| |
| |||||||
Log-Analyse und Auswertung: Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-BefallWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
05.02.2015, 19:02
| #1 |
| |  Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall Hallo erstmal, Vor ein paar Tagen öffnete meine Frau, in meiner Abwesenheit, eine dieser "Mahn-Emails", worauf irgendwas den Rechner infizierte. Zu diesem Punkt hatte ich Avira Antivir installiert, welches aber erst bei einem Suchlaufs etwas fand. Leider wurde durch den Fund Avira geblockt und quittierte den Dienst. Also hatte ich Avira deinstalliert und Microsoft Security Essentials installiert. Suchlauf gestartet, mehrere Sachen gefunden. Leider kann ich ich die Log-Dateien nicht finden. Danach habe Malwarebytes Anti-Malware laufen lassen Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 28.01.2015 Suchlauf-Zeit: 15:18:06 Logdatei: mwb-log.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.01.28.06 Rootkit Datenbank: v2015.01.14.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Arty Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 336013 Verstrichene Zeit: 11 Min, 37 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 3 Trojan.Agent.ED, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\last_name, In Quarantäne, [675f877529608caacd03a36e986a6d93], Trojan.Downloader, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\file_type, In Quarantäne, [6d59b74511785fd71c7844bc7290659b], Trojan.Agent.ED, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\product_group, In Quarantäne, [933300fc20690333f6da848dab57b050], Registrierungswerte: 1 Trojan.Agent.STPD, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|cash_flow, C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\standard_account\slide.exe, In Quarantäne, [3f8742ba8207fd39a29356bd30d26d93] Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 5 Trojan.Agent.STPD, C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\standard_account\slide.exe, In Quarantäne, [3f8742ba8207fd39a29356bd30d26d93], Trojan.Agent.ED, C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\windows_installer\AUTHORITY_KEY_IDENTIFIER.EXE, In Quarantäne, [675f877529608caacd03a36e986a6d93], Trojan.Downloader, C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\windows_installer\account.exe, In Quarantäne, [6d59b74511785fd71c7844bc7290659b], Trojan.Agent.ED, C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\windows_installer\GLYPH_RUN.EXE, In Quarantäne, [933300fc20690333f6da848dab57b050], Trojan.Downloader, C:\Users\Arty\AppData\Local\Temp\{0000062D-3234-BE}, In Quarantäne, [9d2922da96f355e13460b848857db848], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Somit hoffe ich hier auf Hilfe FRST-Log Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by Arty (administrator) on ARTY-PC on 05-02-2015 17:27:28
Running from C:\Users\Arty\Desktop\Downloads
Loaded Profiles: Arty (Available profiles: Arty)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(AddGadgets) C:\Users\Arty\Desktop\PCMeterV4\PCMeterV0.4.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
() C:\Program Files (x86)\Razer\Copperhead\razertra.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Copperhead\razerofa.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543000 2014-03-04] (Realtek Semiconductor)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-02-21] (Intel Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [11877656 2014-09-16] (Logitech Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1047536 2014-04-08] (MSI)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Copperhead] => C:\Program Files (x86)\Razer\Copperhead\razerhid.exe [135168 2009-11-19] ()
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-01-30] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-768761217-1181827061-3865430075-1000\...\Run: [authenticator] => C:\ProgramData\Battle.net\Agent\Agent.3634\Logs\proxy\social.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-10-25] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Arty\AppData\Roaming\Mozilla\Firefox\Profiles\aftrhdfa.default-1414168415968
FF SelectedSearchEngine: Search
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Arty\AppData\Roaming\Mozilla\Firefox\Profiles\aftrhdfa.default-1414168415968\searchplugins\e498ac08-57ad-4b76-8919-d0470056cda3.xml
