Local\Temp\Opera_NI_stable.exe C:\Users\Nuclear\AppData\Local\Temp\optprosetup.exe C:\Users\Nuclear\AppData\Local\Temp\Runner2.exe C:\Users\Nuclear\AppData\Local\Temp\Runner4.exe C:\Users\Nuclear\AppData\Local\Temp\sonarinst.exe C:\Users\Nuclear\AppData\Local\Temp\SpOrder.dll C:\Users\Nuclear\AppData\Local\Temp\swt-win32-3349.dll C:\Users\Nuclear\AppData\Local\Temp\ttv.exe C:\Users\Nuclear\AppData\Local\Temp\uttF0AD.tmp.exe C:\Users\Nuclear\AppData\Local\Temp\vcredist_x86.exe C:\Users\Nuclear\AppData\Local\Temp\~dl2A2B.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-03 02:38 ==================== End Of Log ============================ --- --- --- war das richtig so? |
05.02.2015, 07:02 | #4 |
/// the machine /// TB-Ausbilder | Tabs öffnet sich automatisch bei google chrome Perfekt, aber die Addition.txt fehlt noch
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
05.02.2015, 09:42 | #5 |
| Tabs öffnet sich automatisch bei google chrome wie oder wo finde ich den diese addition.txt ? sry für diese blöde frage |
05.02.2015, 11:58 | #6 |
/// the machine /// TB-Ausbilder | Tabs öffnet sich automatisch bei google chrome FRST öffnen, Haken setzen bei Addition und scannen, poste dann bitte die Addition.txt.
__________________ --> Tabs öffnet sich automatisch bei google chrome |
05.02.2015, 13:08 | #7 |
| Tabs öffnet sich automatisch bei google chromeCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01 Ran by Nuclear at 2015-02-05 13:07:27 Running from D:\Übersicht\Programme Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\uTorrent) (Version: 3.4.2.38397 - BitTorrent Inc.) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated) Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment) Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment) Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version: - Gameforge) Akamai NetSession Interface (HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Akamai) (Version: - Akamai Technologies, Inc) AuraKingdom-DE (HKLM-x32\...\AuraKingdom-DE) (Version: - ) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts) Battlefield™ Hardline-Beta (HKLM-x32\...\{F5526D9D-13AD-4270-8707-AC921D168299}) (Version: 1.0.0.1 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB) BlackShot Á¦°Å (HKLM-x32\...\BlackShot) (Version: - ) Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive) diclovit's mod pack 9.5.2 (HKLM-x32\...\{28B1238E-1C18-4637-A2B7-95315E94EB29}_is1) (Version: 9.5.2 - diclovit) Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts) Gameforge Live 2.0.5 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.5 - Gameforge) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Hazard Ops (HKLM-x32\...\Steam App 319150) (Version: - Yingpei Games) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) KMSpico 3.1 (HKLM\...\KMSpico v3.1_is1) (Version: 3.1 - ) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Need for Speed™ Most Wanted (HKLM-x32\...\{ADE91A13-434D-4229-00BC-182BAD607303}) (Version: - ) NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation) NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 9.4.12.2807 - Electronic Arts, Inc.) PDF Editor 64bit 4 (HKLM\...\PDF Editor 64bit 4) (Version: - ) PDF24 Creator 6.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.311.0 - Tracker Software Products Ltd) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.) Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek) SecurityUtility (HKLM-x32\...\SecurityUtility) (Version: 1.0.0.1949 - ) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) TeamSpeak 3 Client (HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer) The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios) winengine (HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\winengine) (Version: 20.020 - Ad business Crown Solutions) WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3236316847-1076086714-31016914-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Nuclear\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3236316847-1076086714-31016914-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Nuclear\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3236316847-1076086714-31016914-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Nuclear\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3236316847-1076086714-31016914-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Nuclear\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3236316847-1076086714-31016914-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Nuclear\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 04-02-2015 00:33:15 Geplanter Prüfpunkt ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {05561F5F-D953-423A-A22E-0570C77FF3E9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {0F5B36A1-1346-43D5-8F90-7F34D509341A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation) Task: {4B5AE347-4B9D-4F30-9CB6-50CE041DB192} - System32\Tasks\NQNSLJLG => C:\Users\Nuclear\AppData\Roaming\NQNSLJLG.exe <==== ATTENTION Task: {6DA12E27-336C-4C8A-859A-D8F43A80BC3E} - System32\Tasks\KMS Activation => C:\Program Files\KMSpico\RandomFile.exe [2013-02-20] () Task: {BD30258D-476C-4496-B872-E521A79E6900} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-03] (Google Inc.) Task: {BE15544F-8E8D-4CF4-A0BF-B3AA3AD3E9DC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated) Task: {D15399E8-3AD0-45DC-8C1F-21AF94E2F351} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-03] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\NQNSLJLG.job => C:\Users\Nuclear\AppData\Roaming\NQNSLJLG.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============== 2014-08-03 00:16 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-12-12 13:34 - 2014-12-12 13:34 - 00511416 _____ () C:\Users\Nuclear\AppData\Local\winengine\rkr1.exe 2014-08-18 13:02 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-08-03 18:42 - 2015-02-03 01:04 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2015-02-02 14:54 - 2015-02-01 20:48 - 00567808 _____ () C:\ProgramData\SecurityUtility\SecurityUtilitySrv.exe 2014-08-03 00:06 - 2015-01-27 11:53 - 01007104 _____ () D:\Übersicht\Programme\Origin\platforms\qwindows.dll 2014-08-03 00:06 - 2015-01-27 11:53 - 00023552 _____ () D:\Übersicht\Programme\Origin\imageformats\qgif.dll 2014-08-03 00:06 - 2015-01-27 11:53 - 00024576 _____ () D:\Übersicht\Programme\Origin\imageformats\qico.dll 2014-08-03 00:06 - 2015-01-27 11:53 - 00216576 _____ () D:\Übersicht\Programme\Origin\imageformats\qjpeg.dll 2014-08-03 00:06 - 2015-01-27 11:53 - 00261120 _____ () D:\Übersicht\Programme\Origin\imageformats\qmng.dll 2014-08-03 00:06 - 2015-01-27 11:53 - 00019456 _____ () D:\Übersicht\Programme\Origin\imageformats\qtga.dll 2014-08-03 00:06 - 2015-01-27 11:53 - 00337408 _____ () D:\Übersicht\Programme\Origin\imageformats\qtiff.dll 2014-08-03 00:06 - 2015-01-27 11:53 - 00018944 _____ () D:\Übersicht\Programme\Origin\imageformats\qwbmp.dll 2015-02-03 01:26 - 2015-01-27 04:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll 2015-02-03 01:26 - 2015-01-27 04:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll 2015-02-03 01:26 - 2015-01-27 04:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3236316847-1076086714-31016914-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nuclear\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Nuclear\AppData\Local\Akamai\netsession_win.exe" MSCONFIG\startupreg: DAEMON Tools Lite => "D:\Übersicht\Programme\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: PDFPrint => D:\Übersicht\Programme\PDF24\pdf24.exe ==================== Accounts: ============================= Administrator (S-1-5-21-3236316847-1076086714-31016914-500 - Administrator - Disabled) Gast (S-1-5-21-3236316847-1076086714-31016914-501 - Limited - Disabled) Nuclear (S-1-5-21-3236316847-1076086714-31016914-1000 - Administrator - Enabled) => C:\Users\Nuclear ==================== Faulty Device Manager Devices ============= Name: USB (Universal Serial Bus)-Controller Description: USB (Universal Serial Bus)-Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Marvell 91xx Config ATA Device Description: Marvell 91xx Config ATA Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: USB (Universal Serial Bus)-Controller Description: USB (Universal Serial Bus)-Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: USB (Universal Serial Bus)-Controller Description: USB (Universal Serial Bus)-Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (02/05/2015 11:18:25 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (02/05/2015 11:18:25 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (02/05/2015 11:18:24 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (02/05/2015 11:18:24 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (02/05/2015 11:18:24 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (02/05/2015 11:18:01 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (02/04/2015 00:28:02 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (02/04/2015 00:28:02 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (02/04/2015 00:28:02 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (02/04/2015 00:28:02 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". System errors: ============= Error: (02/03/2015 11:40:54 AM) (Source: volsnap) (EventID: 35) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht vergrößert werden kann. Error: (02/02/2015 04:29:45 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (02/02/2015 04:13:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (02/02/2015 04:13:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error: (02/02/2015 02:58:14 PM) (Source: volmgr) (EventID: 49) (User: ) Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher abbilden zu können. Error: (02/02/2015 02:57:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "SecurityUtility Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (02/02/2015 02:57:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "WindowsMangerProtect Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (02/02/2015 02:57:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error: (02/02/2015 02:57:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (02/02/2015 02:57:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Microsoft Office Sessions: ========================= Error: (02/05/2015 11:18:25 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\Übersicht\programme\rivatuner statistics server\RTSSHooksLoader64.exe Error: (02/05/2015 11:18:25 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\Übersicht\programme\rivatuner statistics server\RTSSHooksLoader.exe Error: (02/05/2015 11:18:24 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\Übersicht\programme\rivatuner statistics server\RTSS.exe Error: (02/05/2015 11:18:24 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\Übersicht\programme\rivatuner statistics server\EncoderServer64.exe Error: (02/05/2015 11:18:24 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\Übersicht\programme\rivatuner statistics server\EncoderServer.exe Error: (02/05/2015 11:18:01 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\Übersicht\programme\msi afterburner\MSIAfterburner.exe Error: (02/04/2015 00:28:02 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\Übersicht\programme\rivatuner statistics server\RTSSHooksLoader64.exe Error: (02/04/2015 00:28:02 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\Übersicht\programme\rivatuner statistics server\RTSSHooksLoader.exe Error: (02/04/2015 00:28:02 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\Übersicht\programme\rivatuner statistics server\RTSS.exe Error: (02/04/2015 00:28:02 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\Übersicht\programme\rivatuner statistics server\EncoderServer64.exe ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz Percentage of memory in use: 28% Total physical RAM: 12286.15 MB Available physical RAM: 8819.71 MB Total Pagefile: 24870.48 MB Available Pagefile: 21115.55 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:55.8 GB) (Free:9.81 GB) NTFS Drive d: () (Fixed) (Total:931.51 GB) (Free:695.72 GB) NTFS Drive g: (NFSMW) (CDROM) (Total:2.13 GB) (Free:0 GB) UDF Drive h: (BBQ) (Removable) (Total:1.86 GB) (Free:1.83 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 60275C42) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: A2450932) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=1.9 GB) - (Type=0C) ==================== End Of Log ============================ |