Chrome:
=======
CHR Profile: C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-08]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-01-08]
CHR Extension: (Google Docs) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-08]
CHR Extension: (Google Drive) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-08]
CHR Extension: (YouTube) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-08]
CHR Extension: (Google-Suche) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-08]
CHR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmofgaijnbjpblfljopnpdogpldapoc [2015-01-08]
CHR Extension: (CyberGhost VPN - Kostenloser Proxy) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcbnikgemihknccdjaihjnfbapinljpi [2015-01-08]
CHR Extension: (Google Tabellen) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-08]
CHR Extension: (Avira Browserschutz) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-08]
CHR Extension: (Counter Strike: Global Offensive - Theme) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmaihllcpbdicdhadfffflhopaijpif [2015-01-08]
CHR Extension: (Google Wallet) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-08]
CHR Extension: (Google Mail) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-08]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2014-12-23] (EasyAntiCheat Ltd)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-03] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-10] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-10] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 copperhd; C:\Windows\System32\drivers\copperhd.sys [14336 2009-11-10] (Razer (Asia-Pacific) Pte Ltd)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [23936 2014-02-03] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-02-03] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
S3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows (R) Win 7 DDK provider)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
R3 WinRing0_1_2_0; \??\C:\Users\Arty\AppData\Local\Temp\tmpD586.tmp [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-05 17:27 - 2015-02-05 17:27 - 00000000 _____ () C:\Users\Arty\defogger_reenable
2015-02-05 04:09 - 2015-02-05 17:27 - 00000000 ____D () C:\FRST
2015-02-03 13:06 - 2015-02-03 13:06 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.08
2015-02-03 13:06 - 2015-02-03 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.08
2015-02-03 13:06 - 2015-02-03 13:06 - 00000000 ____D () C:\Program Files (x86)\AP Tuner
2015-02-03 10:52 - 2015-02-03 10:52 - 00001990 _____ () C:\Users\Arty\Desktop\Entfernen des Avira EU-Cleaners.lnk
2015-02-03 10:52 - 2015-02-03 10:52 - 00001930 _____ () C:\Users\Arty\Desktop\Avira EU-Cleaner.lnk
2015-02-02 10:25 - 2015-02-02 10:25 - 00000000 ____D () C:\Users\Arty\Documents\Remedy
2015-02-02 09:28 - 2015-02-02 09:28 - 00005615 _____ () C:\Users\Arty\AppData\Local\recently-used.xbel
2015-01-31 20:25 - 2015-01-31 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-31 20:25 - 2015-01-31 20:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-31 20:25 - 2015-01-31 20:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-28 15:46 - 2015-02-03 10:48 - 00000000 ____D () C:\AdwCleaner
2015-01-27 06:50 - 2015-01-27 06:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-23 23:08 - 2015-01-23 23:52 - 00000000 ____D () C:\Users\Arty\AppData\Local\Warframe
2015-01-20 11:12 - 2015-01-20 11:12 - 00000000 ____D () C:\Users\Arty\AppData\Local\CAPCOM
2015-01-16 03:43 - 2015-01-16 03:45 - 00000000 ____D () C:\Program Files (x86)\MP3Gain
2015-01-16 03:43 - 2015-01-16 03:43 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
2015-01-16 03:43 - 2015-01-16 03:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
2015-01-16 03:41 - 2015-01-16 03:41 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2015-01-16 03:36 - 2015-01-16 07:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-13 03:55 - 2015-01-13 03:55 - 00001198 _____ () C:\Users\Arty\Desktop\Default.SSM
2015-01-12 09:16 - 2015-01-14 03:26 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Bother_fall
2015-01-09 17:15 - 2015-01-09 17:15 - 00002137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-01-09 17:15 - 2015-01-09 17:15 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-01-09 17:15 - 2015-01-09 17:15 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-01-09 17:15 - 2015-01-09 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-01-09 17:13 - 2015-01-09 17:14 - 00000000 ____D () C:\OETemp
2015-01-09 17:12 - 2015-01-09 17:12 - 00003124 _____ () C:\Windows\System32\Tasks\{44DE53B5-4ED3-4FDD-9369-00EAFC1F006F}
2015-01-09 14:27 - 2015-01-13 03:38 - 00000000 ___HD () C:\Users\Arty\AppData\Local\Angle-improve
2015-01-08 19:45 - 2015-01-09 17:10 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Buttontrade
2015-01-08 17:49 - 2014-12-31 12:14 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-08 14:11 - 2015-01-09 03:35 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Jpeq
2015-01-08 13:45 - 2015-01-08 13:45 - 00000000 ____D () C:\ProgramData\Battle.net
2015-01-08 13:40 - 2015-01-09 17:10 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Botherattempt
2015-01-08 09:30 - 2015-01-13 12:15 - 00000000 ____D () C:\ProgramData\mvyatvj
2015-01-08 09:13 - 2015-01-29 20:14 - 00000000 ____D () C:\Users\Arty\Desktop\rocksmith
2015-01-07 17:21 - 2015-01-07 17:21 - 00000013 _____ () C:\Users\Arty\AppData\Roaming\pref.ga
2015-01-07 17:16 - 2015-01-07 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiffex
2015-01-07 17:16 - 2015-01-07 17:16 - 00000000 ____D () C:\Program Files\VSTplugins
2015-01-07 17:16 - 2015-01-07 17:16 - 00000000 ____D () C:\Program Files\Audiffex
2015-01-07 17:12 - 2015-01-07 17:12 - 00000000 ____D () C:\Windows\system32\IO
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-05 17:27 - 2014-10-23 20:01 - 00000000 ____D () C:\Users\Arty
2015-02-05 17:26 - 2014-10-23 21:53 - 00000000 ____D () C:\Users\Arty\Desktop\Megui
2015-02-05 17:22 - 2014-10-24 17:02 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 17:12 - 2014-10-24 16:56 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-05 17:10 - 2009-07-14 05:45 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-05 17:10 - 2009-07-14 05:45 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 17:08 - 2014-12-12 12:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-05 15:38 - 2014-10-23 18:17 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Raptr
2015-02-05 15:30 - 2014-10-23 19:47 - 01051625 _____ () C:\Windows\WindowsUpdate.log
2015-02-05 14:12 - 2014-10-24 16:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-05 14:07 - 2014-10-24 16:56 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 14:07 - 2014-10-24 16:56 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 03:51 - 2014-10-23 22:02 - 00000000 ____D () C:\Program Files (x86)\SagaraS Scriptmaker
2015-02-05 03:40 - 2014-10-23 21:00 - 00048299 _____ () C:\Windows\SysWOW64\Gms.log
2015-02-05 03:38 - 2009-07-14 05:51 - 00113342 _____ () C:\Windows\setupact.log
2015-02-05 03:37 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-04 22:23 - 2014-10-23 21:43 - 00000000 ____D () C:\Users\Arty\AppData\Local\Battle.net
2015-02-04 01:10 - 2014-10-23 21:27 - 00000000 ____D () C:\ProgramData\Origin
2015-02-04 01:02 - 2014-10-23 21:11 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Skype
2015-02-03 22:30 - 2014-10-23 21:49 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-03 10:48 - 2014-10-23 20:54 - 00337238 _____ () C:\Windows\PFRO.log
2015-02-02 10:24 - 2014-10-23 18:21 - 00166978 _____ () C:\Windows\DirectX.log
2015-02-02 09:31 - 2014-10-24 08:33 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Audacity
2015-02-02 09:28 - 2014-10-26 13:36 - 00000000 ____D () C:\Users\Arty\AppData\Local\gtk-2.0
2015-02-02 09:28 - 2014-10-26 13:35 - 00000000 ____D () C:\Users\Arty\.gimp-2.8
2015-01-31 10:52 - 2014-10-23 18:17 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-01-31 07:08 - 2014-10-24 16:58 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-30 03:48 - 2009-07-14 18:58 - 00699446 _____ () C:\Windows\system32\perfh007.dat
2015-01-30 03:48 - 2009-07-14 18:58 - 00149586 _____ () C:\Windows\system32\perfc007.dat