05.02.2015, 14:58 | #8 |
/// the machine /// TB-Ausbilder | Tabs öffnet sich automatisch bei google chrome hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
05.02.2015, 17:07 | #9 |
| Tabs öffnet sich automatisch bei google chromeCode:
ATTFilter ComboFix 15-02-02.01 - Nuclear 05.02.2015 17:02:28.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.41.1031.18.12286.10010 [GMT 1:00] ausgeführt von:: d:\_bersicht\Programme\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\AGEIA Technologies\f07463c0-8a09-4ef2-b7bb-faea7d91eefb.dll c:\program files (x86)\f07463c0-8a09-4ef2-b7bb-faea7d91eefb\46da3db2-c661-4558-a6e0-3a5d8480a5be.dll c:\windows\security\logs\scecomp.log . . ((((((((((((((((((((((( Dateien erstellt von 2015-01-05 bis 2015-02-05 )))))))))))))))))))))))))))))) . . 2015-02-05 16:05 . 2015-02-05 16:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-02-03 10:49 . 2015-02-03 10:49 -------- d-----w- c:\users\Nuclear\AppData\Local\ESN 2015-02-03 00:59 . 2015-02-05 12:07 -------- d-----w- C:\FRST 2015-02-02 16:02 . 2015-02-02 16:02 -------- d-----w- c:\users\Nuclear\AppData\Local\SKIDROW 2015-02-02 15:58 . 2015-02-02 15:58 -------- d-----w- c:\users\Nuclear\AppData\Roaming\Steam 2015-02-02 15:57 . 2015-02-02 15:57 -------- d-----w- c:\program files (x86)\The Evil Within 2015-02-02 15:22 . 2015-02-02 15:23 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-02-02 15:19 . 2015-02-02 15:19 -------- d-----w- c:\programdata\Malwarebytes 2015-02-02 15:19 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2015-02-02 15:19 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-02-02 15:19 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-02-02 14:12 . 2015-02-02 15:29 -------- d-----w- c:\users\Nuclear\AppData\Local\12891 2015-02-02 13:54 . 2015-02-02 13:54 -------- d-----w- c:\users\Nuclear\AppData\Local\winengine 2015-02-02 13:54 . 2015-01-27 16:31 344440 ----a-w- c:\windows\system32\ColorMedia64.dll 2015-02-02 13:54 . 2015-01-27 16:31 301168 ----a-w- c:\windows\SysWow64\ColorMedia.dll 2015-02-02 13:54 . 2015-02-02 13:54 -------- d-----w- c:\programdata\SecurityUtility 2015-02-02 13:52 . 2015-02-02 13:53 -------- d-----w- c:\users\Nuclear\AppData\Roaming\Opera Software 2015-02-02 13:52 . 2015-02-02 13:53 -------- d-----w- c:\users\Nuclear\AppData\Local\Opera Software 2015-02-02 13:06 . 2007-04-04 17:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll 2015-02-01 15:37 . 2015-02-05 16:04 -------- d-----w- c:\program files (x86)\f07463c0-8a09-4ef2-b7bb-faea7d91eefb 2015-02-01 15:35 . 2015-02-02 15:29 -------- d-----w- c:\program files (x86)\Optimizer Pro 3.38 2015-02-01 15:35 . 2015-02-02 15:30 -------- d-----w- c:\programdata\{bc9a1b3f-dfaa-dce7-bc9a-a1b3fdfa6cff} 2015-02-01 15:29 . 2015-02-05 12:06 -------- d-----w- c:\users\Nuclear\AppData\Roaming\uTorrent 2015-01-29 11:42 . 2015-01-29 11:42 -------- d-----w- c:\windows\rescache 2015-01-27 11:00 . 2015-01-27 11:00 -------- d-----w- c:\program files (x86)\Common Files\Java 2015-01-10 03:18 . 2015-02-02 13:47 -------- d-----w- c:\programdata\WinZip 2015-01-08 21:55 . 2015-02-03 00:36 -------- d-----w- C:\AdwCleaner . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-02-03 22:13 . 2014-08-03 17:42 215416 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2015-02-03 21:28 . 2014-08-03 17:42 215416 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2015-02-03 00:04 . 2014-08-03 17:42 76152 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2015-01-27 10:59 . 2014-08-30 21:22 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2015-01-25 18:12 . 2014-10-15 12:03 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-01-25 18:12 . 2014-10-15 12:03 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-01-15 16:29 . 2014-08-02 22:57 113365784 ----a-w- c:\windows\system32\MRT.exe 2014-12-31 11:14 . 2014-08-02 22:34 298120 ------w- c:\windows\system32\MpSigStub.exe 2014-12-13 05:09 . 2015-01-04 17:27 144384 ----a-w- c:\windows\system32\ieUnatt.exe 2014-12-13 03:33 . 2015-01-04 17:27 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2014-12-04 02:50 . 2014-12-09 18:14 413184 ----a-w- c:\windows\system32\generaltel.dll 2014-12-04 02:50 . 2014-12-09 18:14 741376 ----a-w- c:\windows\system32\invagent.dll 2014-12-04 02:50 . 2014-12-09 18:14 396800 ----a-w- c:\windows\system32\devinv.dll 2014-12-04 02:50 . 2014-12-09 18:14 830976 ----a-w- c:\windows\system32\appraiser.dll 2014-12-04 02:50 . 2014-12-09 18:14 227328 ----a-w- c:\windows\system32\aepdu.dll 2014-12-04 02:50 . 2014-12-09 18:14 192000 ----a-w- c:\windows\system32\aepic.dll 2014-12-04 02:44 . 2014-12-09 18:14 1083392 ----a-w- c:\windows\system32\aeinv.dll 2014-12-01 23:28 . 2014-12-09 18:14 1232040 ----a-w- c:\windows\system32\aitstatic.exe 2014-11-27 01:43 . 2014-12-09 18:14 389296 ----a-w- c:\windows\system32\iedkcs32.dll 2014-11-22 03:13 . 2014-12-09 18:14 25059840 ----a-w- c:\windows\system32\mshtml.dll 2014-11-22 03:06 . 2014-12-09 18:14 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2014-11-22 03:06 . 2014-12-09 18:14 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll 2014-11-22 02:50 . 2014-12-09 18:14 66560 ----a-w- c:\windows\system32\iesetup.dll 2014-11-22 02:50 . 2014-12-09 18:14 580096 ----a-w- c:\windows\system32\vbscript.dll 2014-11-22 02:49 . 2014-12-09 18:14 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll 2014-11-22 02:49 . 2014-12-09 18:14 2885120 ----a-w- c:\windows\system32\iertutil.dll 2014-11-22 02:48 . 2014-12-09 18:14 88064 ----a-w- c:\windows\system32\MshtmlDac.dll 2014-11-22 02:41 . 2014-12-09 18:14 54784 ----a-w- c:\windows\system32\jsproxy.dll 2014-11-22 02:40 . 2014-12-09 18:14 34304 ----a-w- c:\windows\system32\iernonce.dll 2014-11-22 02:37 . 2014-12-09 18:14 633856 ----a-w- c:\windows\system32\ieui.dll 2014-11-22 02:35 . 2014-12-09 18:14 114688 ----a-w- c:\windows\system32\ieetwcollector.exe 2014-11-22 02:34 . 2014-12-09 18:14 814080 ----a-w- c:\windows\system32\jscript9diag.dll 2014-11-22 02:34 . 2014-12-09 18:14 6039552 ----a-w- c:\windows\system32\jscript9.dll 2014-11-22 02:26 . 2014-12-09 18:14 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2014-11-22 02:22 . 2014-12-09 18:14 490496 ----a-w- c:\windows\system32\dxtmsft.dll 2014-11-22 02:20 . 2014-12-09 18:14 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2014-11-22 02:14 . 2014-12-09 18:14 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2014-11-22 02:09 . 2014-12-09 18:14 199680 ----a-w- c:\windows\system32\msrating.dll 2014-11-22 02:08 . 2014-12-09 18:14 92160 ----a-w- c:\windows\system32\mshtmled.dll 2014-11-22 02:07 . 2014-12-09 18:14 501248 ----a-w- c:\windows\SysWow64\vbscript.dll 2014-11-22 02:07 . 2014-12-09 18:14 62464 ----a-w- c:\windows\SysWow64\iesetup.dll 2014-11-22 02:06 . 2014-12-09 18:14 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll 2014-11-22 02:05 . 2014-12-09 18:14 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2014-11-22 02:05 . 2014-12-09 18:14 316928 ----a-w- c:\windows\system32\dxtrans.dll 2014-11-22 01:54 . 2014-12-09 18:14 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll 2014-11-22 01:49 . 2014-12-09 18:14 718848 ----a-w- c:\windows\system32\ie4uinit.exe 2014-11-22 01:49 . 2014-12-09 18:14 800768 ----a-w- c:\windows\system32\msfeeds.dll 2014-11-22 01:47 . 2014-12-09 18:14 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll 2014-11-22 01:46 . 2014-12-09 18:14 2125312 ----a-w- c:\windows\system32\inetcpl.cpl 2014-11-22 01:43 . 2014-12-09 18:14 14412800 ----a-w- c:\windows\system32\ieframe.dll 2014-11-22 01:40 . 2014-12-09 18:14 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll 2014-11-22 01:29 . 2014-12-09 18:14 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll 2014-11-22 01:28 . 2014-12-09 18:14 2358272 ----a-w- c:\windows\system32\wininet.dll 2014-11-22 01:22 . 2014-12-09 18:14 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2014-11-22 01:21 . 2014-12-09 18:14 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2014-11-22 01:15 . 2014-12-09 18:14 1548288 ----a-w- c:\windows\system32\urlmon.dll 2014-11-22 01:03 . 2014-12-09 18:14 800768 ----a-w- c:\windows\system32\ieapfltr.dll 2014-11-22 01:00 . 2014-12-09 18:14 1888256 ----a-w- c:\windows\SysWow64\wininet.dll 2014-11-11 03:09 . 2014-12-09 18:14 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2014-11-11 03:08 . 2014-11-19 10:22 241152 ----a-w- c:\windows\system32\pku2u.dll 2014-11-11 03:08 . 2014-11-19 10:22 728064 ----a-w- c:\windows\system32\kerberos.dll 2014-11-11 02:44 . 2014-12-09 18:14 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2014-11-11 02:44 . 2014-11-19 10:22 186880 ----a-w- c:\windows\SysWow64\pku2u.dll 2014-11-11 02:44 . 2014-11-19 10:22 550912 ----a-w- c:\windows\SysWow64\kerberos.dll 2014-11-11 01:46 . 2014-12-09 18:14 119296 ----a-w- c:\windows\system32\drivers\tdx.sys 2014-11-08 03:16 . 2014-12-09 18:10 2048 ----a-w- c:\windows\system32\tzres.dll 2014-11-08 02:45 . 2014-12-09 18:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2014-08-18 12:20 222920 ----a-w- c:\users\Nuclear\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2014-08-18 12:20 222920 ----a-w- c:\users\Nuclear\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2014-08-18 12:20 222920 ----a-w- c:\users\Nuclear\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2014-11-12 00:41 1729744 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2014-11-12 00:41 1729744 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2014-11-12 00:41 1729744 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EADM"="d:\übersicht\Programme\Origin\Origin.exe" [2015-01-27 3619160] "Akamai NetSession Interface"="c:\users\Nuclear\AppData\Local\Akamai\netsession_win.exe" [2014-10-29 4673432] "uTorrent"="c:\users\Nuclear\AppData\Roaming\uTorrent\uTorrent.exe" [2015-02-01 1736784] "DAEMON Tools Lite"="d:\übersicht\Programme\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912] "winengine"="c:\users\Nuclear\AppData\Local\winengine\rkr0.exe" [2014-12-12 511416] "winengine2"="c:\users\Nuclear\AppData\Local\winengine\rkr1.exe" [2014-12-12 511416] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 4ef60154;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SecurityUtility Service;SecurityUtility Service;c:\programdata\SecurityUtility\SecurityUtilitySrv.exe;c:\programdata\SecurityUtility\SecurityUtilitySrv.exe [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 Origin Client Service;Origin Client Service;d:\übersicht\Programme\Origin\OriginClientService.exe;d:\übersicht\Programme\Origin\OriginClientService.exe [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x] S2 CtHdaSvc;Sound Blaster Service;c:\windows\sysWow64\CtHdaSvc.exe;c:\windows\sysWow64\CtHdaSvc.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S3 cthda;Sound Blaster HDAudio;c:\windows\system32\drivers\cthda.sys;c:\windows\SYSNATIVE\drivers\cthda.sys [x] S3 cthdb;SB Recon3D PCIe Audio Bus Filter;c:\windows\system32\DRIVERS\cthdb.sys;c:\windows\SYSNATIVE\DRIVERS\cthdb.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 SaiK0728;SaiK0728;c:\windows\system32\DRIVERS\SaiK0728.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK0728.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *Deregistered* - NisDrv . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-02-03 00:26 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.94\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2015-02-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-15 18:12] . 2015-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-03 00:25] . 2015-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-03 00:25] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2014-08-18 12:20 261832 ----a-w- c:\users\Nuclear\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2014-08-18 12:20 261832 ----a-w- c:\users\Nuclear\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2014-08-18 12:20 261832 ----a-w- c:\users\Nuclear\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-03-20 1797064] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com mDefault_Search_URL = hxxp://www.google.com mDefault_Page_URL = hxxp://www.google.com mStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = hxxp://www.google.com uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 Trusted Zone: aeriagames.com TCP: DhcpNameServer = 192.168.2.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe c:\users\Nuclear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OPTISetup.lnk - c:\programdata\{bc9a1b3f-dfaa-dce7-bc9a-a1b3fdfa6cff}\OPTISetup.exe /startup HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.16" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2015-02-05 17:07:02 ComboFix-quarantined-files.txt 2015-02-05 16:07 . Vor Suchlauf: 9 Verzeichnis(se), 10'590'486'528 Bytes frei Nach Suchlauf: 13 Verzeichnis(se), 12'021'805'056 Bytes frei . - - End Of File - - 94FA6C9C90C9E6F1AEA381C84E63BAA5 A36C5E4F47E84449FF07ED3517B43A31 |
06.02.2015, 07:18 | #10 |
/// the machine /// TB-Ausbilder | Tabs öffnet sich automatisch bei google chrome Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
06.02.2015, 13:11 | #11 |
| Tabs öffnet sich automatisch bei google chromeCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 06.02.2015 Suchlauf-Zeit: 12:58:03 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.02.06.04 Rootkit Datenbank: v2015.02.03.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Nuclear Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 337603 Verstrichene Zeit: 4 Min, 15 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 1 PUP.Optional.BetterMarkit.A, HKU\S-1-5-21-3236316847-1076086714-31016914-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{562F1FE6-9763-FF7B-444A-FE5DD2884927}, C:\Program Files (x86)\ver3BetterMarkIt\186.xpi, In Quarantäne, [f646190297f3181e0f0a166fda29fb05] Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.110 - Bericht erstellt 06/02/2015 um 13:06:43 # Aktualisiert 05/02/2015 von Xplode # Datenbank : 2015-02-05.2 [Server] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64) # Benutzername : Nuclear - NUCLEAR-PC # Gestarted von : D:\Übersicht\Programme\adwcleaner_4.110.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\SecurityUtility ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F} Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local> ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17496 -\\ Google Chrome v40.0.2214.111 ************************* AdwCleaner[R0].txt - [6586 Bytes] - [08/01/2015 22:55:25] AdwCleaner[R1].txt - [16759 Bytes] - [01/02/2015 16:39:06] AdwCleaner[R2].txt - [15726 Bytes] - [01/02/2015 16:57:06] AdwCleaner[R3].txt - [11413 Bytes] - [02/02/2015 14:56:16] AdwCleaner[R4].txt - [1858 Bytes] - [02/02/2015 16:16:38] AdwCleaner[R5].txt - [1514 Bytes] - [03/02/2015 01:35:38] AdwCleaner[R6].txt - [1622 Bytes] - [06/02/2015 13:05:52] AdwCleaner[S0].txt - [5518 Bytes] - [08/01/2015 22:57:02] AdwCleaner[S1].txt - [15252 Bytes] - [01/02/2015 16:40:25] AdwCleaner[S2].txt - [14265 Bytes] - [01/02/2015 16:58:04] AdwCleaner[S3].txt - [10292 Bytes] - [02/02/2015 14:57:16] AdwCleaner[S4].txt - [1544 Bytes] - [06/02/2015 13:06:43] ########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1603 Bytes] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.2 (02.02.2015:1) OS: Windows 7 Home Premium x64 Ran by Nuclear on 06.02.2015 at 13:09:50.14 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 06.02.2015 at 13:11:38.08 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
06.02.2015, 19:17 | #12 |
/// the machine /// TB-Ausbilder | Tabs öffnet sich automatisch bei google chromeESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
06.02.2015, 20:39 | #13 |
| Tabs öffnet sich automatisch bei google chromeCode:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=6f29760b7be884428be7527203b8b1ab # engine=22344 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-02-06 07:19:45 # local_time=2015-02-06 08:19:45 (+0100, Mitteleuropäische Zeit) # country="Switzerland" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 22205 174880235 0 0 # scanned=210210 # found=53 # cleaned=0 # scan_time=2964 sh=CF59E252FFEFFE31ED717F5EEDF0C855DDCEA2ED ft=1 fh=d6ace26548b9a575 vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mbot_de_481\mbot_de_481.exe.vir" sh=1B9445EF3BD4D79AF91C32CB60F5BE9161F8B2EB ft=1 fh=2be33240f1c467c0 vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mbot_de_481\mybestofferstoday_widget.exe.vir" sh=1AEC8F53BF03FF75101D0B365EA3EE878B8CE29C ft=1 fh=74af2eb85d1a1dd9 vn="Win32/Adware.EoRezo Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mbot_de_481\predm.exe.vir" sh=F3E870FD4836424683C4F476C03AC08964CC5EF7 ft=1 fh=a0c6b0b29c310285 vn="Variante von Win32/Speedchecker.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\pc speed up\PCSUSD.exe.vir" sh=276E83CAA14B82DE152FBF65C85C28CD21645CE6 ft=1 fh=c71c0011efacecf3 vn="Variante von Win32/Adware.AddLyrics.DN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver3BetterMarkIt\186.dll.vir" sh=6823CCB9FED40FB56DD6D8D226046ECCBFE4E454 ft=1 fh=08e616eb9cd887e3 vn="Variante von Win64/Adware.AddLyrics.H Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver3BetterMarkIt\186_x64.dll.vir" sh=1ACBC1BDEC80F04F2086D471D6DB8B019B93A673 ft=1 fh=c71c0011fc1cf747 vn="Variante von Win32/Adware.AddLyrics.DN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver3BetterMarkIt\Q5BetterMarkItk73.exe.vir" sh=5659A04B16754E35D4F226493F4538923EFC3BD7 ft=1 fh=15b3426f6b360316 vn="Variante von Win32/Adware.AddLyrics.DR Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver3BetterMarkIt\Uninstall.exe.vir" sh=BFBB7026DAAFE1E489ACF139C7F2DF48750F3A0F ft=1 fh=179fb434bbd650aa vn="Variante von Win64/Adware.AddLyrics.H Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver3BetterMarkIt\x64\TandemRunner.exe.vir" sh=B1911DBDF4C932E5CC57C190D1D955CA69030DA8 ft=1 fh=aa6362cc6d289960 vn="Variante von Win64/Adware.AddLyrics.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver3BetterMarkIt\x64\webinstrNHKT.sys.vir" sh=D2C25B6C6F59D9F43D907521D7BEC86B9A8AB462 ft=1 fh=8e0948405872c904 vn="Win32/ELEX.BF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\TrayDownloader.exe.vir" sh=2BD8234E4C79325C128724F9D8DAB236F5F8F799 ft=1 fh=0a40ee0c805fecf5 vn="Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\winzipersvc.exe.vir" sh=497D88F38E21229D95650E02708207190CB6849E ft=1 fh=64a74ba51bf40770 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll.vir" sh=5468230F587DE9F869DB9E22083131DCFD9451F2 ft=1 fh=07a842c13464288e vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll.vir" sh=5D628376391A827A818B0A079B64EE457AE9B82A ft=1 fh=c71c0011e2e7a7a5 vn="Variante von Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir" sh=599F4EB498D7C05A680386C1D3E1FC3DD68A8FA9 ft=1 fh=bd87bce3b868a7f1 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe.vir" sh=6F2DDAFE7B526A4CC60D75CCB1D4EBEA6F5D0DDC ft=1 fh=a836ee7136df2313 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe.vir" sh=1DFF39C0F7B7617C8292510F1833B282CD0A1F21 ft=1 fh=18ddbd645dd0ae9c vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir" sh=DF7B974F73F65FDF917E9C3AB8B8EC9FD97FC2A0 ft=1 fh=0e3a711fc1c46ea8 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe.vir" sh=606D4414333C04E362F60B505926C78BB0B6C694 ft=1 fh=2f7c44d7fdd8d932 vn="Variante von Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\SupTab.dll.vir" sh=36F969E522FD53A189312D946C430EFD02D5A982 ft=1 fh=5d022c015afe1524 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir" sh=AF36570D737043FEBEC5FA3DDB416A4CF5FDFBE9 ft=1 fh=c71c0011100f33aa vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir" sh=3F007BDE51A84CC344EF028C49FF6EF3890110F0 ft=1 fh=c71c001158a000fe vn="Variante von Win32/ELEX.BD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\update\update.exe.vir" sh=B06EE6E97D30DB38C3E8FEA66B396DB00EC79616 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nuclear\AppData\Local\BoBrowser\Application\36.0.1985.136\default_apps\crossbrowser.crx.vir" sh=05F6C33F5A45CD34A9CAF61E295E886922448732 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nuclear\AppData\Local\BoBrowser\Application\36.0.1985.136\Installer\chrome.7z.vir" sh=61F9BC47D4A20E5DF317152C1D3BFC1D8ADFD692 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nuclear\AppData\Local\BoBrowser\User Data\Default\Cache\f_000002.vir" sh=03517F89D3F20D2D4E2B1A956F8248C9DA9FFC18 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nuclear\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\extensionData\plugins\91.js.vir" sh=5940717A6A86915D48680C391DB9EDB7ABFB9723 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nuclear\AppData\Local\BoBrowser\User Data\Default\Local Extension Settings\ebpeonjdeofpjegbdiibbdjlgfohngee\000003.log.vir" sh=072B9A796EEAC18211254A8373E1210888C4E16D ft=1 fh=8dcf6696cfc54429 vn="Variante von Win32/Adware.AdService.R Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nuclear\AppData\Local\ConvertAd\CASrv.exe.vir" sh=3475A4F6473B2DEF61185B301C40C95F91216E2B ft=1 fh=cd80765bc23b38d3 vn="Variante von Win32/Adware.EoRezo.AJ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nuclear\AppData\Local\mbot_de_481\upmbot_de_481.exe.vir" sh=1C615B43E780FB434AA3F923C6195A1BBBF34C9C ft=0 fh=0000000000000000 vn="Variante von Win32/Speedchecker.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nuclear\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\application.xap.vir" sh=81F0094308FF9A5F252886C54BFC5FB15EECAC74 ft=1 fh=5037554ed28ea485 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nuclear\AppData\Local\Temp\OCS\ocs_v71b.exe.vir" sh=FA0859DA11AB230D50D067FDAA004C347639C0A8 ft=1 fh=d3293794fb729c89 vn="Variante von Win32/Adware.AdService.M Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nuclear\AppData\Roaming\SoftwareUpdater\SUsrv.exe.vir" sh=31C6C6F1B05B2145C6E4D490798BD3DAAE1B4D13 ft=1 fh=c71c0011d52ac9c0 vn="Variante von Win32/Adware.ConvertAd.R Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nuclear\AppData\Roaming\SoftwareUpdater\UpdateNotifier.exe.vir" sh=475F248095D35E333ADF2F38B02424DEBEE83F04 ft=1 fh=62a3e0d8b40d4617 vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nuclear\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir" sh=3E4DF6FFFC0238FCE9AEB5A73CB5211E85EC7EB4 ft=1 fh=d794d9d91e2a34cf vn="Variante von Win32/Adware.AdService.K Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nuclear\AppData\Roaming\VOPackage\VOsrv.exe.vir" sh=3823C862C561D0CAEE9529E3D219F279E3F94FD6 ft=1 fh=b645ea40dd7eb557 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir" sh=B1911DBDF4C932E5CC57C190D1D955CA69030DA8 ft=1 fh=aa6362cc6d289960 vn="Variante von Win64/Adware.AddLyrics.