2015-01-30 03:48 - 2009-07-14 06:13 - 01620740 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 15:48 - 2014-10-23 20:03 - 00001194 _____ () C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-27 09:30 - 2014-10-23 21:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-25 01:08 - 2014-12-12 12:02 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 01:08 - 2014-10-24 06:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 01:08 - 2014-10-24 06:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 16:36 - 2014-10-23 21:46 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-01-13 07:54 - 2014-10-24 06:09 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Adobe
2015-01-13 03:56 - 2014-10-23 22:03 - 00001169 _____ () C:\Users\Arty\Desktop\SagaraS Scriptmaker.lnk
2015-01-13 03:56 - 2014-10-23 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SagaraS Scriptmaker
2015-01-13 03:56 - 2014-10-23 21:32 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2015-01-10 15:07 - 2014-11-05 20:28 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\.minecraft
2015-01-10 06:32 - 2014-10-23 21:20 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-10 06:32 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-09 17:14 - 2014-10-23 20:49 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-09 17:07 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-01-09 16:51 - 2014-10-24 17:02 - 00001128 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-09 16:51 - 2014-10-24 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-01-09 16:51 - 2014-10-24 17:02 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-01-08 08:09 - 2014-10-23 21:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-08 08:09 - 2014-10-23 21:11 - 00000000 ____D () C:\ProgramData\Skype
==================== Files in the root of some directories =======
2014-10-23 22:00 - 2014-11-29 19:45 - 0000624 _____ () C:\Users\Arty\AppData\Roaming\All CPU MeterV3_Settings.ini
2014-10-23 21:23 - 2014-10-23 21:41 - 0000290 _____ () C:\Users\Arty\AppData\Roaming\GPU MeterV2_Settings.ini
2015-01-07 17:21 - 2015-01-07 17:21 - 0000013 _____ () C:\Users\Arty\AppData\Roaming\pref.ga
2015-02-02 09:28 - 2015-02-02 09:28 - 0005615 _____ () C:\Users\Arty\AppData\Local\recently-used.xbel
2014-11-10 19:26 - 2014-11-10 19:35 - 0007602 _____ () C:\Users\Arty\AppData\Local\Resmon.ResmonCfg
2014-10-23 20:52 - 2014-10-23 20:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\Arty\AppData\Local\Temp\AutoWifi.exe
C:\Users\Arty\AppData\Local\Temp\avgnt.exe
C:\Users\Arty\AppData\Local\Temp\devcon64.exe
C:\Users\Arty\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Arty\AppData\Local\Temp\Quarantine.exe
C:\Users\Arty\AppData\Local\Temp\SHSetup.exe
C:\Users\Arty\AppData\Local\Temp\sonarinst.exe
C:\Users\Arty\AppData\Local\Temp\sqlite3.dll
C:\Users\Arty\AppData\Local\Temp\sqlite3.exe
C:\Users\Arty\AppData\Local\Temp\tmp9DA5.exe
C:\Users\Arty\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!
nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!
LastRegBack: 2015-02-03 08:41
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01
Ran by Arty at 2015-02-05 04:11:38
Running from C:\Users\Arty\Desktop\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version: - The Fun Pimps)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alan Wake (HKLM-x32\...\Steam App 108710) (Version: - Remedy Entertainment)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Among the Sleep (HKLM-x32\...\Steam App 250620) (Version: - Krillbite Studio)
ampLion Free 64b 1.1.0 (HKLM\...\{C2953B54-6E35-4ed6-C589-48E7BBDA6575}_is1) (Version: - Audiffex)
AP Tuner 3.08 (HKLM-x32\...\AP Tuner 3.08) (Version: - )
Archeage (HKLM-x32\...\Glyph Archeage) (Version: - Trion Worlds, Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.4 - GPL Public release.)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Diablo III Public Test (HKLM-x32\...\Diablo III Public Test) (Version: - Blizzard Entertainment)
Dxtory version 2.0.126 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.126 - ExKode Co. Ltd.)
F.E.A.R. Online (HKLM-x32\...\Steam App 223650) (Version: - InPlay Interactive)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version: - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{9A37ADB3-3D8D-4EDF-8F6D-B8A66F18087B}) (Version: 5.0.10.2793 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LEGO - The Hobbit (HKLM-x32\...\Steam App 285160) (Version: - Traveller's Tales)
Logitech Gaming Software 8.56 (HKLM\...\Logitech Gaming Software) (Version: 8.56.109 - Logitech Inc.)