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\webinstrNHKT.sys.vir" sh=C699BFF5F4BBC017B0757E4394C52BB7B7058BE6 ft=1 fh=31e396bf9f1b9275 vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\Program Files (x86)\Optimizer Pro 3.38\OptimizerPro.exe" sh=80025FEA811D2E1B97DE4E654F6BBED48329C463 ft=1 fh=64f0c1ce307b02ca vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\AGEIA Technologies\f07463c0-8a09-4ef2-b7bb-faea7d91eefb.dll.vir" sh=80025FEA811D2E1B97DE4E654F6BBED48329C463 ft=1 fh=64f0c1ce307b02ca vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\f07463c0-8a09-4ef2-b7bb-faea7d91eefb\46da3db2-c661-4558-a6e0-3a5d8480a5be.dll.vir" sh=61445CF141ED133F87389743CD88AB1CCB9E3772 ft=1 fh=7907f7fc610451a2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nuclear\AppData\Local\Temp\DMR\dmr_72.exe" sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nuclear\AppData\Roaming\NQNSLJLG" sh=7FF22B1F6E821EDF48A6AFD3DB82C02C8D7B60C8 ft=1 fh=9a3416838252b142 vn="Variante von Win32/InstallCore.QD evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nuclear\Downloads\microsoft_excel.exe" sh=E04C7533D6936063DB02CD7D99592ECE413A41A6 ft=0 fh=0000000000000000 vn="Variante von Generik.MFQUIDY Trojaner" ac=I fn="C:\Users\Nuclear\Downloads\Nicht bestätigt 428109.crdownload" sh=E04C7533D6936063DB02CD7D99592ECE413A41A6 ft=0 fh=0000000000000000 vn="Variante von Generik.MFQUIDY Trojaner" ac=I fn="C:\Users\Nuclear\Downloads\Nicht bestätigt 70124.crdownload" sh=F8746A3128A40298930DB0CE96E1845FD02017F6 ft=1 fh=cfe3f68acb30f740 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nuclear\Downloads\Origin EA Download Manager - CHIP-Installer.exe" sh=0FA7B7FA5557EE7F09871F26D38C3D09AEF19AC0 ft=1 fh=778cb7f8622b45b1 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nuclear\Downloads\WinZip 64 Bit - CHIP-Installer.exe" sh=C09C76AA48CB1016C9B1FA80AEE6B095D93046FA ft=1 fh=937c6721bc02c7bf vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\Übersicht\Programme\MSI Afterburner - CHIP-Installer.exe" sh=BC80CCCFC592CE386E747BF616EB381689F9E9CE ft=0 fh=0000000000000000 vn="Win32/Adware.WhenU.SaveNow evtl. unerwünschte Anwendung" ac=I fn="D:\Übersicht\Spiele\Need For Speed Most Wanted PC DVD\NFSMWBE PC DVD.ISO" sh=A0037C3C3E60635D1714AC7119EE96693680B973 ft=1 fh=6db4d990e5cc9378 vn="Win32/Adware.WhenU.SaveNow evtl. unerwünschte Anwendung" ac=I fn="D:\Übersicht\Spiele\Need For Speed Most Wanted PC DVD\NFSMWBE PC DVD\Crack\Daemon Tools v4\daemon400.exe" sh=FD65226CA94B9D1973555025B4013DF29F14B812 ft=1 fh=bcb93d1cebe5c890 vn="Variante von Win32/Packed.VMProtect.ABD Trojaner" ac=I fn="D:\Übersicht\Spiele\NFS Rivals\nfs14.3dm.dll" sh=219C1043B7C1ED9DDE26494CBE65437C345B7BE7 ft=1 fh=2b97162a16c9e0ba vn="Variante von Win32/Packed.VMProtect.ABD Trojaner" ac=I fn="D:\Übersicht\Spiele\NFS Rivals\NFS14.exe" Code:
ATTFilter unsupported operating system! Aborted! FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015 Ran by Nuclear (administrator) on NUCLEAR-PC on 06-02-2015 20:39:22 Running from D:\Übersicht\Programme Loaded Profiles: Nuclear (Available profiles: Nuclear) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Electronic Arts) D:\Übersicht\Programme\Origin\Origin.exe (Akamai Technologies, Inc.) C:\Users\Nuclear\AppData\Local\Akamai\netsession_win.exe (BitTorrent Inc.) C:\Users\Nuclear\AppData\Roaming\uTorrent\uTorrent.exe () C:\Users\Nuclear\AppData\Local\winengine\rkr0.exe (Akamai Technologies, Inc.) C:\Users\Nuclear\AppData\Local\Akamai\netsession_win.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe () D:\Übersicht\Spiele\RADS\system\rads_user_kernel.exe () D:\Übersicht\Spiele\RADS\projects\lol_launcher\releases\0.0.0.234\deploy\LoLLauncher.exe () D:\Übersicht\Spiele\RADS\projects\lol_patcher\releases\0.0.0.18\deploy\LoLPatcher.exe () D:\Übersicht\Spiele\RADS\projects\lol_air_client\releases\0.0.1.127\deploy\LolClient.exe (Alexander Roshal) D:\Übersicht\Programme\WinRAR.exe (Alexander Roshal) D:\Übersicht\Programme\WinRAR.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (TeamSpeak Systems GmbH) D:\Übersicht\Programme\ts3client_win64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () D:\Übersicht\Spiele\RADS\solutions\lol_game_client_sln\releases\0.0.1.74\deploy\League of Legends.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Farbar) D:\Übersicht\Programme\FRST64 (4).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation) HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [EADM] => D:\Übersicht\Programme\Origin\Origin.exe [3619160 2015-01-27] (Electronic Arts) HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Nuclear\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [uTorrent] => C:\Users\Nuclear\AppData\Roaming\uTorrent\uTorrent.exe [1736784 2015-02-01] (BitTorrent Inc.) HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [DAEMON Tools Lite] => D:\Übersicht\Programme\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [winengine] => C:\Users\Nuclear\AppData\Local\winengine\rkr0.exe [511416 2014-12-12] () HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [winengine2] => C:\Users\Nuclear\AppData\Local\winengine\rkr1.exe [511416 2014-12-12] () HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [ASRockOCTuner] => [X] ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3236316847-1076086714-31016914-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3236316847-1076086714-31016914-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-3236316847-1076086714-31016914-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Übersicht\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Übersicht\Programme\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-3236316847-1076086714-31016914-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Übersicht\Programme\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.ch/ CHR StartupUrls: Default -> "https://www.google.ch/?gws_rd=ssl" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-02] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-30] CHR Extension: (YouTube) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-02] CHR Extension: (Google-Suche) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-02] CHR Extension: (AdBlock) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-11] CHR Extension: (New Tab Page by Speed Dial Team) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgeoanibcknhniccgaoaiolihidecjn [2014-08-02] CHR Extension: (Google Wallet) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-02] CHR Extension: (Google Mail) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-02] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 4ef60154; c:\Program Files (x86)\Optimizer Pro 3.38\OptProMon.dll [1633848 2015-02-01] () R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103424 2013-02-14] (Creative Technology Ltd) S3 Origin Client Service; D:\Übersicht\Programme\Origin\OriginClientService.exe [1910128 2015-01-27] (Electronic Arts) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-04] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-03] () R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 SecurityUtility Service; C:\ProgramData\SecurityUtility\SecurityUtilitySrv.exe -p "Covus" -c "Covus_Coupons" -s "CCC9" -i "1984204" -g "" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 cthda; C:\Windows\System32\drivers\cthda.sys [1044760 2013-02-14] (Creative Technology Ltd) R3 cthdb; C:\Windows\System32\DRIVERS\cthdb.sys [28440 2013-02-14] (Creative Technology Ltd) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-18] (Disc Soft Ltd) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-06] (Malwarebytes Corporation) R3 SaiK0728; C:\Windows\System32\DRIVERS\SaiK0728.sys [129024 2008-01-21] (Saitek) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-06 19:28 - 2015-02-06 19:28 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-02-06 18:24 - 2015-02-06 18:24 - 00000698 _____ () C:\Users\Public\Desktop\ASRock OC Tuner.lnk 2015-02-06 18:24 - 2015-02-06 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility 2015-02-06 18:21 - 2015-02-06 18:21 - 00000833 _____ () C:\Users\Nuclear\Desktop\MSI Afterburner.lnk 2015-02-06 13:11 - 2015-02-06 13:11 - 00000697 _____ () C:\Users\Nuclear\Desktop\JRT.txt 2015-02-06 13:03 - 2015-02-06 13:03 - 00001462 _____ () C:\Users\Nuclear\Desktop\mbam.txt 2015-02-05 17:07 - 2015-02-05 17:07 - 00023627 _____ () C:\ComboFix.txt 2015-02-05 17:01 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-02-05 17:01 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-02-05 17:01 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-02-05 17:01 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-02-05 17:01 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-02-05 17:01 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-02-05 17:01 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-02-05 17:01 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-02-05 16:59 - 2015-02-05 17:07 - 00000000 ____D () C:\Qoobox 2015-02-05 16:59 - 2015-02-05 17:06 - 00000000 ____D () C:\Windows\erdnt 2015-02-05 13:24 - 2015-02-05 13:24 - 00000000 ____D () C:\Users\Nuclear\Documents\BlackshotScreenshot 2015-02-03 11:50 - 2015-02-03 11:52 - 00000000 ____D () C:\Users\Nuclear\Documents\BFH Beta 2 2015-02-03 11:49 - 2015-02-03 11:49 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\ESN 2015-02-03 01:59 - 2015-02-06 20:39 - 00000000 ____D () C:\FRST 2015-02-03 01:26 - 2015-02-05 20:37 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-03 01:26 - 2015-02-03 01:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-02-03 01:25 - 2015-02-06 20:35 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-03 01:25 - 2015-02-06 13:07 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-03 01:25 - 2015-02-05 00:30 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-03 01:25 - 2015-02-05 00:30 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-03 01:05 - 2015-02-03 01:05 - 00000834 _____ () C:\Users\Public\Desktop\Battlefield Hardline Beta.lnk 2015-02-03 01:05 - 2015-02-03 01:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield Hardline Beta 2015-02-02 22:42 - 2015-02-02 22:42 - 01533584 _____ () C:\Users\Nuclear\Downloads\battlelog-web-plugins_2.6.2_157.exe 2015-02-02 17:02 - 2015-02-02 17:02 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\SKIDROW 2015-02-02 16:58 - 2015-02-02 16:58 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\Steam 2015-02-02 16:57 - 2015-02-02 16:57 - 00000000 ____D () C:\Program Files (x86)\The Evil Within 2015-02-02 16:50 - 2015-02-02 16:55 - 159477620 _____ () C:\Users\Nuclear\Downloads\The.Evil.Within.Update.1-CODEX.rar 2015-02-02 16:38 - 2015-02-02 16:38 - 00000866 _____ () C:\Users\Public\Desktop\NFS Rivals x86.lnk 2015-02-02 16:38 - 2015-02-02 16:38 - 00000842 _____ () C:\Users\Public\Desktop\NFS Rivals.lnk 2015-02-02 16:38 - 2015-02-02 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NFS Rivals 2015-02-02 16:28 - 2015-02-02 16:28 - 00001156 _____ () C:\Users\Nuclear\Downloads\9jcd2enskfu3 (1).dlc 2015-02-02 16:25 - 2015-02-02 16:25 - 31419822 _____ () C:\Users\Nuclear\Downloads\JDownloader.zip 2015-02-02 16:25 - 2015-02-02 16:25 - 00001156 _____ () C:\Users\Nuclear\Downloads\9jcd2enskfu3.dlc 2015-02-02 16:22 - 2015-02-06 12:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-02 16:19 - 2015-02-02 16:22 - 00000849 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-02 16:19 - 2015-02-02 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-02 16:19 - 2015-02-02 16:19 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-02 16:19 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-02 16:19 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-02 16:19 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-02-02 15:12 - 2015-02-02 16:29 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\12891 2015-02-02 15:02 - 2015-02-02 15:09 - 478256047 _____ () C:\Users\Nuclear\Downloads\NFS_Language_DE_EN_Patch.rar 2015-02-02 14:54 - 2015-02-02 14:54 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\winengine 2015-02-02 14:54 - 2015-02-02 14:54 - 00000000 ____D () C:\ProgramData\SecurityUtilityData 2015-02-02 14:54 - 2015-01-27 17:31 - 00344440 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll 2015-02-02 14:54 - 2015-01-27 17:31 - 00301168 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll 2015-02-02 14:52 - 2015-02-02 14:53 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\Opera Software 2015-02-02 14:52 - 2015-02-02 14:53 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\Opera Software 2015-02-02 14:06 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll 2015-02-02 12:07 - 2015-02-02 12:07 - 00000000 ____D () C:\Users\Nuclear\Documents\NFS Most Wanted 2015-02-02 11:38 - 2015-02-02 11:38 - 00000707 _____ () C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk 2015-02-02 11:37 - 2015-02-02 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES 2015-02-02 11:19 - 2015-02-02 12:02 - 04676570 _____ () C:\Users\Nuclear\Desktop\DIAG.LOG 2015-02-02 11:17 - 2015-02-02 11:17 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2015-02-01 21:06 - 2015-02-01 21:06 - 00023010 _____ () C:\Users\Nuclear\Downloads\[kickass.so]need.for.speed.most.wanted.torrent 2015-02-01 21:05 - 2015-02-01 21:05 - 00039930 _____ () C:\Users\Nuclear\Downloads\[kickass.so]need.for.speed.rivals.no.origin.crack.fix.anuj.torrent 2015-02-01 20:20 - 2015-02-01 20:20 - 00086134 _____ () C:\Users\Nuclear\Downloads\[kickass.so]the.evil.within.2014.reloaded.torrent 2015-02-01 17:13 - 2015-02-01 17:13 - 00032971 _____ () C:\Users\Nuclear\Downloads\[kickass.so]the.evil.within.update.1.2014.pc.repack.by.r.g.freedom.torrent 2015-02-01 16:37 - 2015-02-05 17:04 - 00000000 ____D () C:\Program Files (x86)\f07463c0-8a09-4ef2-b7bb-faea7d91eefb 2015-02-01 16:35 - 2015-02-02 16:30 - 00000000 ____D () C:\ProgramData\{bc9a1b3f-dfaa-dce7-bc9a-a1b3fdfa6cff} 2015-02-01 16:35 - 2015-02-02 16:29 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.38 2015-02-01 16:30 - 2015-02-01 16:30 - 00000815 _____ () C:\Users\Nuclear\Desktop\µTorrent.lnk 2015-02-01 16:30 - 2015-02-01 16:30 - 00000795 _____ () C:\Users\Nuclear\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2015-02-01 16:29 - 2015-02-06 20:38 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\uTorrent 2015-02-01 16:29 - 2015-02-01 16:29 - 01736784 _____ (BitTorrent Inc.) C:\Users\Nuclear\Downloads\uTorrent_3.4.2_Build_38397.exe 2015-01-29 12:42 - 2015-01-29 12:42 - 00000000 ____D () C:\Windows\rescache 2015-01-27 12:52 - 2015-01-27 12:52 - 10220477 _____ () C:\Users\Nuclear\Downloads\[0.9.5]WWIIHWA_TURRET_TRAVERSE_SOUND_v1.69.rar 2015-01-27 12:37 - 2015-01-27 12:39 - 179473579 _____ () C:\Users\Nuclear\Downloads\[0.9.5]WWIIHWA_Ambiente_v4.03_UNCUT_Addon.rar 2015-01-27 12:36 - 2015-01-27 12:39 - 179471096 _____ () C:\Users\Nuclear\Downloads\[0.9.5]WWIIHWA_Ambiente_v4.02_UNCUT_Addon.rar 2015-01-27 12:34 - 2015-01-27 12:34 - 06375513 _____ () C:\Users\Nuclear\Downloads\[0.9.1]WWIIHWA_Ingame_Voices_GERMAN.rar 2015-01-27 12:32 - 2015-01-27 12:32 - 01232054 _____ () C:\Users\Nuclear\Downloads\fontok_WOThoz.zip 2015-01-27 02:49 - 2015-01-27 02:59 - 338494938 _____ () C:\Users\Nuclear\Downloads\Gnomefather_s_Engines_0.583_for_Curse (1).zip 2015-01-27 02:44 - 2015-01-27 02:44 - 24075564 _____ (diclovit ) C:\Users\Nuclear\Downloads\dmp_9.5.2_setup.exe 2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\Nuclear\AppData\Roaming\NQNSLJLG 2015-01-14 16:49 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 16:49 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 16:49 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 16:49 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 16:49 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 16:49 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 16:49 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 16:49 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 16:49 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-14 16:49 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 16:49 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 16:49 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 16:49 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-12 19:13 - 2015-01-12 19:13 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Nuclear\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-11 23:02 - 2015-01-11 23:02 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-01-11 23:02 - 2015-01-11 23:02 - 00000959 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk 2015-01-11 22:54 - 2015-01-11 22:54 - 07718224 _____ (TeamViewer GmbH) C:\Users\Nuclear\Downloads\TeamViewer_Setup_de.exe 2015-01-10 04:28 - 2015-01-10 04:28 - 24076445 _____ (diclovit ) C:\Users\Nuclear\Downloads\dmp_9.5.1_setup.exe 2015-01-10 04:18 - 2015-02-02 14:47 - 00000000 ____D () C:\ProgramData\WinZip 2015-01-10 04:16 - 2015-01-10 04:16 - 01174352 _____ () C:\Users\Nuclear\Downloads\WinZip 64 Bit - CHIP-Installer.exe 2015-01-10 04:11 - 2015-01-10 04:13 - 338494938 _____ () C:\Users\Nuclear\Downloads\Gnomefather_s_Engines_0.583_for_Curse.zip 2015-01-08 22:55 - 2015-02-06 13:06 - 00000000 ____D () C:\AdwCleaner 2015-01-08 22:54 - 2015-01-08 22:55 - 02191360 _____ () C:\Users\Nuclear\Downloads\adwcleaner_4.107.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-06 20:12 - 2014-10-15 13:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-06 19:53 - 2014-08-03 00:02 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\TS3Client 2015-02-06 18:41 - 2014-08-02 23:20 - 01714835 _____ () C:\Windows\WindowsUpdate.log 2015-02-06 18:21 - 2014-08-03 23:14 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner 2015-02-06 15:39 - 2014-10-26 22:14 - 00000000 ____D () C:\Users\Nuclear\Desktop\Bilder 2015-02-06 15:39 - 2014-10-10 20:21 - 00000000 ____D () C:\Users\Nuclear\Downloads\Gameforge Live 2015-02-06 13:14 - 2009-07-14 05:45 - 00023072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-06 13:14 - 2009-07-14 05:45 - 00023072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-06 13:12 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat 2015-02-06 13:12 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat 2015-02-06 13:12 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-06 13:07 - 2014-10-31 10:36 - 00000000 ____D () C:\Program Files\KMSpico 2015-02-06 13:07 - 2014-08-03 00:17 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-02-06 13:07 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-06 13:07 - 2009-07-14 05:51 - 00047922 _____ () C:\Windows\setupact.log 2015-02-06 09:49 - 2014-08-03 00:04 - 00000000 ____D () C:\ProgramData\Origin 2015-02-06 09:48 - 2014-08-03 00:09 - 00207386 _____ () C:\Windows\PFRO.log 2015-02-05 20:12 - 2014-10-15 13:03 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-05 20:12 - 2014-10-15 13:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-05 20:12 - 2014-10-15 13:03 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-05 17:05 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-02-05 17:04 - 2014-10-09 21:56 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2015-02-05 17:01 - 2014-10-16 00:39 - 00001912 _____ () C:\Windows\epplauncher.mif 2015-02-05 09:54 - 2014-09-27 08:02 - 00000826 _____ () C:\Users\Nuclear\Desktop\Neues Textdokument.txt 2015-02-03 23:13 - 2014-08-03 18:42 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2015-02-03 22:28 - 2014-08-03 18:42 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2015-02-03 17:04 - 2014-08-03 18:43 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins 2015-02-03 11:52 - 2014-08-03 19:08 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\PunkBuster 2015-02-03 01:26 - 2014-08-02 23:30 - 00000000 ____D () C:\Program Files (x86)\Google 2015-02-03 01:25 - 2014-08-02 23:29 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\Deployment 2015-02-03 01:05 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-02-03 01:04 - 2014-08-03 18:42 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2015-02-03 01:04 - 2014-08-03 18:40 - 00141419 _____ () C:\Windows\DirectX.log 2015-02-02 16:30 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker 2015-02-02 14:57 - 2014-08-02 23:20 - 00001182 _____ () C:\Users\Nuclear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-02-02 11:24 - 2014-08-18 13:01 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\DAEMON Tools Lite 2015-02-02 11:24 - 2014-08-18 13:00 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite 2015-02-01 20:16 - 2014-08-03 23:15 - 00000000 ____D () C:\Windows\SysWOW64\directx 2015-01-27 12:01 - 2014-08-30 22:22 - 00000000 ____D () C:\ProgramData\Oracle 2015-01-27 12:00 - 2014-10-15 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-01-27 12:00 - 2014-10-15 13:01 - 00000000 ____D () C:\Program Files (x86)\Java 2015-01-27 11:59 - 2014-08-30 22:22 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2015-01-27 11:59 - 2014-08-30 22:22 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2015-01-27 11:59 - 2014-08-30 22:22 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2015-01-27 11:59 - 2014-08-30 22:22 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-01-27 02:46 - 2014-08-06 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\diclovit's mod pack 2015-01-15 17:31 - 2014-08-02 23:57 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-15 17:29 - 2014-08-02 23:57 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-15 17:26 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-14 22:34 - 2014-08-30 21:54 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\Akamai 2015-01-13 22:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-01-12 16:50 - 2014-08-02 23:29 - 00072912 _____ () C:\Users\Nuclear\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-12 16:50 - 2009-07-14 05:45 - 00331704 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-11 23:02 - 2014-08-17 23:25 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2015-01-08 22:58 - 2014-10-31 11:03 - 00000000 ____D () C:\Users\Nuclear\Desktop\Neuer Ordner 2015-01-07 21:45 - 2014-10-15 13:03 - 00000000 ____D () C:\Program Files\Google 2015-01-07 20:40 - 2014-10-15 13:03 - 00000000 ____D () C:\ProgramData\Google 2015-01-07 20:40 - 2014-08-02 23:30 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\Google ==================== Files in the root of some directories ======= 2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Nuclear\AppData\Roaming\NQNSLJLG Some content of TEMP: ==================== C:\Users\Nuclear\AppData\Local\Temp\Quarantine.exe C:\Users\Nuclear\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-03 02:38 ==================== End Of Log ============================ --- --- --- |
07.02.2015, 12:09 | #14 |
/// the machine /// TB-Ausbilder | Tabs öffnet sich automatisch bei google chrome Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Program Files (x86)\Optimizer Pro 3.38 C:\Users\Nuclear\AppData\Local\Temp\DMR\dmr_72.exe C:\Users\Nuclear\AppData\Roaming\NQNSLJLG C:\Users\Nuclear\Downloads\microsoft_excel.exe C:\Users\Nuclear\Downloads\Nicht bestätigt 428109.crdownload C:\Users\Nuclear\Downloads\Nicht bestätigt 70124.crdownload C:\Users\Nuclear\Downloads\Origin EA Download Manager - CHIP-Installer.exe C:\Users\Nuclear\Downloads\WinZip 64 Bit - CHIP-Installer.exe D:\Übersicht\Programme\MSI Afterburner - CHIP-Installer.exe D:\Übersicht\Spiele\Need For Speed Most Wanted PC DVD\NFSMWBE PC DVD.ISO D:\Übersicht\Spiele\Need For Speed Most Wanted PC DVD\NFSMWBE PC DVD\Crack\Daemon Tools v4\daemon400.exe D:\Übersicht\Spiele\NFS Rivals\nfs14.3dm.dll D:\Übersicht\Spiele\NFS Rivals\NFS14.exe HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [winengine] => C:\Users\Nuclear\AppData\Local\winengine\rkr0.exe [511416 2014-12-12] () HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [winengine2] => C:\Users\Nuclear\AppData\Local\winengine\rkr1.exe [511416 2014-12-12] () HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [ASRockOCTuner] => [X] C:\Users\Nuclear\AppData\Local\winengine S2 4ef60154; c:\Program Files (x86)\Optimizer Pro 3.38\OptProMon.dll [1633848 2015-02-01] () S2 SecurityUtility Service; C:\ProgramData\SecurityUtility\SecurityUtilitySrv.exe -p "Covus" -c "Covus_Coupons" -s "CCC9" -i "1984204" -g "" [X] 2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Nuclear\AppData\Roaming\NQNSLJLG Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
07.02.2015, 15:24 | #15 |
| Tabs öffnet sich automatisch bei google chromeCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-02-2015 Ran by Nuclear at 2015-02-07 15:16:06 Run:1 Running from C:\Users\Nuclear\Desktop Loaded Profiles: Nuclear (Available profiles: Nuclear) Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Program Files (x86)\Optimizer Pro 3.38 C:\Users\Nuclear\AppData\Local\Temp\DMR\dmr_72.exe C:\Users\Nuclear\AppData\Roaming\NQNSLJLG C:\Users\Nuclear\Downloads\microsoft_excel.exe C:\Users\Nuclear\Downloads\Nicht bestätigt 428109.crdownload C:\Users\Nuclear\Downloads\Nicht bestätigt 70124.crdownload C:\Users\Nuclear\Downloads\Origin EA Download Manager - CHIP-Installer.exe C:\Users\Nuclear\Downloads\WinZip 64 Bit - CHIP-Installer.exe D:\Übersicht\Programme\MSI Afterburner - CHIP-Installer.exe D:\Übersicht\Spiele\Need For Speed Most Wanted PC DVD\NFSMWBE PC DVD.ISO D:\Übersicht\Spiele\Need For Speed Most Wanted PC DVD\NFSMWBE PC DVD\Crack\Daemon Tools v4\daemon400.exe D:\Übersicht\Spiele\NFS Rivals\nfs14.3dm.dll D:\Übersicht\Spiele\NFS Rivals\NFS14.exe HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [winengine] => C:\Users\Nuclear\AppData\Local\winengine\rkr0.exe [511416 2014-12-12] () HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [winengine2] => C:\Users\Nuclear\AppData\Local\winengine\rkr1.exe [511416 2014-12-12] () HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [ASRockOCTuner] => [X] C:\Users\Nuclear\AppData\Local\winengine S2 4ef60154; c:\Program Files (x86)\Optimizer Pro 3.38\OptProMon.dll [1633848 2015-02-01] () S2 SecurityUtility Service; C:\ProgramData\SecurityUtility\SecurityUtilitySrv.exe -p "Covus" -c "Covus_Coupons" -s "CCC9" -i "1984204" -g "" [X] 2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Nuclear\AppData\Roaming\NQNSLJLG Emptytemp: ***************** C:\Program Files (x86)\Optimizer Pro 3.38 => Moved successfully. C:\Users\Nuclear\AppData\Local\Temp\DMR\dmr_72.exe => Moved successfully. C:\Users\Nuclear\AppData\Roaming\NQNSLJLG => Moved successfully. C:\Users\Nuclear\Downloads\microsoft_excel.exe => Moved successfully. C:\Users\Nuclear\Downloads\Nicht bestätigt 428109.crdownload => Moved successfully. C:\Users\Nuclear\Downloads\Nicht bestätigt 70124.crdownload => Moved successfully. C:\Users\Nuclear\Downloads\Origin EA Download Manager - CHIP-Installer.exe => Moved successfully. C:\Users\Nuclear\Downloads\WinZip 64 Bit - CHIP-Installer.exe => Moved successfully. D:\Übersicht\Programme\MSI Afterburner - CHIP-Installer.exe => Moved successfully. D:\Übersicht\Spiele\Need For Speed Most Wanted PC DVD\NFSMWBE PC DVD.ISO => Moved successfully. D:\Übersicht\Spiele\Need For Speed Most Wanted PC DVD\NFSMWBE PC DVD\Crack\Daemon Tools v4\daemon400.exe => Moved successfully. D:\Übersicht\Spiele\NFS Rivals\nfs14.3dm.dll => Moved successfully. D:\Übersicht\Spiele\NFS Rivals\NFS14.exe => Moved successfully. HKU\S-1-5-21-3236316847-1076086714-31016914-1000\Software\Microsoft\Windows\CurrentVersion\Run\\winengine => value deleted successfully. HKU\S-1-5-21-3236316847-1076086714-31016914-1000\Software\Microsoft\Windows\CurrentVersion\Run\\winengine2 => value deleted successfully. HKU\S-1-5-21-3236316847-1076086714-31016914-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockOCTuner => value deleted successfully. C:\Users\Nuclear\AppData\Local\winengine => Moved successfully. 4ef60154 => Service deleted successfully. SecurityUtility Service => Service deleted successfully. "C:\Users\Nuclear\AppData\Roaming\NQNSLJLG" => File/Directory not found. EmptyTemp: => Removed 833.5 MB temporary data. The system needed a reboot. ==== End of Fixlog 15:16:50 ==== FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015 Ran by Nuclear (administrator) on NUCLEAR-PC on 07-02-2015 15:22:34 Running from C:\Users\Nuclear\Desktop Loaded Profiles: Nuclear (Available profiles: Nuclear) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Electronic Arts) D:\Übersicht\Programme\Origin\Origin.exe (Akamai Technologies, Inc.) C:\Users\Nuclear\AppData\Local\Akamai\netsession_win.exe (BitTorrent Inc.) C:\Users\Nuclear\AppData\Roaming\uTorrent\uTorrent.exe (Akamai Technologies, Inc.) C:\Users\Nuclear\AppData\Local\Akamai\netsession_win.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (TeamSpeak Systems GmbH) D:\Übersicht\Programme\ts3client_win64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Farbar) C:\Users\Nuclear\Desktop\FRST64 (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation) HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [EADM] => D:\Übersicht\Programme\Origin\Origin.exe [3619160 2015-01-27] (Electronic Arts) HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Nuclear\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [uTorrent] => C:\Users\Nuclear\AppData\Roaming\uTorrent\uTorrent.exe [1736784 2015-02-01] (BitTorrent Inc.) HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [DAEMON Tools Lite] => D:\Übersicht\Programme\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3236316847-1076086714-31016914-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3236316847-1076086714-31016914-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-3236316847-1076086714-31016914-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Übersicht\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Übersicht\Programme\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-3236316847-1076086714-31016914-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Übersicht\Programme\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.ch/ CHR StartupUrls: Default -> "https://www.google.ch/?gws_rd=ssl" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-02] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-30] CHR Extension: (YouTube) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-02] CHR Extension: (Google-Suche) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-02] CHR Extension: (AdBlock) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-11] CHR Extension: (New Tab Page by Speed Dial Team) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgeoanibcknhniccgaoaiolihidecjn [2014-08-02] CHR Extension: (Google Wallet) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-02] CHR Extension: (Google Mail) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-02] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103424 2013-02-14] (Creative Technology Ltd) S3 Origin Client Service; D:\Übersicht\Programme\Origin\OriginClientService.exe [1910128 2015-01-27] (Electronic Arts) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-04] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-03] () R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 cthda; C:\Windows\System32\drivers\cthda.sys [1044760 2013-02-14] (Creative Technology Ltd) R3 cthdb; C:\Windows\System32\DRIVERS\cthdb.sys [28440 2013-02-14] (Creative Technology Ltd) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-18] (Disc Soft Ltd) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-06] (Malwarebytes Corporation) R3 SaiK0728; C:\Windows\System32\DRIVERS\SaiK0728.sys [129024 2008-01-21] (Saitek) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-07 15:22 - 2015-02-07 15:22 - 00013475 _____ () C:\Users\Nuclear\Desktop\FRST.txt 2015-02-07 15:16 - 2015-02-07 15:09 - 02131968 _____ (Farbar) C:\Users\Nuclear\Desktop\FRST64 (1).exe 2015-02-06 22:20 - 2015-02-06 22:20 - 00000743 _____ () C:\Users\Public\Desktop\The Evil Within.lnk 2015-02-06 22:20 - 2015-02-06 22:20 - 00000743 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Evil Within.lnk 2015-02-06 19:28 - 2015-02-06 19:28 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-02-06 18:24 - 2015-02-06 18:24 - 00000698 _____ () C:\Users\Public\Desktop\ASRock OC Tuner.lnk 2015-02-06 18:24 - 2015-02-06 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility 2015-02-06 18:21 - 2015-02-06 18:21 - 00000833 _____ () C:\Users\Nuclear\Desktop\MSI Afterburner.lnk 2015-02-06 13:11 - 2015-02-06 13:11 - 00000697 _____ () C:\Users\Nuclear\Desktop\JRT.txt 2015-02-06 13:03 - 2015-02-06 13:03 - 00001462 _____ () C:\Users\Nuclear\Desktop\mbam.txt 2015-02-05 17:07 - 2015-02-05 17:07 - 00023627 _____ () C:\ComboFix.txt 2015-02-05 17:01 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-02-05 17:01 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-02-05 17:01 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-02-05 17:01 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-02-05 17:01 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-02-05 17:01 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-02-05 17:01 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-02-05 17:01 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-02-05 16:59 - 2015-02-05 17:07 - 00000000 ____D () C:\Qoobox 2015-02-05 16:59 - 2015-02-05 17:06 - 00000000 ____D () C:\Windows\erdnt 2015-02-05 13:24 - 2015-02-05 13:24 - 00000000 ____D () C:\Users\Nuclear\Documents\BlackshotScreenshot 2015-02-03 11:50 - 2015-02-03 11:52 - 00000000 ____D () C:\Users\Nuclear\Documents\BFH Beta 2 2015-02-03 11:49 - 2015-02-03 11:49 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\ESN 2015-02-03 01:59 - 2015-02-07 15:22 - 00000000 ____D () C:\FRST 2015-02-03 01:26 - 2015-02-05 20:37 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-03 01:26 - 2015-02-03 01:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-02-03 01:25 - 2015-02-07 15:17 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-03 01:25 - 2015-02-07 14:35 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-03 01:25 - 2015-02-05 00:30 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-03 01:25 - 2015-02-05 00:30 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-03 01:05 - 2015-02-03 01:05 - 00000834 _____ () C:\Users\Public\Desktop\Battlefield Hardline