MagicYUV Lossless Video Codec version 1.0 (HKLM-x32\...\{90410593-E0EB-4F9B-B984-65BEA8F07B91}_is1) (Version: 1.0 - INNOMAGIC, Ltd.)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{1B46FA48-1BEA-4398-BF8A-0F606A9EA782}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Plus (HKLM\...\MX.{B50BBED4-5101-45A1-BA9D-93AEF3A638E3}) (Version: 14.0.0.159 - MAGIX Software GmbH)
MAGIX Video deluxe 2015 Plus (Version: 14.0.0.159 - MAGIX Software GmbH) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaInfo 0.7.71 (HKLM\...\MediaInfo) (Version: 0.7.71 - MediaArea.net)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MPC-HC 1.7.7 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.7 - MPC-HC Team)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.025 - MSI)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version: - Running With Scissors)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.3.0 - Electronic Arts)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Razer Copperhead (HKLM-x32\...\{28A946E1-E83B-4662-BC7C-23451851489E}) (Version: 6.10 - Razer USA Ltd.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7188 - Realtek Semiconductor Corp.)
Resident Evil / biohazard HD REMASTER (HKLM-x32\...\Steam App 304240) (Version: - CAPCOM Co., Ltd.)
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
Rocksmith 2014 (HKLM-x32\...\Steam App 221680) (Version: - Ubisoft - San Francisco)
Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios)
SagaraS Scriptmaker v5.6 (HKLM-x32\...\SagaraS Scriptmaker_is1) (Version: - )
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Forest (HKLM-x32\...\Steam App 242760) (Version: - Endnight Games Ltd)
Trove (HKLM-x32\...\Glyph Trove) (Version: - Trion Worlds, Inc.)
VGA Boost (HKLM-x32\...\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1) (Version: 1.0.0.7 - MSI)
Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-768761217-1181827061-3865430075-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-768761217-1181827061-3865430075-1000_Classes\CLSID\{5b55a44a-d008-49aa-9234-86fb7709bc0a}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
==================== Restore Points =========================
28-01-2015 15:43:41 Windows Update
01-02-2015 06:45:54 Windows Update
02-02-2015 10:23:38 DirectX wurde installiert
03-02-2015 12:36:43 Avira EU-Cleaner - 03.02.2015 12:36
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2144AF35-9A61-4236-868A-164DDB87472E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {2840841F-6082-40BA-B7AE-C003CAFF599D} - System32\Tasks\{44DE53B5-4ED3-4FDD-9369-00EAFC1F006F} => pcalua.exe -a "C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe" -c /REMOVE
Task: {32D56694-C619-4102-9B72-B207A3FEA265} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {7BB71679-3B53-4C39-ABEA-E42E567F6B67} - System32\Tasks\PCMeter\Startup => C:\Users\Arty\Desktop\PCMeterV4\PCMeterV0.4.exe [2014-10-23] (AddGadgets)
Task: {8878DC36-76C2-4F46-895F-9D4EA962A921} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {91E6A5E0-9426-436D-B859-221D8F5CA69F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {DA5AAAB9-BCFE-4F15-AFDD-DC68FA604A12} - System32\Tasks\{5E1338CB-AEDD-435A-87E5-1E5F3BD60E48} => pcalua.exe -a C:\Users\Arty\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=amt
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-02-21 08:47 - 2014-02-21 08:47 - 00209712 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2014-02-21 08:47 - 2014-02-21 08:47 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2014-02-21 08:47 - 2014-02-21 08:47 - 00037168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-02-21 08:47 - 2014-02-21 08:47 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTEncryptionCheck.dll
2014-11-10 17:50 - 2014-11-10 17:50 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-09-16 22:02 - 2014-09-16 22:02 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-09-16 22:02 - 2014-09-16 22:02 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-16 22:02 - 2014-09-16 22:02 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-09-16 22:02 - 2014-09-16 22:02 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-10-23 21:21 - 2014-10-23 21:21 - 00012520 _____ () C:\Users\Arty\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\CoreTempReader.dll
2014-10-23 21:21 - 2014-10-23 21:21 - 00015080 _____ () C:\Users\Arty\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\GetCoreTempInfoNET.dll
2014-10-23 21:21 - 2014-10-23 21:21 - 00014056 _____ () C:\Users\Arty\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\SystemInfo.dll
2014-10-27 09:22 - 2009-11-19 18:43 - 00135168 _____ () C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
2014-10-27 09:22 - 2009-11-16 13:25 - 00131072 _____ () C:\Program Files (x86)\Razer\Copperhead\razertra.exe
2014-08-28 08:19 - 2014-08-28 08:19 - 00034816 _____ () C:\Users\Arty\Desktop\Megui\tools\x264_10b\avs4x264mod.exe
2014-10-27 09:22 - 2005-08-17 13:23 - 00151552 _____ () C:\Program Files (x86)\Razer\Copperhead\download.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2014-08-14 01:37 - 2014-08-14 01:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2014-08-14 01:37 - 2014-08-14 01:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2013-11-21 01:05 - 2013-11-21 01:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-18 01:56 - 2014-06-18 01:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-23 00:06 - 2010-11-23 00:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2014-02-19 17:51 - 2014-02-19 17:51 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-01-31 07:08 - 2015-01-27 04:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-01-31 07:08 - 2015-01-27 04:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll
2015-01-31 07:08 - 2015-01-27 04:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll
2014-10-23 21:32 - 2013-04-14 11:00 - 00554496 _____ () C:\Program Files (x86)\Haali\MatroskaSplitter\splitter.ax
2014-10-23 21:32 - 2013-04-14 10:58 - 00080384 _____ () C:\Program Files (x86)\Haali\MatroskaSplitter\mkzlib.dll
2014-10-23 21:32 - 2013-04-14 10:58 - 00024576 _____ () C:\Program Files (x86)\Haali\MatroskaSplitter\mkunicode.dll
2013-01-06 14:47 - 2014-10-23 21:53 - 00082944 _____ () C:\Users\Arty\Desktop\Megui\MediaInfoWrapper.dll
2009-01-02 20:34 - 2014-10-23 21:53 - 00058368 _____ () C:\Users\Arty\Desktop\Megui\AvisynthWrapper.DLL
2014-10-23 22:03 - 2013-10-10 23:41 - 00233472 _____ () C:\Program Files (x86)\SagaraS Scriptmaker\Plugins\SplineResize.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Registry Areas =====================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-768761217-1181827061-3865430075-1000\Control Panel\Desktop\\Wallpaper ->
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: breakfast-phase => C:\Users\Arty\AppData\Local\Temp\Breakfast-job\breakfast-permit.exe
MSCONFIG\startupreg: zujlwuwh => C:\Users\Arty\AppData\Roaming\Xfithpyp\jbkwdqowuwh.exe
==================== Accounts: =============================
Administrator (S-1-5-21-768761217-1181827061-3865430075-500 - Administrator - Disabled)
Arty (S-1-5-21-768761217-1181827061-3865430075-1000 - Administrator - Enabled) => C:\Users\Arty
Gast (S-1-5-21-768761217-1181827061-3865430075-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/28/2015 03:29:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a144
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000043a0218
ID des fehlerhaften Prozesses: 0x784
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (01/26/2015 10:14:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 40.0.2214.91 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: a64
Startzeit: 01d039484f6853d2
Endzeit: 3
Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Berichts-ID: a9ed4658-a53b-11e4-bc65-448a5b9df6ae
Error: (01/24/2015 10:13:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 40.0.2214.91, Zeitstempel: 0x54bf0a96
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000212b3
ID des fehlerhaften Prozesses: 0x10b4
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3
Error: (01/22/2015 10:27:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Origin.exe, Version: 9.5.3.636, Zeitstempel: 0x54878687
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0008af3e
ID des fehlerhaften Prozesses: 0x2970
Startzeit der fehlerhaften Anwendung: 0xOrigin.exe0
Pfad der fehlerhaften Anwendung: Origin.exe1
Pfad des fehlerhaften Moduls: Origin.exe2
Berichtskennung: Origin.exe3
Error: (01/22/2015 10:26:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Origin.exe, Version: 9.5.3.636, Zeitstempel: 0x54878687
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0008af3e
ID des fehlerhaften Prozesses: 0x2ba8
Startzeit der fehlerhaften Anwendung: 0xOrigin.exe0
Pfad der fehlerhaften Anwendung: Origin.exe1
Pfad des fehlerhaften Moduls: Origin.exe2
Berichtskennung: Origin.exe3
Error: (01/22/2015 10:26:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Origin.exe, Version: 9.5.3.636, Zeitstempel: 0x54878687
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0008af3e
ID des fehlerhaften Prozesses: 0x2b10
Startzeit der fehlerhaften Anwendung: 0xOrigin.exe0
Pfad der fehlerhaften Anwendung: Origin.exe1
Pfad des fehlerhaften Moduls: Origin.exe2
Berichtskennung: Origin.exe3
Error: (01/22/2015 02:11:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 39.0.2171.99, Zeitstempel: 0x54aef409
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000212b3
ID des fehlerhaften Prozesses: 0x1f0c
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3