Beta.lnk 2015-02-03 01:05 - 2015-02-03 01:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield Hardline Beta 2015-02-02 22:42 - 2015-02-02 22:42 - 01533584 _____ () C:\Users\Nuclear\Downloads\battlelog-web-plugins_2.6.2_157.exe 2015-02-02 17:02 - 2015-02-02 17:02 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\SKIDROW 2015-02-02 16:58 - 2015-02-02 16:58 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\Steam 2015-02-02 16:57 - 2015-02-02 16:57 - 00000000 ____D () C:\Program Files (x86)\The Evil Within 2015-02-02 16:50 - 2015-02-02 16:55 - 159477620 _____ () C:\Users\Nuclear\Downloads\The.Evil.Within.Update.1-CODEX.rar 2015-02-02 16:38 - 2015-02-02 16:38 - 00000866 _____ () C:\Users\Public\Desktop\NFS Rivals x86.lnk 2015-02-02 16:38 - 2015-02-02 16:38 - 00000842 _____ () C:\Users\Public\Desktop\NFS Rivals.lnk 2015-02-02 16:38 - 2015-02-02 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NFS Rivals 2015-02-02 16:28 - 2015-02-02 16:28 - 00001156 _____ () C:\Users\Nuclear\Downloads\9jcd2enskfu3 (1).dlc 2015-02-02 16:25 - 2015-02-02 16:25 - 31419822 _____ () C:\Users\Nuclear\Downloads\JDownloader.zip 2015-02-02 16:25 - 2015-02-02 16:25 - 00001156 _____ () C:\Users\Nuclear\Downloads\9jcd2enskfu3.dlc 2015-02-02 16:22 - 2015-02-06 12:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-02 16:19 - 2015-02-02 16:22 - 00000849 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-02 16:19 - 2015-02-02 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-02 16:19 - 2015-02-02 16:19 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-02 16:19 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-02 16:19 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-02 16:19 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-02-02 15:12 - 2015-02-02 16:29 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\12891 2015-02-02 15:02 - 2015-02-02 15:09 - 478256047 _____ () C:\Users\Nuclear\Downloads\NFS_Language_DE_EN_Patch.rar 2015-02-02 14:54 - 2015-02-02 14:54 - 00000000 ____D () C:\ProgramData\SecurityUtilityData 2015-02-02 14:54 - 2015-01-27 17:31 - 00344440 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll 2015-02-02 14:54 - 2015-01-27 17:31 - 00301168 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll 2015-02-02 14:52 - 2015-02-02 14:53 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\Opera Software 2015-02-02 14:52 - 2015-02-02 14:53 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\Opera Software 2015-02-02 14:06 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll 2015-02-02 12:07 - 2015-02-02 12:07 - 00000000 ____D () C:\Users\Nuclear\Documents\NFS Most Wanted 2015-02-02 11:38 - 2015-02-02 11:38 - 00000707 _____ () C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk 2015-02-02 11:37 - 2015-02-02 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES 2015-02-02 11:19 - 2015-02-02 12:02 - 04676570 _____ () C:\Users\Nuclear\Desktop\DIAG.LOG 2015-02-02 11:17 - 2015-02-02 11:17 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2015-02-01 21:06 - 2015-02-01 21:06 - 00023010 _____ () C:\Users\Nuclear\Downloads\[kickass.so]need.for.speed.most.wanted.torrent 2015-02-01 21:05 - 2015-02-01 21:05 - 00039930 _____ () C:\Users\Nuclear\Downloads\[kickass.so]need.for.speed.rivals.no.origin.crack.fix.anuj.torrent 2015-02-01 20:20 - 2015-02-01 20:20 - 00086134 _____ () C:\Users\Nuclear\Downloads\[kickass.so]the.evil.within.2014.reloaded.torrent 2015-02-01 17:13 - 2015-02-01 17:13 - 00032971 _____ () C:\Users\Nuclear\Downloads\[kickass.so]the.evil.within.update.1.2014.pc.repack.by.r.g.freedom.torrent 2015-02-01 16:37 - 2015-02-05 17:04 - 00000000 ____D () C:\Program Files (x86)\f07463c0-8a09-4ef2-b7bb-faea7d91eefb 2015-02-01 16:35 - 2015-02-02 16:30 - 00000000 ____D () C:\ProgramData\{bc9a1b3f-dfaa-dce7-bc9a-a1b3fdfa6cff} 2015-02-01 16:30 - 2015-02-01 16:30 - 00000815 _____ () C:\Users\Nuclear\Desktop\µTorrent.lnk 2015-02-01 16:30 - 2015-02-01 16:30 - 00000795 _____ () C:\Users\Nuclear\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2015-02-01 16:29 - 2015-02-07 15:17 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\uTorrent 2015-02-01 16:29 - 2015-02-01 16:29 - 01736784 _____ (BitTorrent Inc.) C:\Users\Nuclear\Downloads\uTorrent_3.4.2_Build_38397.exe 2015-01-29 12:42 - 2015-01-29 12:42 - 00000000 ____D () C:\Windows\rescache 2015-01-27 12:52 - 2015-01-27 12:52 - 10220477 _____ () C:\Users\Nuclear\Downloads\[0.9.5]WWIIHWA_TURRET_TRAVERSE_SOUND_v1.69.rar 2015-01-27 12:37 - 2015-01-27 12:39 - 179473579 _____ () C:\Users\Nuclear\Downloads\[0.9.5]WWIIHWA_Ambiente_v4.03_UNCUT_Addon.rar 2015-01-27 12:36 - 2015-01-27 12:39 - 179471096 _____ () C:\Users\Nuclear\Downloads\[0.9.5]WWIIHWA_Ambiente_v4.02_UNCUT_Addon.rar 2015-01-27 12:34 - 2015-01-27 12:34 - 06375513 _____ () C:\Users\Nuclear\Downloads\[0.9.1]WWIIHWA_Ingame_Voices_GERMAN.rar 2015-01-27 12:32 - 2015-01-27 12:32 - 01232054 _____ () C:\Users\Nuclear\Downloads\fontok_WOThoz.zip 2015-01-27 02:49 - 2015-01-27 02:59 - 338494938 _____ () C:\Users\Nuclear\Downloads\Gnomefather_s_Engines_0.583_for_Curse (1).zip 2015-01-27 02:44 - 2015-01-27 02:44 - 24075564 _____ (diclovit ) C:\Users\Nuclear\Downloads\dmp_9.5.2_setup.exe 2015-01-14 16:49 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 16:49 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 16:49 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 16:49 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 16:49 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 16:49 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 16:49 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 16:49 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 16:49 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-14 16:49 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 16:49 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 16:49 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 16:49 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-12 19:13 - 2015-01-12 19:13 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Nuclear\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-11 23:02 - 2015-01-11 23:02 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-01-11 23:02 - 2015-01-11 23:02 - 00000959 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk 2015-01-11 22:54 - 2015-01-11 22:54 - 07718224 _____ (TeamViewer GmbH) C:\Users\Nuclear\Downloads\TeamViewer_Setup_de.exe 2015-01-10 04:28 - 2015-01-10 04:28 - 24076445 _____ (diclovit ) C:\Users\Nuclear\Downloads\dmp_9.5.1_setup.exe 2015-01-10 04:18 - 2015-02-02 14:47 - 00000000 ____D () C:\ProgramData\WinZip 2015-01-10 04:11 - 2015-01-10 04:13 - 338494938 _____ () C:\Users\Nuclear\Downloads\Gnomefather_s_Engines_0.583_for_Curse.zip 2015-01-08 22:55 - 2015-02-06 13:06 - 00000000 ____D () C:\AdwCleaner 2015-01-08 22:54 - 2015-01-08 22:55 - 02191360 _____ () C:\Users\Nuclear\Downloads\adwcleaner_4.107.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-07 15:21 - 2014-08-02 23:20 - 01776031 _____ () C:\Windows\WindowsUpdate.log 2015-02-07 15:18 - 2014-10-31 10:36 - 00000000 ____D () C:\Program Files\KMSpico 2015-02-07 15:18 - 2014-08-03 00:02 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\TS3Client 2015-02-07 15:17 - 2014-08-03 00:17 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-02-07 15:17 - 2014-08-03 00:09 - 00214988 _____ () C:\Windows\PFRO.log 2015-02-07 15:17 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-07 15:17 - 2009-07-14 05:51 - 00048426 _____ () C:\Windows\setupact.log 2015-02-07 15:12 - 2014-10-15 13:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-07 11:52 - 2009-07-14 05:45 - 00023072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-07 11:52 - 2009-07-14 05:45 - 00023072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-07 11:50 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat 2015-02-07 11:50 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat 2015-02-07 11:50 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-07 11:45 - 2014-08-03 00:04 - 00000000 ____D () C:\ProgramData\Origin 2015-02-06 21:31 - 2014-08-03 18:42 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2015-02-06 18:21 - 2014-08-03 23:14 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner 2015-02-06 15:39 - 2014-10-26 22:14 - 00000000 ____D () C:\Users\Nuclear\Desktop\Bilder 2015-02-06 15:39 - 2014-10-10 20:21 - 00000000 ____D () C:\Users\Nuclear\Downloads\Gameforge Live 2015-02-05 20:12 - 2014-10-15 13:03 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-05 20:12 - 2014-10-15 13:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-05 20:12 - 2014-10-15 13:03 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-05 17:05 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-02-05 17:04 - 2014-10-09 21:56 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2015-02-05 17:01 - 2014-10-16 00:39 - 00001912 _____ () C:\Windows\epplauncher.mif 2015-02-05 09:54 - 2014-09-27 08:02 - 00000826 _____ () C:\Users\Nuclear\Desktop\Neues Textdokument.txt 2015-02-03 23:13 - 2014-08-03 18:42 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2015-02-03 17:04 - 2014-08-03 18:43 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins 2015-02-03 11:52 - 2014-08-03 19:08 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\PunkBuster 2015-02-03 01:26 - 2014-08-02 23:30 - 00000000 ____D () C:\Program Files (x86)\Google 2015-02-03 01:25 - 2014-08-02 23:29 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\Deployment 2015-02-03 01:05 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-02-03 01:04 - 2014-08-03 18:42 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2015-02-03 01:04 - 2014-08-03 18:40 - 00141419 _____ () C:\Windows\DirectX.log 2015-02-02 16:30 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker 2015-02-02 14:57 - 2014-08-02 23:20 - 00001182 _____ () C:\Users\Nuclear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-02-02 11:24 - 2014-08-18 13:01 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\DAEMON Tools Lite 2015-02-02 11:24 - 2014-08-18 13:00 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite 2015-02-01 20:16 - 2014-08-03 23:15 - 00000000 ____D () C:\Windows\SysWOW64\directx 2015-01-27 12:01 - 2014-08-30 22:22 - 00000000 ____D () C:\ProgramData\Oracle 2015-01-27 12:00 - 2014-10-15 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-01-27 12:00 - 2014-10-15 13:01 - 00000000 ____D () C:\Program Files (x86)\Java 2015-01-27 11:59 - 2014-08-30 22:22 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2015-01-27 11:59 - 2014-08-30 22:22 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2015-01-27 11:59 - 2014-08-30 22:22 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2015-01-27 11:59 - 2014-08-30 22:22 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-01-27 02:46 - 2014-08-06 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\diclovit's mod pack 2015-01-15 17:31 - 2014-08-02 23:57 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-15 17:29 - 2014-08-02 23:57 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-15 17:26 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-14 22:34 - 2014-08-30 21:54 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\Akamai 2015-01-13 22:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-01-12 16:50 - 2014-08-02 23:29 - 00072912 _____ () C:\Users\Nuclear\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-12 16:50 - 2009-07-14 05:45 - 00331704 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-11 23:02 - 2014-08-17 23:25 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2015-01-08 22:58 - 2014-10-31 11:03 - 00000000 ____D () C:\Users\Nuclear\Desktop\Neuer Ordner ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-03 02:38 ==================== End Of Log ============================ --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015 Ran by Nuclear at 2015-02-07 15:22:53 Running from C:\Users\Nuclear\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\uTorrent) (Version: 3.4.2.38397 - BitTorrent Inc.) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment) Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment) Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden Akamai NetSession Interface (HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Akamai) (Version: - Akamai Technologies, Inc) ASRock OC Tuner v2.4.9 (HKLM-x32\...\ASRock OC Tuner_is1) (Version: - ) AuraKingdom-DE (HKLM-x32\...\AuraKingdom-DE) (Version: - ) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts) Battlefield™ Hardline-Beta (HKLM-x32\...\{F5526D9D-13AD-4270-8707-AC921D168299}) (Version: 1.0.0.1 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB) BlackShot Á¦°Å (HKLM-x32\...\BlackShot) (Version: - ) Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive) diclovit's mod pack 9.5.2 (HKLM-x32\...\{28B1238E-1C18-4637-A2B7-95315E94EB29}_is1) (Version: 9.5.2 - diclovit) Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Hazard Ops (HKLM-x32\...\Steam App 319150) (Version: - Yingpei Games) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) KMSpico 3.1 (HKLM\...\KMSpico v3.1_is1) (Version: 3.1 - ) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) MSI Afterburner 4.1.0 (HKLM-x32\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD) Need for Speed™ Most Wanted (HKLM-x32\...\{ADE91A13-434D-4229-00BC-182BAD607303}) (Version: - ) NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation) NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 9.4.12.2807 - Electronic Arts, Inc.) PDF Editor 64bit 4 (HKLM\...\PDF Editor 64bit 4) (Version: - ) PDF24 Creator 6.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.311.0 - Tracker Software Products Ltd) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.) Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek) SecurityUtility (HKLM-x32\...\SecurityUtility) (Version: 1.0.0.1949 - ) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) TeamSpeak 3 Client (HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer) The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios) The Evil Within (HKLM-x32\...\VGhlRXZpbFdpdGhpbg==_is1) (Version: 1 - ) winengine (HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\winengine) (Version: 20.020 - Ad business Crown Solutions) WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3236316847-1076086714-31016914-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Nuclear\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3236316847-1076086714-31016914-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Nuclear\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3236316847-1076086714-31016914-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Nuclear\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3236316847-1076086714-31016914-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Nuclear\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3236316847-1076086714-31016914-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Nuclear\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2015-02-05 17:05 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {05561F5F-D953-423A-A22E-0570C77FF3E9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {0F5B36A1-1346-43D5-8F90-7F34D509341A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation) Task: {6DA12E27-336C-4C8A-859A-D8F43A80BC3E} - System32\Tasks\KMS Activation => C:\Program Files\KMSpico\RandomFile.exe [2013-02-20] () Task: {BD30258D-476C-4496-B872-E521A79E6900} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-03] (Google Inc.) Task: {BE15544F-8E8D-4CF4-A0BF-B3AA3AD3E9DC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated) Task: {D15399E8-3AD0-45DC-8C1F-21AF94E2F351} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-03] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-08-03 00:16 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-08-18 13:02 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-08-03 18:42 - 2015-02-03 01:04 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2014-02-28 10:14 - 2014-02-28 10:14 - 00173568 _____ () D:\Übersicht\Programme\quazip.dll 2014-02-27 15:51 - 2014-02-27 15:51 - 01080832 _____ () D:\Übersicht\Programme\platforms\qwindows.dll 2014-02-27 15:51 - 2014-02-27 15:51 - 00833024 _____ () D:\Übersicht\Programme\sqldrivers\qsqlite.dll 2014-02-27 15:51 - 2014-02-27 15:51 - 00233984 _____ () D:\Übersicht\Programme\imageformats\qjpeg.dll 2014-06-20 08:48 - 2014-08-06 19:47 - 00102344 _____ () D:\Übersicht\Programme\soundbackends\directsound_win64.dll 2014-06-20 08:49 - 2014-08-06 19:47 - 00108488 _____ () D:\Übersicht\Programme\soundbackends\windowsaudiosession_win64.dll 2014-02-27 15:51 - 2014-02-27 15:51 - 00030208 _____ () D:\Übersicht\Programme\imageformats\qgif.dll 2014-06-26 07:38 - 2014-08-06 19:47 - 00563656 _____ () D:\Übersicht\Programme\plugins\clientquery_plugin.dll 2014-07-14 09:22 - 2014-08-06 19:47 - 00579016 _____ () D:\Übersicht\Programme\plugins\teamspeak_control_plugin.dll 2014-02-27 15:51 - 2014-02-27 15:51 - 00159232 _____ () D:\Übersicht\Programme\accessible\qtaccessiblewidgets.dll 2014-08-03 00:06 - 2015-01-27 11:53 - 01007104 _____ () D:\Übersicht\Programme\Origin\platforms\qwindows.dll 2014-08-03 00:06 - 2015-01-27 11:53 - 00023552 _____ () D:\Übersicht\Programme\Origin\imageformats\qgif.dll 2014-08-03 00:06 - 2015-01-27 11:53 - 00024576 _____ () D:\Übersicht\Programme\Origin\imageformats\qico.dll 2014-08-03 00:06 - 2015-01-27 11:53 - 00216576 _____ () D:\Übersicht\Programme\Origin\imageformats\qjpeg.dll 2014-08-03 00:06 - 2015-01-27 11:53 - 00261120 _____ () D:\Übersicht\Programme\Origin\imageformats\qmng.dll 2014-08-03 00:06 - 2015-01-27 11:53 - 00019456 _____ () D:\Übersicht\Programme\Origin\imageformats\qtga.dll 2014-08-03 00:06 - 2015-01-27 11:53 - 00337408 _____ () D:\Übersicht\Programme\Origin\imageformats\qtiff.dll 2014-08-03 00:06 - 2015-01-27 11:53 - 00018944 _____ () D:\Übersicht\Programme\Origin\imageformats\qwbmp.dll 2015-02-05 20:37 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll 2015-02-05 20:37 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll 2015-02-05 20:37 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3236316847-1076086714-31016914-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nuclear\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Nuclear\AppData\Local\Akamai\netsession_win.exe" MSCONFIG\startupreg: DAEMON Tools Lite => "D:\Übersicht\Programme\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: PDFPrint => D:\Übersicht\Programme\PDF24\pdf24.exe ==================== Accounts: ============================= Administrator (S-1-5-21-3236316847-1076086714-31016914-500 - Administrator - Disabled) Gast (S-1-5-21-3236316847-1076086714-31016914-501 - Limited - Disabled) Nuclear (S-1-5-21-3236316847-1076086714-31016914-1000 - Administrator - Enabled) => C:\Users\Nuclear ==================== Faulty Device Manager Devices ============= Name: USB (Universal Serial Bus)-Controller Description: USB (Universal Serial Bus)-Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Marvell 91xx Config ATA Device Description: Marvell 91xx Config ATA Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: USB (Universal Serial Bus)-Controller Description: USB (Universal Serial Bus)-Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: USB (Universal Serial Bus)-Controller Description: USB (Universal Serial Bus)-Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (02/06/2015 10:47:18 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm EvilWithin.exe, Version 1.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: dd8 Startzeit: 01d042566c308051 Endzeit: 45 Anwendungspfad: D:\Übersicht\Spiele\rld-thevwi\The Evil Within\EvilWithin.exe Berichts-ID: aeabcbf1-ae49-11e4-b31d-0025226b1f74 Error: (02/06/2015 10:17:19 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (02/06/2015 08:34:49 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (02/06/2015 06:21:23 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (02/06/2015 06:21:23 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (02/06/2015 05:22:38 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (02/06/2015 05:22:38 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (02/06/2015 05:22:38 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (02/06/2015 05:22:38 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (02/06/2015 05:22:38 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". System errors: ============= Error: (02/07/2015 11:45:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SecurityUtility Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (02/06/2015 11:04:40 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (02/06/2015 08:15:08 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Microsoft Office Sessions: ========================= Error: (02/06/2015 10:47:18 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: EvilWithin.exe1.0.0.0dd801d042566c30805145D:\Übersicht\Spiele\rld-thevwi\The Evil Within\EvilWithin.exeaeabcbf1-ae49-11e4-b31d-0025226b1f74 Error: (02/06/2015 10:17:19 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Übersicht\Programme\esetsmartinstaller_deu.exe Error: (02/06/2015 08:34:49 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (02/06/2015 06:21:23 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"D:\Übersicht\Programme\MSI Afterburner\MSIAfterburner.exe Error: (02/06/2015 06:21:23 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"D:\Übersicht\Programme\MSI Afterburner\MSIAfterburner.exe Error: (02/06/2015 05:22:38 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\Übersicht\programme\rivatuner statistics server\RTSSHooksLoader64.exe Error: (02/06/2015 05:22:38 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\Übersicht\programme\rivatuner statistics server\RTSSHooksLoader.exe Error: (02/06/2015 05:22:38 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\Übersicht\programme\rivatuner statistics server\RTSS.exe Error: (02/06/2015 05:22:38 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\Übersicht\programme\rivatuner statistics server\EncoderServer64.exe Error: (02/06/2015 05:22:38 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\Übersicht\programme\rivatuner statistics server\EncoderServer.exe CodeIntegrity Errors: =================================== Date: 2015-02-05 17:04:53.725 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-02-05 17:04:53.688 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz Percentage of memory in use: 21% Total physical RAM: 12286.15 MB Available physical RAM: 9641.79 MB Total Pagefile: 24870.48 MB Available Pagefile: 22228.14 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:55.8 GB) (Free:10.12 GB) NTFS Drive d: () (Fixed) (Total:931.51 GB) (Free:651.88 GB) NTFS Drive g: (NFSMW) (CDROM) (Total:2.13 GB) (Free:0 GB) UDF Drive h: (BBQ) (Removable) (Total:1.86 GB) (Free:1.83 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 60275C42) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: A2450932) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=1.9 GB) - (Type=0C) ==================== End Of Log ============================ |