Error: (01/21/2015 06:49:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 39.0.2171.99 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: b7c
Startzeit: 01d035a24b9c38a9
Endzeit: 2
Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Berichts-ID: d7379cb4-a195-11e4-9eb4-448a5b9df6ae
Error: (01/18/2015 06:33:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a144
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000004120218
ID des fehlerhaften Prozesses: 0x76c
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (01/17/2015 09:36:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm thunderbird.exe, Version 31.4.0.5487 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 27d8
Startzeit: 01d03294e99b05ae
Endzeit: 13
Anwendungspfad: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
Berichts-ID: 714f5ce8-9e88-11e4-930f-448a5b9df6ae
System errors:
=============
Error: (02/05/2015 03:38:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (02/04/2015 10:25:07 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (02/04/2015 06:32:34 AM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (02/04/2015 06:32:34 AM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (02/04/2015 06:32:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (02/04/2015 01:10:46 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (02/03/2015 10:51:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (02/03/2015 06:03:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (02/03/2015 01:04:36 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (02/02/2015 06:37:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (01/28/2015 03:29:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175144ce7a144unknown0.0.0.000000000c000000500000000043a021878401d03aa20aef1eabC:\Windows\Explorer.EXEunknown6ebc53a5-a695-11e4-ac3d-448a5b9df6ae
Error: (01/26/2015 10:14:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe40.0.2214.91a6401d039484f6853d23C:\Program Files (x86)\Google\Chrome\Application\chrome.exea9ed4658-a53b-11e4-bc65-448a5b9df6ae
Error: (01/24/2015 10:13:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe40.0.2214.9154bf0a96KERNELBASE.dll6.1.7601.1840953159a86c0000005000212b310b401d037b60ab329e6C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\syswow64\KERNELBASE.dll48a020ff-a3a9-11e4-95ec-448a5b9df6ae
Error: (01/22/2015 10:27:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Origin.exe9.5.3.63654878687MSVCR100.dll10.0.40219.3254df2be1ec00004170008af3e297001d0368a35318474C:\Program Files (x86)\Origin\Origin.exeC:\Windows\system32\MSVCR100.dll7458b698-a27d-11e4-8678-448a5b9df6ae
Error: (01/22/2015 10:26:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Origin.exe9.5.3.63654878687MSVCR100.dll10.0.40219.3254df2be1ec00004170008af3e2ba801d0368a1d7741a3C:\Program Files (x86)\Origin\Origin.exeC:\Windows\system32\MSVCR100.dll5cac088a-a27d-11e4-8678-448a5b9df6ae
Error: (01/22/2015 10:26:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Origin.exe9.5.3.63654878687MSVCR100.dll10.0.40219.3254df2be1ec00004170008af3e2b1001d03689fe1b7417C:\Program Files (x86)\Origin\Origin.exeC:\Windows\system32\MSVCR100.dll48c30048-a27d-11e4-8678-448a5b9df6ae
Error: (01/22/2015 02:11:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.9954aef409KERNELBASE.dll6.1.7601.1840953159a86c0000005000212b31f0c01d03644efb2c80dC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\syswow64\KERNELBASE.dll2e19185e-a238-11e4-8678-448a5b9df6ae
Error: (01/21/2015 06:49:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe39.0.2171.99b7c01d035a24b9c38a92C:\Program Files (x86)\Google\Chrome\Application\chrome.exed7379cb4-a195-11e4-9eb4-448a5b9df6ae
Error: (01/18/2015 06:33:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175144ce7a144unknown0.0.0.000000000c0000005000000000412021876c01d032e025aeed43C:\Windows\Explorer.EXEunknown7bba6ed2-9ed3-11e4-973f-448a5b9df6ae
Error: (01/17/2015 09:36:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: thunderbird.exe31.4.0.548727d801d03294e99b05ae13C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe714f5ce8-9e88-11e4-930f-448a5b9df6ae
CodeIntegrity Errors:
===================================
Date: 2014-11-02 06:33:16.876
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-11-02 06:33:16.829
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-11-01 06:11:09.949
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-11-01 06:11:09.887
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-10-31 20:08:58.837
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-10-31 20:08:58.774
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-10-31 09:38:38.600
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-10-31 09:38:38.560
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Xeon(R) CPU E3-1231 v3 @ 3.40GHz
Percentage of memory in use: 48%
Total physical RAM: 8125.21 MB
Available physical RAM: 4224.78 MB
Total Pagefile: 16248.61 MB
Available Pagefile: 11675.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:372.51 GB) (Free:197.9 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Fixed) (Total:465.75 GB) (Free:192.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (Volume) (Fixed) (Total:1863.01 GB) (Free:1630.24 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 372.6 GB) (Disk ID: E025EFE9)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=372.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DE4CDE4C)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00916640)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-05 17:47:20
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDT725040VLAT80 rev.V5COA42A 372,61GB
Running: Gmer-19357.exe; Driver: C:\Users\Arty\AppData\Local\Temp\kxldrpob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 674 fffff800033b1092 4 bytes [00, 00, 00, 00]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 681 fffff800033b1099 9 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\PnkBstrA.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076181465 2 bytes [18, 76]
.text C:\Windows\system32\PnkBstrA.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761814bb 2 bytes [18, 76]
.text ... * 2
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!DispatchMessageW 000000007584787b 5 bytes JMP 0000000170a3a040
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!DispatchMessageA 0000000075847bbb 5 bytes JMP 0000000170a3a010
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075848a29 5 bytes JMP 0000000170a3aa20
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!SetWindowPos 0000000075848e4e 5 bytes JMP 0000000170a3a1a0
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!DestroyWindow 0000000075849a55 5 bytes JMP 0000000170a3a170
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007584d22e 5 bytes JMP 0000000170a3a8e0
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000758505ba 5 bytes JMP 0000000170a3a360
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000075850dfb 5 bytes JMP 0000000170a3a070
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075851341 5 bytes JMP 0000000170a3a440
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075851361 5 bytes JMP 0000000170a3a3e0
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!UpdateLayeredWindowIndirect 00000000758528da 5 bytes JMP 0000000170a3a860
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!SetCursor 00000000758541f6 5 bytes JMP 0000000170a39920
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075855f74 5 bytes JMP 0000000170a3a300
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!BringWindowToTop 0000000075857b3b 5 bytes JMP 0000000170a3a3c0
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!AnimateWindow 000000007585b531 5 bytes JMP 0000000170a3a210
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!UpdateLayeredWindow 000000007585ba4a 5 bytes JMP 0000000170a3a790
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!WindowFromPoint 000000007586ed12 5 bytes JMP 0000000170a39940
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!SetCapture 000000007586ed56 5 bytes JMP 0000000170a3a2e0
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 000000007586f170 5 bytes JMP 0000000170a3a2a0
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077055ea6 5 bytes JMP 0000000170a39970
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007705b895 5 bytes JMP 0000000170a39be0
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076181465 2 bytes [18, 76]
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000761814bb 2 bytes [18, 76]
.text ... * 2
---- Processes - GMER 2.1 ----
Library C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2DAC401B-95C5-479F-86CA-62DED1CF75DF}\offreg.dll (*** suspicious ***) @ C:\Program Files\Microsoft Security Client\MsMpEng.exe [1008](2015-02-05 16:20:03) 000007feebd90000
---- Registry - GMER 2.1 ----
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@ExcludeProfileDirs AppData\Local;AppData\LocalLow;$Recycle.Bin
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@BuildNumber 7601
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@FirstLogon 0
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@ParseAutoexec 1
---- EOF - GMER 2.1 ----
Ich bedanke mich schonmal |
| Themen zu Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall |
| cyberghost, defender, ebanking, entfernen, fehlercode 0xc0000005, fehlercode 0xc0000417, fehlercode windows, flash player, homepage, installmanager.exe, launch, programm, registry, security, services.exe, software, super, svchost.exe, trojan.agent.ed, trojan.agent.stpd, trojan.downloader |
Baum-Darstellung